[Freeipa-devel] [PATCH] 21 Escape LDAP characters in member and memberof searches
Stephen Gallagher
sgallagh at redhat.com
Wed Mar 30 20:01:52 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/30/2011 03:53 PM, JR Aquino wrote:
>
> On Mar 30, 2011, at 12:05 PM, JR Aquino wrote:
>
>> The FreeIPA framework performs unescaped searches to enumerate group membership.
>>
>> The following patch corrects this behavior.
>>
>> -JR
>>
>> <freeipa-jraquino-0021-Escape-LDAP-characters-in-member-and-memberof-search.patch>_______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
> Self NACK
>
> Attached is the corrected patch.
>
> search_group_dn = _ldap_filter.escape_filter_chars(search_group_dn)
>
> Is now correctly changed to:
>
> search_group_dn = _ldap_filter.escape_filter_chars(group_dn)
>
Nack. This is a step in the right direction, but you're not actually
using this value anywhere.
I think you wanted to have the next line changed to:
searchfilter = "(memberof=%s)" % search_group_dn
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk2TjDAACgkQeiVVYja6o6NQIQCfc4x3PqTqwyqNNHcJXTwPrFYo
/tEAnR1uEjPYPdqKVU/duw9UG0aZD7hL
=nLiN
-----END PGP SIGNATURE-----
More information about the Freeipa-devel
mailing list