IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Move ldap search filter escaping into the funcs.py layer.

Browse Source
This commit is contained in:
Kevin McCarthy 2007-08-21 14:26:36 -07:00
parent ac926646ea
commit a8f302aa9f
2 changed files with 26 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
ipa-server/ipa-gui/ipagui/controllers.py
View File

@ -1,7 +1,6 @@
import random import random
from pickle import dumps, loads from pickle import dumps, loads
from base64 import b64encode, b64decode from base64 import b64encode, b64decode
import re
import cherrypy import cherrypy
import turbogears import turbogears
@ -38,22 +37,6 @@ def utf8_encode(value):
value = value.encode('utf-8') value = value.encode('utf-8')
return value return value
def ldap_search_escape(match):
"""Escapes out nasty characters from the ldap search.
See RFC 2254."""
value = match.group()
if (len(value) != 1):
return u""
if value == u"(":
return u"\\28"
elif value == u")":
return u"\\29"
elif value == u"\\":
return u"\\5c"
else:
return value
class Root(controllers.RootController): class Root(controllers.RootController):
@ -159,7 +142,6 @@ class Root(controllers.RootController):
uid = kw.get('uid') uid = kw.get('uid')
if uid != None and len(uid) > 0: if uid != None and len(uid) > 0:
try: try:
uid = re.sub(r'[\(\)\\]', ldap_search_escape, uid)
users = client.find_users(uid.encode('utf-8')) users = client.find_users(uid.encode('utf-8'))
except xmlrpclib.Fault, f: except xmlrpclib.Fault, f:
turbogears.flash("User show failed: " + str(f.faultString)) turbogears.flash("User show failed: " + str(f.faultString))

27
ipa-server/xmlrpc-server/funcs.py
View File

@ -29,6 +29,7 @@ from types import *
import xmlrpclib import xmlrpclib
import ipa.config import ipa.config
import os import os
import re
# Need a global to store this between requests # Need a global to store this between requests
_LDAPPool = None _LDAPPool = None
@ -343,7 +344,14 @@ class IPAServer:
raise xmlrpclib.Fault(1, e) raise xmlrpclib.Fault(1, e)
except ipaserver.ipaldap.NoSuchEntryError: except ipaserver.ipaldap.NoSuchEntryError:
raise xmlrpclib.Fault(2, "No such user") raise xmlrpclib.Fault(2, "No such user")
# TODO: this escaper assumes the python-ldap library will error out
# on invalid codepoints. we need to check malformed utf-8 input
# where the second byte in a multi-byte character
# is (illegally) ')' and make sure python-ldap
# bombs out.
criteria = re.sub(r'[\(\)\\]', ldap_search_escape, criteria)
# FIXME: Is this the filter we want or do we want to do searches of # FIXME: Is this the filter we want or do we want to do searches of
# cn as well? Or should the caller pass in the filter? # cn as well? Or should the caller pass in the filter?
filter = "(|(uid=%s)(cn=%s))" % (criteria, criteria) filter = "(|(uid=%s)(cn=%s))" % (criteria, criteria)
@ -459,3 +467,20 @@ class IPAServer:
return res return res
except ldap.LDAPError, e: except ldap.LDAPError, e:
raise xmlrpclib.Fault(1, str(e)) raise xmlrpclib.Fault(1, str(e))
def ldap_search_escape(match):
"""Escapes out nasty characters from the ldap search.
See RFC 2254."""
value = match.group()
if (len(value) != 1):
return ""
if value == "(":
return "\\28"
elif value == ")":
return "\\29"
elif value == "\\":
return "\\5c"
else:
return value