Escape DN in enabled query
Values in LDAP filter strings need to be escaped. The DN in the
enabled query wasn't being escaped so it might cause an invalid
query to be done.
Closes-Bug: 1532345
Change-Id: Ia97297b5919351f4710ab39af6f3be9623a83976
(cherry picked from commit eeddfb8ffa
)
This commit is contained in:
parent
690191d21d
commit
1f37f71088
|
@ -1823,7 +1823,8 @@ class EnabledEmuMixIn(BaseLdap):
|
|||
|
||||
def _get_enabled(self, object_id, conn):
|
||||
dn = self._id_to_dn(object_id)
|
||||
query = '(%s=%s)' % (self.member_attribute, dn)
|
||||
query = '(%s=%s)' % (self.member_attribute,
|
||||
ldap.filter.escape_filter_chars(dn))
|
||||
try:
|
||||
enabled_value = conn.search_s(self.enabled_emulation_dn,
|
||||
ldap.SCOPE_BASE,
|
||||
|
|
|
@ -2297,17 +2297,17 @@ class LDAPIdentityEnabledEmulation(LDAPIdentity):
|
|||
|
||||
# ) is a special char in a filter and must be escaped.
|
||||
sample_dn = 'cn=foo)bar'
|
||||
# LDAP requires ) is escaped by being replaced with "\29"
|
||||
sample_dn_filter_esc = r'cn=foo\29bar'
|
||||
|
||||
# Override the tree_dn, it's used to build the enabled member filter
|
||||
mixin_impl.tree_dn = sample_dn
|
||||
|
||||
# The filter that _get_enabled is going to build contains the
|
||||
# tree_dn, which better be escaped in this case.
|
||||
# Note that the tree_dn isn't escaped and will lead to an invalid
|
||||
# filter! See bug 1532345.
|
||||
exp_filter = '(%s=%s=%s,%s)' % (
|
||||
mixin_impl.member_attribute, mixin_impl.id_attr, object_id,
|
||||
sample_dn)
|
||||
sample_dn_filter_esc)
|
||||
|
||||
with mixin_impl.get_connection() as conn:
|
||||
m = self.useFixture(mockpatch.PatchObject(conn, 'search_s')).mock
|
||||
|
|
Loading…
Reference in New Issue