[Freeipa-devel] [PATCH] misc escaping issues
Kevin McCarthy
kmccarth at redhat.com
Fri Oct 5 22:28:27 UTC 2007
This patch adds dn escaping when entries are created.
e.g. cn=Bob"s Group
Also adds the null char to safe_filter.
Lastly fixes a double escaping issues with dynamicedit.js
-Kevin
-------------- next part --------------
# HG changeset patch
# User Kevin McCarthy <kmccarth at redhat.com>
# Date 1191623158 25200
# Node ID 85a9d3f6c031f7f318b4d8b8e507e38829c9df1c
# Parent 37e1c1e03c98e2e03f198c6c300587c4369c867e
Several escaping fixes:
- illegal dn characters need to be escaped
- null characters in search filters
- dynamicedit.js was double html escaping (the python layer does it already)
diff -r 37e1c1e03c98 -r 85a9d3f6c031 ipa-server/ipa-gui/ipagui/static/javascript/dynamicedit.js
--- a/ipa-server/ipa-gui/ipagui/static/javascript/dynamicedit.js Fri Oct 05 13:59:35 2007 -0700
+++ b/ipa-server/ipa-gui/ipagui/static/javascript/dynamicedit.js Fri Oct 05 15:25:58 2007 -0700
@@ -71,12 +71,12 @@ function renderMemberInfo(newdiv, info)
function renderMemberInfo(newdiv, info) {
if (info.type == "user") {
newdiv.appendChild(document.createTextNode(
- info.name.escapeHTML() + " " + info.descr.escapeHTML() + " "));
+ info.name + " " + info.descr + " "));
} else if (info.type == "group") {
ital = document.createElement('i');
ital.appendChild(document.createTextNode(
- info.name.escapeHTML() + " " +
- info.descr.escapeHTML() + " "));
+ info.name + " " +
+ info.descr + " "));
newdiv.appendChild(ital);
}
}
diff -r 37e1c1e03c98 -r 85a9d3f6c031 ipa-server/xmlrpc-server/funcs.py
--- a/ipa-server/xmlrpc-server/funcs.py Fri Oct 05 13:59:35 2007 -0700
+++ b/ipa-server/xmlrpc-server/funcs.py Fri Oct 05 15:25:58 2007 -0700
@@ -22,6 +22,7 @@ sys.path.append("/usr/share/ipa")
import krbV
import ldap
+import ldap.dn
import ipaserver.dsinstance
import ipaserver.ipaldap
import ipa.ipautil
@@ -347,7 +348,8 @@ class IPAServer:
if self.__is_user_unique(user['uid'], opts) == 0:
raise ipaerror.gen_exception(ipaerror.LDAP_DUPLICATE)
- dn="uid=%s,%s,%s" % (user['uid'], user_container,self.basedn)
+ dn="uid=%s,%s,%s" % (ldap.dn.escape_dn_chars(user['uid']),
+ user_container,self.basedn)
entry = ipaserver.ipaldap.Entry(dn)
# FIXME: This should be dynamic and can include just about anything
@@ -650,7 +652,8 @@ class IPAServer:
if self.__is_group_unique(group['cn'], opts) == 0:
raise ipaerror.gen_exception(ipaerror.LDAP_DUPLICATE)
- dn="cn=%s,%s,%s" % (group['cn'], group_container,self.basedn)
+ dn="cn=%s,%s,%s" % (ldap.dn.escape_dn_chars(group['cn']),
+ group_container,self.basedn)
entry = ipaserver.ipaldap.Entry(dn)
# some required objectclasses
@@ -1017,5 +1020,7 @@ def ldap_search_escape(match):
elif value == "*":
# drop '*' from input. search performs its own wildcarding
return ""
+ elif value =='\x00':
+ return r'\00'
else:
return value
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4054 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20071005/46069de5/attachment.bin>
More information about the Freeipa-devel
mailing list