diff options
author | Stephen Gallagher <sgallagh@redhat.com> | 2010-11-01 14:47:09 -0400 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-11-15 09:52:35 -0500 |
commit | adc4351a04cef89ced2dbb240180e5d00fd8dd3c (patch) | |
tree | 25729db0bcf5991226b996837bba95f3c8602893 | |
parent | f2838dcdc3587b685655781a576aff27a1719412 (diff) | |
download | sssd-adc4351a04cef89ced2dbb240180e5d00fd8dd3c.tar.gz sssd-adc4351a04cef89ced2dbb240180e5d00fd8dd3c.tar.bz2 sssd-adc4351a04cef89ced2dbb240180e5d00fd8dd3c.zip |
Sanitize search filters in memberOf plugin
-rw-r--r-- | Makefile.am | 4 | ||||
-rw-r--r-- | src/ldb_modules/memberof.c | 22 |
2 files changed, 23 insertions, 3 deletions
diff --git a/Makefile.am b/Makefile.am index c9fd0a16..102149a8 100644 --- a/Makefile.am +++ b/Makefile.am @@ -933,7 +933,9 @@ proxy_child_LDADD = \ $(SSSD_LIBS) memberof_la_SOURCES = \ - src/ldb_modules/memberof.c + $(SSSD_DEBUG_OBJ) \ + src/ldb_modules/memberof.c \ + src/util/util.c memberof_la_CFLAGS = \ $(AM_CFLAGS) memberof_la_LIBADD = $(LDB_LIBS) $(DHASH_LIBS) diff --git a/src/ldb_modules/memberof.c b/src/ldb_modules/memberof.c index 1e28593d..372aa544 100644 --- a/src/ldb_modules/memberof.c +++ b/src/ldb_modules/memberof.c @@ -1167,9 +1167,11 @@ static int memberof_del(struct ldb_module *module, struct ldb_request *req) struct ldb_request *search; char *expression; const char *dn; + char *clean_dn; struct mbof_del_ctx *del_ctx; struct mbof_ctx *ctx; int ret; + errno_t sret; if (ldb_dn_is_special(req->op.del.dn)) { /* do not manipulate our control entries */ @@ -1206,13 +1208,21 @@ static int memberof_del(struct ldb_module *module, struct ldb_request *req) talloc_free(ctx); return LDB_ERR_OPERATIONS_ERROR; } + + sret = sss_filter_sanitize(del_ctx, dn, &clean_dn); + if (sret != 0) { + talloc_free(ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + expression = talloc_asprintf(del_ctx, "(|(distinguishedName=%s)(%s=%s))", - dn, DB_MEMBER, dn); + clean_dn, DB_MEMBER, clean_dn); if (!expression) { talloc_free(ctx); return LDB_ERR_OPERATIONS_ERROR; } + talloc_zfree(clean_dn); ret = ldb_build_search_req(&search, ldb, del_ctx, NULL, LDB_SCOPE_SUBTREE, @@ -1586,6 +1596,7 @@ static int mbof_del_execute_op(struct mbof_del_operation *delop) struct ldb_request *search; char *expression; const char *dn; + char *clean_dn; static const char *attrs[] = { DB_OC, DB_NAME, DB_MEMBER, DB_MEMBEROF, NULL }; int ret; @@ -1599,12 +1610,19 @@ static int mbof_del_execute_op(struct mbof_del_operation *delop) if (!dn) { return LDB_ERR_OPERATIONS_ERROR; } + + ret = sss_filter_sanitize(del_ctx, dn, &clean_dn); + if (ret != 0) { + return LDB_ERR_OPERATIONS_ERROR; + } + expression = talloc_asprintf(del_ctx, "(|(distinguishedName=%s)(%s=%s))", - dn, DB_MEMBER, dn); + clean_dn, DB_MEMBER, clean_dn); if (!expression) { return LDB_ERR_OPERATIONS_ERROR; } + talloc_zfree(clean_dn); ret = ldb_build_search_req(&search, ldb, delop, NULL, LDB_SCOPE_SUBTREE, |