|
 |
2fc102 |
From bd24c6f485ac1421053167eabd6e5e963829403b Mon Sep 17 00:00:00 2001
|
|
|
2fc102 |
From: Lukas Slebodnik <lslebodn@redhat.com>
|
|
|
2fc102 |
Date: Mon, 25 Nov 2013 13:43:30 +0100
|
|
|
2fc102 |
Subject: [PATCH 8/9] SYSDB: Sanitize filter before sysdb_search_groups
|
|
|
2fc102 |
|
|
|
2fc102 |
sysdb_delete_user fails with EIO if user does not exist and contains
|
|
|
2fc102 |
backslashes.
|
|
|
2fc102 |
ldb could not parse filter (&(objectclass=group)(ghost=usr\\\\001)),
|
|
|
2fc102 |
because ghost value was not sanitized
|
|
|
2fc102 |
|
|
|
2fc102 |
Resolves:
|
|
|
2fc102 |
https://fedorahosted.org/sssd/ticket/2163
|
|
|
2fc102 |
---
|
|
|
2fc102 |
src/db/sysdb_ops.c | 9 ++++++++-
|
|
|
2fc102 |
src/tests/sysdb-tests.c | 5 +++++
|
|
|
2fc102 |
2 files changed, 13 insertions(+), 1 deletion(-)
|
|
|
2fc102 |
|
|
|
2fc102 |
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
|
|
|
2fc102 |
index 094c27b7f478e0a53a3b6666c727e86eb36a249e..eb88cd256d0c2e45e1528e8a867e42354215cc7f 100644
|
|
|
2fc102 |
--- a/src/db/sysdb_ops.c
|
|
|
2fc102 |
+++ b/src/db/sysdb_ops.c
|
|
|
2fc102 |
@@ -2539,6 +2539,7 @@ int sysdb_delete_user(struct sysdb_ctx *sysdb,
|
|
|
2fc102 |
struct ldb_message *msg;
|
|
|
2fc102 |
int ret;
|
|
|
2fc102 |
int i;
|
|
|
2fc102 |
+ char *sanitized_name;
|
|
|
2fc102 |
|
|
|
2fc102 |
tmp_ctx = talloc_new(NULL);
|
|
|
2fc102 |
if (!tmp_ctx) {
|
|
|
2fc102 |
@@ -2578,7 +2579,13 @@ int sysdb_delete_user(struct sysdb_ctx *sysdb,
|
|
|
2fc102 |
}
|
|
|
2fc102 |
} else if (ret == ENOENT && name != NULL) {
|
|
|
2fc102 |
/* Perhaps a ghost user? */
|
|
|
2fc102 |
- filter = talloc_asprintf(tmp_ctx, "(%s=%s)", SYSDB_GHOST, name);
|
|
|
2fc102 |
+ ret = sss_filter_sanitize(tmp_ctx, name, &sanitized_name);
|
|
|
2fc102 |
+ if (ret != EOK) {
|
|
|
2fc102 |
+ goto fail;
|
|
|
2fc102 |
+ }
|
|
|
2fc102 |
+
|
|
|
2fc102 |
+ filter = talloc_asprintf(tmp_ctx, "(%s=%s)",
|
|
|
2fc102 |
+ SYSDB_GHOST, sanitized_name);
|
|
|
2fc102 |
if (filter == NULL) {
|
|
|
2fc102 |
ret = ENOMEM;
|
|
|
2fc102 |
goto fail;
|
|
|
2fc102 |
diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c
|
|
|
2fc102 |
index 1c28526e06df012b8749e1540e70a27948c17ab2..bf964fd76d33bbceac6c1846db7a5011db1375f5 100644
|
|
|
2fc102 |
--- a/src/tests/sysdb-tests.c
|
|
|
2fc102 |
+++ b/src/tests/sysdb-tests.c
|
|
|
2fc102 |
@@ -3998,6 +3998,11 @@ START_TEST(test_odd_characters)
|
|
|
2fc102 |
fail_unless(ret == EOK, "sysdb_delete_user error [%d][%s]",
|
|
|
2fc102 |
ret, strerror(ret));
|
|
|
2fc102 |
|
|
|
2fc102 |
+ /* Delete non existing User */
|
|
|
2fc102 |
+ ret = sysdb_delete_user(test_ctx->sysdb, test_ctx->domain,
|
|
|
2fc102 |
+ odd_username, 10000);
|
|
|
2fc102 |
+ fail_unless(ret == ENOENT, "sysdb_delete_user error [%d][%s]",
|
|
|
2fc102 |
+ ret, strerror(ret));
|
|
|
2fc102 |
|
|
|
2fc102 |
/* Delete Group */
|
|
|
2fc102 |
ret = sysdb_delete_group(test_ctx->sysdb, test_ctx->domain,
|
|
|
2fc102 |
--
|
|
|
2fc102 |
1.8.4.2
|
|
|
2fc102 |
|