URL: https://github.com/freeipa/freeipa/pull/4014 Author: tiran Title: #4014: [Py3] Fix get_trusted_domain_object_from_sid() Action: opened
PR body: """ DomainValidator.get_trusted_domain_object_from_sid() was using escape_filter_chars() with bytes. The function only works with text. This caused idview to fail under some circumstances. Reimplement backslash hex quoting for bytes. Fixes: https://pagure.io/freeipa/issue/7958 Signed-off-by: Christian Heimes <chei...@redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4014/head:pr4014 git checkout pr4014
From e0a6a6fff610275db55500d1d8c28172c6272459 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Wed, 11 Dec 2019 11:33:13 +0100 Subject: [PATCH] [Py3] Fix get_trusted_domain_object_from_sid() DomainValidator.get_trusted_domain_object_from_sid() was using escape_filter_chars() with bytes. The function only works with text. This caused idview to fail under some circumstances. Reimplement backslash hex quoting for bytes. Fixes: https://pagure.io/freeipa/issue/7958 Signed-off-by: Christian Heimes <chei...@redhat.com> --- ipaserver/dcerpc.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py index 017522956a..4c9fa5281d 100644 --- a/ipaserver/dcerpc.py +++ b/ipaserver/dcerpc.py @@ -491,9 +491,9 @@ def get_trusted_domain_object_from_sid(self, sid): # If unsuccessful, search AD DC LDAP logger.debug("Searching AD DC LDAP") - escaped_sid = escape_filter_chars( - security.dom_sid(sid).__ndr_pack__(), - 2 # 2 means every character needs to be escaped + # escape_filter_chars(sid_bytes, 2) but for bytes + escaped_sid = "".join( + "\\%02x" % b for b in ndr_pack(security.dom_sid(sid)) ) attrs = ['sAMAccountName']
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org