Escape DN in enabled query
Values in LDAP filter strings need to be escaped. The DN in the enabled query wasn't being escaped so it might cause an invalid query to be done. Closes-Bug: 1532345 Change-Id: Ia97297b5919351f4710ab39af6f3be9623a83976
This commit is contained in:
parent
0cb49925e4
commit
eeddfb8ffa
|
@ -1826,7 +1826,8 @@ class EnabledEmuMixIn(BaseLdap):
|
|||
|
||||
def _get_enabled(self, object_id, conn):
|
||||
dn = self._id_to_dn(object_id)
|
||||
query = '(%s=%s)' % (self.member_attribute, dn)
|
||||
query = '(%s=%s)' % (self.member_attribute,
|
||||
ldap.filter.escape_filter_chars(dn))
|
||||
try:
|
||||
enabled_value = conn.search_s(self.enabled_emulation_dn,
|
||||
ldap.SCOPE_BASE,
|
||||
|
|
|
@ -2253,17 +2253,17 @@ class LDAPIdentityEnabledEmulation(LDAPIdentity):
|
|||
|
||||
# ) is a special char in a filter and must be escaped.
|
||||
sample_dn = 'cn=foo)bar'
|
||||
# LDAP requires ) is escaped by being replaced with "\29"
|
||||
sample_dn_filter_esc = r'cn=foo\29bar'
|
||||
|
||||
# Override the tree_dn, it's used to build the enabled member filter
|
||||
mixin_impl.tree_dn = sample_dn
|
||||
|
||||
# The filter that _get_enabled is going to build contains the
|
||||
# tree_dn, which better be escaped in this case.
|
||||
# Note that the tree_dn isn't escaped and will lead to an invalid
|
||||
# filter! See bug 1532345.
|
||||
exp_filter = '(%s=%s=%s,%s)' % (
|
||||
mixin_impl.member_attribute, mixin_impl.id_attr, object_id,
|
||||
sample_dn)
|
||||
sample_dn_filter_esc)
|
||||
|
||||
with mixin_impl.get_connection() as conn:
|
||||
m = self.useFixture(mockpatch.PatchObject(conn, 'search_s')).mock
|
||||
|
|
Loading…
Reference in New Issue