The orig_dn here isn't being passed to a filter and therefore must not be santized, as the sanitization process would break DNs that contain (among other things) parentheses.
This was noticed during the review of "[PATCH] AUTOFS: Search all search bases for automounter map entries"
From 386ddced4080e55edc25166e1a17cea6d821bb18 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgall...@redhat.com>
Date: Fri, 24 Feb 2012 15:46:29 -0500
Subject: [PATCH] LDAP: Remove unnecessary filter sanitize
The orig_dn here isn't being passed to a filter and therefore must
not be santized, as the sanitization process would break DNs that
contain (among other things) parentheses.
---
src/providers/ldap/sdap_async_autofs.c | 16 +++++-----------
1 files changed, 5 insertions(+), 11 deletions(-)
diff --git a/src/providers/ldap/sdap_async_autofs.c b/src/providers/ldap/sdap_async_autofs.c
index ea034c2f541dd042cfa5559de2b2def5dcd64f4f..528e8b73a09795da6bf63795bb9ae01bc57dad7b 100644
--- a/src/providers/ldap/sdap_async_autofs.c
+++ b/src/providers/ldap/sdap_async_autofs.c
@@ -185,7 +185,7 @@ struct automntmaps_process_members_state {
int timeout;
struct sysdb_ctx *sysdb;
- char *clean_orig_dn;
+ const char *orig_dn;
char *base_filter;
char *filter;
const char **attrs;
@@ -217,7 +217,6 @@ automntmaps_process_members_send(TALLOC_CTX *mem_ctx,
errno_t ret;
struct tevent_req *req;
struct automntmaps_process_members_state *state;
- const char *orig_dn;
req = tevent_req_create(mem_ctx, &state,
struct automntmaps_process_members_state);
@@ -250,20 +249,15 @@ automntmaps_process_members_send(TALLOC_CTX *mem_ctx,
goto immediate;
}
- ret = sysdb_attrs_get_string(state->map, SYSDB_ORIG_DN, &orig_dn);
+
+ ret = sysdb_attrs_get_string(state->map, SYSDB_ORIG_DN, &state->orig_dn);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot get originalDN\n"));
goto immediate;
}
- ret = sss_filter_sanitize(state, orig_dn, &state->clean_orig_dn);
- if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot sanitize originalDN\n"));
- goto immediate;
- }
-
DEBUG(SSSDBG_TRACE_FUNC,
- ("Examining autofs map [%s]\n", state->clean_orig_dn));
+ ("Examining autofs map [%s]\n", state->orig_dn));
ret = automntmaps_process_members_next_base(req);
if (ret != EOK) {
@@ -304,7 +298,7 @@ automntmaps_process_members_next_base(struct tevent_req *req)
state->search_bases[state->base_iter]->basedn));
subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh,
- state->clean_orig_dn,
+ state->orig_dn,
state->search_bases[state->base_iter]->scope,
state->filter, state->attrs,
state->opts->autofs_entry_map,
--
1.7.7.6
signature.asc
Description: This is a digitally signed message part
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
