[Freeipa-devel] [PATCH] remove auto-wildcard and list users

Kevin McCarthy kmccarth at redhat.com
Mon Aug 20 21:22:00 UTC 2007 

Kevin McCarthy wrote:
> Kevin McCarthy wrote:
> > 2 liner removes auto-wildcarding from the search.  It also removese the
> > 'list users' link.
> > 
> > Any suggestions on how to bullet-proof the search field?
> 
> sorry.  patch attached this time.

Additional patch to esacpe user input.  Also expands search to be by cn
and uid.

-Kevin
-------------- next part --------------
# HG changeset patch
# User Kevin McCarthy <kmccarth at redhat.com>
# Date 1187645003 25200
# Node ID d5039d3c50402f2b518b30abbc8c902b9c882464
# Parent  e5c15595b190e6bb53f3b81840154676f8edc7c4
Escape search input.  Search by uid and cn.

diff -r e5c15595b190 -r d5039d3c5040 ipa-server/ipa-gui/ipagui/controllers.py
--- a/ipa-server/ipa-gui/ipagui/controllers.py	Mon Aug 20 13:14:00 2007 -0700
+++ b/ipa-server/ipa-gui/ipagui/controllers.py	Mon Aug 20 14:23:23 2007 -0700
@@ -1,6 +1,7 @@ import random
 import random
 from pickle import dumps, loads
 from base64 import b64encode, b64decode
+import re
 
 import cherrypy
 import turbogears
@@ -36,6 +37,22 @@ def utf8_encode(value):
     if value != None:
         value = value.encode('utf-8')
     return value
+
+def ldap_search_escape(match):
+    """Escapes out nasty characters from the ldap search.
+       See RFC 2254."""
+    value = match.group()
+    if (len(value) != 1):
+        return u""
+
+    if value == u"(":
+        return u"\\28"
+    elif value == ")":
+        return u"\\29"
+    elif value == u"\\":
+        return u"\\5c"
+    else:
+        return value
 
 
 class Root(controllers.RootController):
@@ -141,7 +158,12 @@ class Root(controllers.RootController):
         users = None
         uid = kw.get('uid')
         if uid != None and len(uid) > 0:
-            users = client.find_users(uid)
+            try:
+                uid = re.sub(r'[\(\)\\]', ldap_search_escape, uid)
+                users = client.find_users(uid.encode('utf-8'))
+            except xmlrpclib.Fault, f:
+                turbogears.flash("User show failed: " + str(f.faultString))
+                raise turbogears.redirect("/userlist")
 
         return dict(users=users, fields=forms.user.UserFields())
 
diff -r e5c15595b190 -r d5039d3c5040 ipa-server/ipa-gui/ipagui/templates/userlist.kid
--- a/ipa-server/ipa-gui/ipagui/templates/userlist.kid	Mon Aug 20 13:14:00 2007 -0700
+++ b/ipa-server/ipa-gui/ipagui/templates/userlist.kid	Mon Aug 20 14:23:23 2007 -0700
@@ -8,7 +8,7 @@
 <body>
     <div id="search">
         <form action="${tg.url('/userlist')}" method="post">
-            Search by uid:
+            Search by login/name:
             <input type="text" name="uid" />
             <input type="submit" />
         </form>
diff -r e5c15595b190 -r d5039d3c5040 ipa-server/xmlrpc-server/funcs.py
--- a/ipa-server/xmlrpc-server/funcs.py	Mon Aug 20 13:14:00 2007 -0700
+++ b/ipa-server/xmlrpc-server/funcs.py	Mon Aug 20 14:23:23 2007 -0700
@@ -346,7 +346,7 @@ class IPAServer:
     
         # FIXME: Is this the filter we want or do we want to do searches of
         # cn as well? Or should the caller pass in the filter?
-        filter = "(uid=%s)" % criteria
+        filter = "(|(uid=%s)(cn=%s))" % (criteria, criteria)
         try:
             m1 = _LDAPPool.getConn(self.host,self.port,self.bindca,self.bindcert,self.bindkey,dn)
             results = m1.getList(self.basedn, self.scope, filter, sattrs)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2228 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20070820/ca1581fe/attachment.bin>

More information about the Freeipa-devel mailing list