summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2010-10-28 20:28:59 -0400
committerStephen Gallagher <sgallagh@redhat.com>2010-11-15 09:52:35 -0500
commit0940074366b91dc4005a2b531a99231d1efdeadf (patch)
tree816038b0e16d3aa5f61a01f32ec1cbde39f3abf1
parentc80f0e2c8aecbaa069f316f7083556374e3b969d (diff)
downloadsssd-0940074366b91dc4005a2b531a99231d1efdeadf.tar.gz
sssd-0940074366b91dc4005a2b531a99231d1efdeadf.tar.bz2
sssd-0940074366b91dc4005a2b531a99231d1efdeadf.zip
Sanitize sysdb search filters in the IPA provider
-rw-r--r--src/providers/ipa/ipa_access.c19
1 files changed, 17 insertions, 2 deletions
diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c
index 979959fb..47e98cf9 100644
--- a/src/providers/ipa/ipa_access.c
+++ b/src/providers/ipa/ipa_access.c
@@ -735,6 +735,7 @@ static struct tevent_req *hbac_get_host_info_send(TALLOC_CTX *memctx,
struct tevent_req *subreq = NULL;
struct hbac_get_host_info_state *state;
struct sdap_handle *sdap_handle;
+ char *host;
int ret;
int i;
@@ -763,14 +764,20 @@ static struct tevent_req *hbac_get_host_info_send(TALLOC_CTX *memctx,
goto fail;
}
for (i = 0; hostnames[i] != NULL; i++) {
+ ret = sss_filter_sanitize(state->host_filter, hostnames[i], &host);
+ if (ret != EOK) {
+ goto fail;
+ }
+
state->host_filter = talloc_asprintf_append(state->host_filter,
"(&(objectclass=ipaHost)"
"(|(fqdn=%s)(serverhostname=%s)))",
- hostnames[i], hostnames[i]);
+ host, host);
if (state->host_filter == NULL) {
ret = ENOMEM;
goto fail;
}
+ talloc_zfree(host);
}
state->host_filter = talloc_asprintf_append(state->host_filter, ")");
if (state->host_filter == NULL) {
@@ -1028,6 +1035,7 @@ static struct tevent_req *hbac_get_rules_send(TALLOC_CTX *memctx,
struct tevent_req *subreq = NULL;
struct hbac_get_rules_state *state;
struct sdap_handle *sdap_handle;
+ char *host_dn_clean;
int ret;
int i;
@@ -1084,16 +1092,23 @@ static struct tevent_req *hbac_get_rules_send(TALLOC_CTX *memctx,
state->hbac_attrs[16] = SYSDB_ORIG_DN;
state->hbac_attrs[17] = NULL;
+ ret = sss_filter_sanitize(state, host_dn, &host_dn_clean);
+ if (ret != EOK) {
+ goto fail;
+ }
+
state->hbac_filter = talloc_asprintf(state,
"(&(objectclass=ipaHBACRule)"
"(%s=%s)(|(%s=%s)(%s=%s)",
IPA_ENABLED_FLAG, IPA_TRUE_VALUE,
IPA_HOST_CATEGORY, "all",
- IPA_MEMBER_HOST, host_dn);
+ IPA_MEMBER_HOST, host_dn_clean);
if (state->hbac_filter == NULL) {
ret = ENOMEM;
goto fail;
}
+ talloc_zfree(host_dn_clean);
+
for (i = 0; memberof[i] != NULL; i++) {
state->hbac_filter = talloc_asprintf_append(state->hbac_filter,
"(%s=%s)",