-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/30/2011 03:53 PM, JR Aquino wrote: > > On Mar 30, 2011, at 12:05 PM, JR Aquino wrote: > >> The FreeIPA framework performs unescaped searches to enumerate group >> membership. >> >> The following patch corrects this behavior. >> >> -JR >> >> <freeipa-jraquino-0021-Escape-LDAP-characters-in-member-and-memberof-search.patch>_______________________________________________ >> Freeipa-devel mailing list >> Freeipa-devel@redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-devel > > Self NACK > > Attached is the corrected patch. > > search_group_dn = _ldap_filter.escape_filter_chars(search_group_dn) > > Is now correctly changed to: > > search_group_dn = _ldap_filter.escape_filter_chars(group_dn) >
Nack. This is a step in the right direction, but you're not actually using this value anywhere. I think you wanted to have the next line changed to: searchfilter = "(memberof=%s)" % search_group_dn - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk2TjDAACgkQeiVVYja6o6NQIQCfc4x3PqTqwyqNNHcJXTwPrFYo /tEAnR1uEjPYPdqKVU/duw9UG0aZD7hL =nLiN -----END PGP SIGNATURE----- _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
