IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix get_trusted_domain_object_from_sid()

Browse Source 
DomainValidator.get_trusted_domain_object_from_sid() was using
escape_filter_chars() with bytes. The function only works with text.
This caused idview to fail under some circumstances. Reimplement
backslash hex quoting for bytes.

Fixes: https://pagure.io/freeipa/issue/7958
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Christian Heimes
2019-12-11 11:33:13 +01:00
parent d5dad53e70
commit c30a0c2268
1 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
ipaserver/dcerpc.py
View File

@@ -63,7 +63,6 @@ import pysss
import six import six
from ipaplatform.paths import paths from ipaplatform.paths import paths
from ldap.filter import escape_filter_chars
from time import sleep from time import sleep
try: try:
@@ -491,9 +490,9 @@ class DomainValidator:
# If unsuccessful, search AD DC LDAP # If unsuccessful, search AD DC LDAP
logger.debug("Searching AD DC LDAP") logger.debug("Searching AD DC LDAP")
escaped_sid = escape_filter_chars( # escape_filter_chars(sid_bytes, 2) but for bytes
security.dom_sid(sid).__ndr_pack__(), escaped_sid = "".join(
2 # 2 means every character needs to be escaped "\\%02x" % b for b in ndr_pack(security.dom_sid(sid))
) )
attrs = ['sAMAccountName'] attrs = ['sAMAccountName']