-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/30/2011 04:22 PM, JR Aquino wrote: > On Mar 30, 2011, at 1:01 PM, Stephen Gallagher wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On 03/30/2011 03:53 PM, JR Aquino wrote: >>> >>> On Mar 30, 2011, at 12:05 PM, JR Aquino wrote: >>> >>>> The FreeIPA framework performs unescaped searches to enumerate group >>>> membership. >>>> >>>> The following patch corrects this behavior. >>>> >>>> -JR >>>> >>>> <freeipa-jraquino-0021-Escape-LDAP-characters-in-member-and-memberof-search.patch>_______________________________________________ >>>> Freeipa-devel mailing list >>>> Freeipa-devel@redhat.com >>>> https://www.redhat.com/mailman/listinfo/freeipa-devel >>> >>> Self NACK >>> >>> Attached is the corrected patch. >>> >>> search_group_dn = _ldap_filter.escape_filter_chars(search_group_dn) >>> >>> Is now correctly changed to: >>> >>> search_group_dn = _ldap_filter.escape_filter_chars(group_dn) >>> >> >> Nack. This is a step in the right direction, but you're not actually >> using this value anywhere. >> >> I think you wanted to have the next line changed to: >> >> searchfilter = "(memberof=%s)" % search_group_dn >> >> - -- >> Stephen Gallagher >> RHCE 804006346421761 > > Oh! You are right. > > Attached is the corrected patch.
Ack - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk2TkgQACgkQeiVVYja6o6MFoACgruAs/QgalqNzBLrge9H+k9HE 6dcAn0WL5DDgUWA60wUCYvDDEXlRDNWz =co8G -----END PGP SIGNATURE----- _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel