[Freeipa-devel] [PATCH] remove auto-wildcard and list users
Kevin McCarthy
kmccarth at redhat.com
Mon Aug 20 21:22:00 UTC 2007
Kevin McCarthy wrote:
> Kevin McCarthy wrote:
> > 2 liner removes auto-wildcarding from the search. It also removese the
> > 'list users' link.
> >
> > Any suggestions on how to bullet-proof the search field?
>
> sorry. patch attached this time.
Additional patch to esacpe user input. Also expands search to be by cn
and uid.
-Kevin
-------------- next part --------------
# HG changeset patch
# User Kevin McCarthy <kmccarth at redhat.com>
# Date 1187645003 25200
# Node ID d5039d3c50402f2b518b30abbc8c902b9c882464
# Parent e5c15595b190e6bb53f3b81840154676f8edc7c4
Escape search input. Search by uid and cn.
diff -r e5c15595b190 -r d5039d3c5040 ipa-server/ipa-gui/ipagui/controllers.py
--- a/ipa-server/ipa-gui/ipagui/controllers.py Mon Aug 20 13:14:00 2007 -0700
+++ b/ipa-server/ipa-gui/ipagui/controllers.py Mon Aug 20 14:23:23 2007 -0700
@@ -1,6 +1,7 @@ import random
import random
from pickle import dumps, loads
from base64 import b64encode, b64decode
+import re
import cherrypy
import turbogears
@@ -36,6 +37,22 @@ def utf8_encode(value):
if value != None:
value = value.encode('utf-8')
return value
+
+def ldap_search_escape(match):
+ """Escapes out nasty characters from the ldap search.
+ See RFC 2254."""
+ value = match.group()
+ if (len(value) != 1):
+ return u""
+
+ if value == u"(":
+ return u"\\28"
+ elif value == ")":
+ return u"\\29"
+ elif value == u"\\":
+ return u"\\5c"
+ else:
+ return value
class Root(controllers.RootController):
@@ -141,7 +158,12 @@ class Root(controllers.RootController):
users = None
uid = kw.get('uid')
if uid != None and len(uid) > 0:
- users = client.find_users(uid)
+ try:
+ uid = re.sub(r'[\(\)\\]', ldap_search_escape, uid)
+ users = client.find_users(uid.encode('utf-8'))
+ except xmlrpclib.Fault, f:
+ turbogears.flash("User show failed: " + str(f.faultString))
+ raise turbogears.redirect("/userlist")
return dict(users=users, fields=forms.user.UserFields())
diff -r e5c15595b190 -r d5039d3c5040 ipa-server/ipa-gui/ipagui/templates/userlist.kid
--- a/ipa-server/ipa-gui/ipagui/templates/userlist.kid Mon Aug 20 13:14:00 2007 -0700
+++ b/ipa-server/ipa-gui/ipagui/templates/userlist.kid Mon Aug 20 14:23:23 2007 -0700
@@ -8,7 +8,7 @@
<body>
<div id="search">
<form action="${tg.url('/userlist')}" method="post">
- Search by uid:
+ Search by login/name:
<input type="text" name="uid" />
<input type="submit" />
</form>
diff -r e5c15595b190 -r d5039d3c5040 ipa-server/xmlrpc-server/funcs.py
--- a/ipa-server/xmlrpc-server/funcs.py Mon Aug 20 13:14:00 2007 -0700
+++ b/ipa-server/xmlrpc-server/funcs.py Mon Aug 20 14:23:23 2007 -0700
@@ -346,7 +346,7 @@ class IPAServer:
# FIXME: Is this the filter we want or do we want to do searches of
# cn as well? Or should the caller pass in the filter?
- filter = "(uid=%s)" % criteria
+ filter = "(|(uid=%s)(cn=%s))" % (criteria, criteria)
try:
m1 = _LDAPPool.getConn(self.host,self.port,self.bindca,self.bindcert,self.bindkey,dn)
results = m1.getList(self.basedn, self.scope, filter, sattrs)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2228 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20070820/ca1581fe/attachment.bin>
More information about the Freeipa-devel
mailing list