[Freeipa-devel] [PATCH] 0034 Limit permission and selfservice names
Rob Crittenden
rcritten at redhat.com
Mon Apr 9 13:55:54 UTC 2012
Petr Viktorin wrote:
> https://fedorahosted.org/freeipa/ticket/2585: ipa permission-add throws
> internal server error when name contains '<', '>' or other special
> characters.
>
> The problem is, of course, proper escaping; not only in DNs but also in
> ACIs. Right now we don't really do either.
>
> This patch is just a simple workaround: disallow anything except
> known-good characters. It's just names, so no functionality is lost.
>
> All tickets for April are now taken, so unless a new one comes my way,
> I'll take a dive into the code and fix it properly. This could take some
> time and would mean somewhat larger changes.
Is there a reason you didn't use pattern/pattern_errmsg instead?
You'd need to change the regex as patterns use re.match rather than
re.search.
rob
More information about the Freeipa-devel
mailing list