URL: https://github.com/freeipa/freeipa/pull/408 Author: HonzaCholasta Title: #408: ipaldap: properly escape raw binary values in LDAP filters Action: synchronized
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/408/head:pr408 git checkout pr408
From 03a2a1729106195979eb98361b20002f929bd6e0 Mon Sep 17 00:00:00 2001 From: Jan Cholasta <jchol...@redhat.com> Date: Mon, 23 Jan 2017 10:26:50 +0100 Subject: [PATCH] ipaldap: properly escape raw binary values in LDAP filters Manually escape each byte in the value, do not use ldap.filter.escape_filter_chars() as it does not work with bytes in Python 3. https://fedorahosted.org/freeipa/ticket/4985 --- ipapython/ipaldap.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/ipapython/ipaldap.py b/ipapython/ipaldap.py index daee068..3ee40bf 100644 --- a/ipapython/ipaldap.py +++ b/ipapython/ipaldap.py @@ -19,6 +19,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. # +import binascii import time import datetime from decimal import Decimal @@ -1245,11 +1246,13 @@ def make_filter_from_attr( return cls.combine_filters(flts, rules) elif value is not None: if isinstance(value, bytes): - if six.PY3: - value = value.decode('raw_unicode_escape') + value = binascii.hexlify(value).decode('ascii') + # value[-2:0] is empty string for the initial '\\' + value = u'\\'.join( + value[i:i+2] for i in six.moves.range(-2, len(value), 2)) else: value = value_to_utf8(value) - value = ldap.filter.escape_filter_chars(value) + value = ldap.filter.escape_filter_chars(value) if not exact: template = '%s' if leading_wildcard:
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
