summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2011-07-28 17:14:28 +1000
committerAndrew Tridgell <tridge@samba.org>2011-07-29 18:17:44 +1000
commit03f92508ef2ebb4e7790f612e3f833382c691051 (patch)
tree74c7d7cf500e7861547c620035c68f4c80128a72 /source4
parent8dda0ef57fa908c94c14d2521ded883ceb253b2f (diff)
downloadsamba-03f92508ef2ebb4e7790f612e3f833382c691051.tar.gz
samba-03f92508ef2ebb4e7790f612e3f833382c691051.tar.bz2
samba-03f92508ef2ebb4e7790f612e3f833382c691051.zip
samba-tool: use ldb.binary_encode() on search expression elements
this allows us to deal with search elements containing characters that must be escaped in LDAP Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Diffstat (limited to 'source4')
-rw-r--r--source4/scripting/python/samba/join.py4
-rw-r--r--source4/scripting/python/samba/netcmd/delegation.py10
-rw-r--r--source4/scripting/python/samba/netcmd/domain.py2
-rw-r--r--source4/scripting/python/samba/netcmd/drs.py5
-rw-r--r--source4/scripting/python/samba/netcmd/gpo.py6
-rw-r--r--source4/scripting/python/samba/netcmd/rodc.py2
-rw-r--r--source4/scripting/python/samba/netcmd/spn.py8
-rw-r--r--source4/scripting/python/samba/netcmd/user.py4
-rw-r--r--source4/scripting/python/samba/samdb.py10
9 files changed, 27 insertions, 24 deletions
diff --git a/source4/scripting/python/samba/join.py b/source4/scripting/python/samba/join.py
index b586e2cd5b..4495b527b9 100644
--- a/source4/scripting/python/samba/join.py
+++ b/source4/scripting/python/samba/join.py
@@ -147,7 +147,7 @@ class dc_join(object):
# find the krbtgt link
print("checking samaccountname")
res = ctx.samdb.search(base=ctx.samdb.get_default_basedn(),
- expression='samAccountName=%s' % ctx.samname,
+ expression='samAccountName=%s' % ldb.binary_encode(ctx.samname),
attrs=["msDS-krbTgtLink"])
if res:
ctx.del_noerror(res[0].dn, recursive=True)
@@ -408,7 +408,7 @@ class dc_join(object):
ctx.samdb.modify(m)
print "Setting account password for %s" % ctx.samname
- ctx.samdb.setpassword("(&(objectClass=user)(sAMAccountName=%s))" % ctx.samname,
+ ctx.samdb.setpassword("(&(objectClass=user)(sAMAccountName=%s))" % ldb.binary_encode(ctx.samname),
ctx.acct_pass,
force_change_at_next_login=False,
username=ctx.samname)
diff --git a/source4/scripting/python/samba/netcmd/delegation.py b/source4/scripting/python/samba/netcmd/delegation.py
index 1980203f9d..9aa8287785 100644
--- a/source4/scripting/python/samba/netcmd/delegation.py
+++ b/source4/scripting/python/samba/netcmd/delegation.py
@@ -72,7 +72,7 @@ class cmd_delegation_show(Command):
# to the correct domain
(cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
print "Searching for: %s" % (cleanedaccount)
- res = sam.search(expression="sAMAccountName=%s" % cleanedaccount,
+ res = sam.search(expression="sAMAccountName=%s" % ldb.binary_encode(cleanedaccount),
scope=ldb.SCOPE_SUBTREE,
attrs=["userAccountControl", "msDS-AllowedToDelegateTo"])
if len(res) != 1:
@@ -122,7 +122,7 @@ class cmd_delegation_for_any_service(Command):
# to the correct domain
(cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
- search_filter = "sAMAccountName=%s" % cleanedaccount
+ search_filter = "sAMAccountName=%s" % ldb.binary_encode(cleanedaccount)
flag = dsdb.UF_TRUSTED_FOR_DELEGATION
try:
sam.toggle_userAccountFlags(search_filter, flag, on=on, strict=True)
@@ -154,7 +154,7 @@ class cmd_delegation_for_any_protocol(Command):
# to the correct domain
(cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
- search_filter = "sAMAccountName=%s" % cleanedaccount
+ search_filter = "sAMAccountName=%s" % ldb.binary_encode(cleanedaccount)
flag = dsdb.UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
try:
sam.toggle_userAccountFlags(search_filter, flag, on=on, strict=True)
@@ -178,7 +178,7 @@ class cmd_delegation_add_service(Command):
# to the correct domain
(cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
- res = sam.search(expression="sAMAccountName=%s" % cleanedaccount,
+ res = sam.search(expression="sAMAccountName=%s" % ldb.binary_encode(cleanedaccount),
scope=ldb.SCOPE_SUBTREE,
attrs=["msDS-AllowedToDelegateTo"])
if len(res) != 1:
@@ -211,7 +211,7 @@ class cmd_delegation_del_service(Command):
# to the correct domain
(cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
- res = sam.search(expression="sAMAccountName=%s" % cleanedaccount,
+ res = sam.search(expression="sAMAccountName=%s" % ldb.binary_encode(cleanedaccount),
scope=ldb.SCOPE_SUBTREE,
attrs=["msDS-AllowedToDelegateTo"])
if len(res) != 1:
diff --git a/source4/scripting/python/samba/netcmd/domain.py b/source4/scripting/python/samba/netcmd/domain.py
index 8dffbd2b56..50b5d80395 100644
--- a/source4/scripting/python/samba/netcmd/domain.py
+++ b/source4/scripting/python/samba/netcmd/domain.py
@@ -317,7 +317,7 @@ class cmd_domain_machinepassword(Command):
secretsdb = Ldb(url=url, session_info=system_session(),
credentials=creds, lp=lp)
result = secretsdb.search(attrs=["secret"],
- expression="(&(objectclass=primaryDomain)(samaccountname=%s))" % secret)
+ expression="(&(objectclass=primaryDomain)(samaccountname=%s))" % ldb.binary_encode(secret))
if len(result) != 1:
raise CommandError("search returned %d records, expected 1" % len(result))
diff --git a/source4/scripting/python/samba/netcmd/drs.py b/source4/scripting/python/samba/netcmd/drs.py
index f9b55f47b5..e9cd540603 100644
--- a/source4/scripting/python/samba/netcmd/drs.py
+++ b/source4/scripting/python/samba/netcmd/drs.py
@@ -287,8 +287,9 @@ class cmd_drs_replicate(Command):
# we need to find the NTDS GUID of the source DC
msg = self.samdb.search(base=self.samdb.get_config_basedn(),
- expression="(&(objectCategory=server)(|(name=%s)(dNSHostName=%s)))" % (SOURCE_DC,
- SOURCE_DC),
+ expression="(&(objectCategory=server)(|(name=%s)(dNSHostName=%s)))" % (
+ ldb.binary_encode(SOURCE_DC),
+ ldb.binary_encode(SOURCE_DC)),
attrs=[])
if len(msg) == 0:
raise CommandError("Failed to find source DC %s" % SOURCE_DC)
diff --git a/source4/scripting/python/samba/netcmd/gpo.py b/source4/scripting/python/samba/netcmd/gpo.py
index 72c157d00a..e59b79dbc0 100644
--- a/source4/scripting/python/samba/netcmd/gpo.py
+++ b/source4/scripting/python/samba/netcmd/gpo.py
@@ -131,10 +131,10 @@ def get_gpo_info(samdb, gpo=None, displayname=None, dn=None):
search_scope = ldb.SCOPE_ONELEVEL
if gpo is not None:
- search_expr = "(&(objectClass=groupPolicyContainer)(name=%s))" % gpo
+ search_expr = "(&(objectClass=groupPolicyContainer)(name=%s))" % ldb.binary_encode(gpo)
if displayname is not None:
- search_expr = "(&(objectClass=groupPolicyContainer)(displayname=%s))" % displayname
+ search_expr = "(&(objectClass=groupPolicyContainer)(displayname=%s))" % ldb.binary_encode(displayname)
if dn is not None:
base_dn = dn
@@ -253,7 +253,7 @@ class cmd_list(Command):
try:
msg = self.samdb.search(expression='(&(|(samAccountName=%s)(samAccountName=%s$))(objectClass=User))' %
- (username,username))
+ (ldb.binary_encode(username),ldb.binary_encode(username)))
user_dn = msg[0].dn
except Exception, e:
raise CommandError("Failed to find account %s" % username, e)
diff --git a/source4/scripting/python/samba/netcmd/rodc.py b/source4/scripting/python/samba/netcmd/rodc.py
index 411221e24f..75c326f950 100644
--- a/source4/scripting/python/samba/netcmd/rodc.py
+++ b/source4/scripting/python/samba/netcmd/rodc.py
@@ -52,7 +52,7 @@ class cmd_rodc_preload(Command):
expression="objectclass=user",
scope=ldb.SCOPE_BASE, attrs=[])
else:
- res = samdb.search(expression="(&(samAccountName=%s)(objectclass=user))" % account,
+ res = samdb.search(expression="(&(samAccountName=%s)(objectclass=user))" % ldb.binary_encode(account),
scope=ldb.SCOPE_SUBTREE, attrs=[])
if len(res) != 1:
raise Exception("Failed to find account '%s'" % account)
diff --git a/source4/scripting/python/samba/netcmd/spn.py b/source4/scripting/python/samba/netcmd/spn.py
index e81cdce4f3..672f1401e9 100644
--- a/source4/scripting/python/samba/netcmd/spn.py
+++ b/source4/scripting/python/samba/netcmd/spn.py
@@ -69,7 +69,7 @@ class cmd_spn_list(Command):
# to the correct domain
(cleaneduser, realm, domain) = _get_user_realm_domain(user)
print cleaneduser
- res = sam.search(expression="samaccountname=%s" % cleaneduser,
+ res = sam.search(expression="samaccountname=%s" % ldb.binary_encode(cleaneduser),
scope=ldb.SCOPE_SUBTREE,
attrs=["servicePrincipalName"])
if len(res) >0:
@@ -102,7 +102,7 @@ class cmd_spn_add(Command):
paths = provision.provision_paths_from_lp(lp, lp.get("realm"))
sam = SamDB(paths.samdb, session_info=system_session(),
credentials=creds, lp=lp)
- res = sam.search(expression="servicePrincipalName=%s" % name,
+ res = sam.search(expression="servicePrincipalName=%s" % ldb.binary_encode(name),
scope=ldb.SCOPE_SUBTREE,
)
if len(res) != 0 and not force:
@@ -110,7 +110,7 @@ class cmd_spn_add(Command):
" affected to another user" % name)
(cleaneduser, realm, domain) = _get_user_realm_domain(user)
- res = sam.search(expression="samaccountname=%s" % cleaneduser,
+ res = sam.search(expression="samaccountname=%s" % ldb.binary_encode(cleaneduser),
scope=ldb.SCOPE_SUBTREE,
attrs=["servicePrincipalName"])
if len(res) >0:
@@ -151,7 +151,7 @@ class cmd_spn_delete(Command):
paths = provision.provision_paths_from_lp(lp, lp.get("realm"))
sam = SamDB(paths.samdb, session_info=system_session(),
credentials=creds, lp=lp)
- res = sam.search(expression="servicePrincipalName=%s" % name,
+ res = sam.search(expression="servicePrincipalName=%s" % ldb.binary_encode(name),
scope=ldb.SCOPE_SUBTREE,
attrs=["servicePrincipalName", "samAccountName"])
if len(res) >0:
diff --git a/source4/scripting/python/samba/netcmd/user.py b/source4/scripting/python/samba/netcmd/user.py
index e92276b093..88d93e3bea 100644
--- a/source4/scripting/python/samba/netcmd/user.py
+++ b/source4/scripting/python/samba/netcmd/user.py
@@ -142,7 +142,7 @@ class cmd_user_enable(Command):
raise CommandError("Either the username or '--filter' must be specified!")
if filter is None:
- filter = "(&(objectClass=user)(sAMAccountName=%s))" % (username)
+ filter = "(&(objectClass=user)(sAMAccountName=%s))" % (ldb.binary_encode(username))
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp, fallback_machine=True)
@@ -178,7 +178,7 @@ class cmd_user_setexpiry(Command):
raise CommandError("Either the username or '--filter' must be specified!")
if filter is None:
- filter = "(&(objectClass=user)(sAMAccountName=%s))" % (username)
+ filter = "(&(objectClass=user)(sAMAccountName=%s))" % (ldb.binary_encode(username))
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py
index a7ed1d2c39..6f3953540a 100644
--- a/source4/scripting/python/samba/samdb.py
+++ b/source4/scripting/python/samba/samdb.py
@@ -189,7 +189,7 @@ pwdLastSet: 0
:param groupname: Name of the target group
"""
- groupfilter = "(&(sAMAccountName=%s)(objectCategory=%s,%s))" % (groupname, "CN=Group,CN=Schema,CN=Configuration", self.domain_dn())
+ groupfilter = "(&(sAMAccountName=%s)(objectCategory=%s,%s))" % (ldb.binary_encode(groupname), "CN=Group,CN=Schema,CN=Configuration", self.domain_dn())
self.transaction_start()
try:
targetgroup = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
@@ -214,7 +214,8 @@ pwdLastSet: 0
operation
"""
- groupfilter = "(&(sAMAccountName=%s)(objectCategory=%s,%s))" % (groupname, "CN=Group,CN=Schema,CN=Configuration", self.domain_dn())
+ groupfilter = "(&(sAMAccountName=%s)(objectCategory=%s,%s))" % (
+ ldb.binary_encode(groupname), "CN=Group,CN=Schema,CN=Configuration", self.domain_dn())
groupmembers = listofmembers.split(',')
self.transaction_start()
@@ -234,7 +235,8 @@ changetype: modify
for member in groupmembers:
targetmember = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
- expression="(|(sAMAccountName=%s)(CN=%s))" % (member, member), attrs=[])
+ expression="(|(sAMAccountName=%s)(CN=%s))" % (
+ ldb.binary_encode(member), ldb.binary_encode(member)), attrs=[])
if len(targetmember) != 1:
continue
@@ -378,7 +380,7 @@ member: %s
# Sets the password for it
if setpassword:
- self.setpassword("(samAccountName=%s)" % username, password,
+ self.setpassword("(samAccountName=%s)" % ldb.binary_encode(username), password,
force_password_change_at_next_login_req)
except Exception:
self.transaction_cancel()