[Freeipa-devel] [PATCH] 21 Escape LDAP characters in member and memberof searches
JR Aquino
JR.Aquino at citrix.com
Wed Mar 30 20:22:24 UTC 2011
On Mar 30, 2011, at 1:01 PM, Stephen Gallagher wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 03/30/2011 03:53 PM, JR Aquino wrote:
>>
>> On Mar 30, 2011, at 12:05 PM, JR Aquino wrote:
>>
>>> The FreeIPA framework performs unescaped searches to enumerate group membership.
>>>
>>> The following patch corrects this behavior.
>>>
>>> -JR
>>>
>>> <freeipa-jraquino-0021-Escape-LDAP-characters-in-member-and-memberof-search.patch>_______________________________________________
>>> Freeipa-devel mailing list
>>> Freeipa-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>
>> Self NACK
>>
>> Attached is the corrected patch.
>>
>> search_group_dn = _ldap_filter.escape_filter_chars(search_group_dn)
>>
>> Is now correctly changed to:
>>
>> search_group_dn = _ldap_filter.escape_filter_chars(group_dn)
>>
>
> Nack. This is a step in the right direction, but you're not actually
> using this value anywhere.
>
> I think you wanted to have the next line changed to:
>
> searchfilter = "(memberof=%s)" % search_group_dn
>
> - --
> Stephen Gallagher
> RHCE 804006346421761
Oh! You are right.
Attached is the corrected patch.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jraquino-0021-Escape-LDAP-characters-in-member-and-memberof-search.patch
Type: application/octet-stream
Size: 1257 bytes
Desc: freeipa-jraquino-0021-Escape-LDAP-characters-in-member-and-memberof-search.patch
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110330/0cc4f2bd/attachment.obj>
More information about the Freeipa-devel
mailing list