-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10/28/2010 08:50 PM, Stephen Gallagher wrote:
This is the first part of a fix for https://fedorahosted.org/sssd/ticket/639
These patches address the various search filters we're using in the sysdb. Patches for LDAP search filters will be coming later. I wanted to get these reviewed first.
Patch 0001: Adds a utility function to sanitize search filters using the method described in RFC 4515. Includes a unit test.
Patch 0002: Sanitize search filters internal to the public sysdb APIs. Includes unit tests.
Patch 0003: Sanitize sysdb search filters in the IPA provider used with sysdb_search_custom()
Patch 0004: Sanitize sysdb search filters used when processing nested groups.
Sorry, withdrawing these patches. There's a problem with sysdb_delete_user() and sysdb_delete_group(). I'm not sure how I missed it, since the test I wrote is failing...
Unfortunately, I think I may have discovered a bug in libldb that I'll have to work around. It looks like libldb is overzealous in sanitizing a basedn with strange characters. I will dig into this tomorrow.
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/