diff options
author | Stephen Gallagher <sgallagh@redhat.com> | 2010-10-28 20:28:59 -0400 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-11-15 09:52:35 -0500 |
commit | 0940074366b91dc4005a2b531a99231d1efdeadf (patch) | |
tree | 816038b0e16d3aa5f61a01f32ec1cbde39f3abf1 | |
parent | c80f0e2c8aecbaa069f316f7083556374e3b969d (diff) | |
download | sssd-0940074366b91dc4005a2b531a99231d1efdeadf.tar.gz sssd-0940074366b91dc4005a2b531a99231d1efdeadf.tar.bz2 sssd-0940074366b91dc4005a2b531a99231d1efdeadf.zip |
Sanitize sysdb search filters in the IPA provider
-rw-r--r-- | src/providers/ipa/ipa_access.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c index 979959fb..47e98cf9 100644 --- a/src/providers/ipa/ipa_access.c +++ b/src/providers/ipa/ipa_access.c @@ -735,6 +735,7 @@ static struct tevent_req *hbac_get_host_info_send(TALLOC_CTX *memctx, struct tevent_req *subreq = NULL; struct hbac_get_host_info_state *state; struct sdap_handle *sdap_handle; + char *host; int ret; int i; @@ -763,14 +764,20 @@ static struct tevent_req *hbac_get_host_info_send(TALLOC_CTX *memctx, goto fail; } for (i = 0; hostnames[i] != NULL; i++) { + ret = sss_filter_sanitize(state->host_filter, hostnames[i], &host); + if (ret != EOK) { + goto fail; + } + state->host_filter = talloc_asprintf_append(state->host_filter, "(&(objectclass=ipaHost)" "(|(fqdn=%s)(serverhostname=%s)))", - hostnames[i], hostnames[i]); + host, host); if (state->host_filter == NULL) { ret = ENOMEM; goto fail; } + talloc_zfree(host); } state->host_filter = talloc_asprintf_append(state->host_filter, ")"); if (state->host_filter == NULL) { @@ -1028,6 +1035,7 @@ static struct tevent_req *hbac_get_rules_send(TALLOC_CTX *memctx, struct tevent_req *subreq = NULL; struct hbac_get_rules_state *state; struct sdap_handle *sdap_handle; + char *host_dn_clean; int ret; int i; @@ -1084,16 +1092,23 @@ static struct tevent_req *hbac_get_rules_send(TALLOC_CTX *memctx, state->hbac_attrs[16] = SYSDB_ORIG_DN; state->hbac_attrs[17] = NULL; + ret = sss_filter_sanitize(state, host_dn, &host_dn_clean); + if (ret != EOK) { + goto fail; + } + state->hbac_filter = talloc_asprintf(state, "(&(objectclass=ipaHBACRule)" "(%s=%s)(|(%s=%s)(%s=%s)", IPA_ENABLED_FLAG, IPA_TRUE_VALUE, IPA_HOST_CATEGORY, "all", - IPA_MEMBER_HOST, host_dn); + IPA_MEMBER_HOST, host_dn_clean); if (state->hbac_filter == NULL) { ret = ENOMEM; goto fail; } + talloc_zfree(host_dn_clean); + for (i = 0; memberof[i] != NULL; i++) { state->hbac_filter = talloc_asprintf_append(state->hbac_filter, "(%s=%s)", |