The branch, master has been updated
via d004fd0 talloc: added test suite for talloc_free_children()
via 52182a5 talloc: preserve context name on talloc_free_children()
via 03f9250 samba-tool: use ldb.binary_encode() on search expression
elements
via 8dda0ef samba-tool: fixed binary encoding of usernames in
setpassword
via 7ce4aca pyldb: added binary_encode() and binary_decode() methods
via d815ce0 ldb: added a test for an invalid search expression
via e3b76bd ldb: fixed a search expression parse bug
from 2663586 s4-auth Fill in the remainder of the unix info in
auth_session_info
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit d004fd0b53fb6f3ae64f0e24cf51f4471d434574
Author: Andrew Tridgell <tri...@samba.org>
Date: Fri Jul 29 11:57:07 2011 +1000
talloc: added test suite for talloc_free_children()
this tests the fix from Simo
Autobuild-User: Andrew Tridgell <tri...@samba.org>
Autobuild-Date: Fri Jul 29 11:30:13 CEST 2011 on sn-devel-104
commit 52182a528117c4dd9624f64b34a873c0903ad70a
Author: Simo Sorce <i...@samba.org>
Date: Wed Jul 27 12:02:35 2011 -0400
talloc: preserve context name on talloc_free_children()
Otherwise tc->name will end up pointing to garbage when it is not
set to a const but rather to a string allocate as child of the context
itself.
Signed-off-by: Andrew Tridgell <tri...@samba.org>
commit 03f92508ef2ebb4e7790f612e3f833382c691051
Author: Andrew Tridgell <tri...@samba.org>
Date: Thu Jul 28 17:14:28 2011 +1000
samba-tool: use ldb.binary_encode() on search expression elements
this allows us to deal with search elements containing characters that
must be escaped in LDAP
Pair-Programmed-With: Andrew Bartlett <abart...@samba.org>
Pair-Programmed-With: Amitay Isaacs <ami...@gmail.com>
commit 8dda0ef57fa908c94c14d2521ded883ceb253b2f
Author: Andrew Tridgell <tri...@samba.org>
Date: Thu Jul 28 17:03:57 2011 +1000
samba-tool: fixed binary encoding of usernames in setpassword
Pair-Programmed-With: Amitay Isaacs <ami...@gmail.com>
Pair-Programmed-With: Andrew Bartlett <abart...@samba.org>
commit 7ce4aca029473b219d053221ced1e3686ce2d3ad
Author: Andrew Tridgell <tri...@samba.org>
Date: Thu Jul 28 17:03:06 2011 +1000
pyldb: added binary_encode() and binary_decode() methods
this gives access to RFC2254 encoding from python
Pair-Programmed-With: Andrew Bartlett <abart...@samba.org>
Pair-Programmed-With: Amitay Isaacs <ami...@gmail.com>
commit d815ce094e7a495fb2ddf0668015c5a1b9bb1dc4
Author: Andrew Tridgell <tri...@samba.org>
Date: Thu Jul 28 15:56:15 2011 +1000
ldb: added a test for an invalid search expression
this tests the fix for invalid expressions in & and | expressions
Pair-Programmed-With: Andrew Bartlett <abart...@samba.org>
Pair-Programmed-With: Amitay Isaacs <ami...@gmail.com>
commit e3b76bd6205acfc1a89fbcab5d9588b32cb47b88
Author: Andrew Tridgell <tri...@samba.org>
Date: Thu Jul 28 15:51:31 2011 +1000
ldb: fixed a search expression parse bug
when a secondary component of a & or | expression was invalid, it was
ignored rather than giving an error. For example:
(|(objectclass=user)(samaccountname=foo\blah))
was treated as being:
(objectclass=user)
whereas it should be an error, as foo\blah is invalid
Pair-Programmed-With: Amitay Isaacs <ami...@gmail.com>
Pair-Programmed-With: Andrew Bartlett <abart...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/ldb/common/ldb_parse.c | 12 ++++-
lib/ldb/pyldb.c | 53 ++++++++++++++++++++
lib/ldb/tests/python/api.py | 4 ++
lib/ldb/tests/test-generic.sh | 3 +
lib/talloc/talloc.c | 23 +++++++++
lib/talloc/testsuite.c | 44 ++++++++++++++++
source4/scripting/python/samba/join.py | 4 +-
.../scripting/python/samba/netcmd/delegation.py | 10 ++--
source4/scripting/python/samba/netcmd/domain.py | 2 +-
source4/scripting/python/samba/netcmd/drs.py | 5 +-
source4/scripting/python/samba/netcmd/gpo.py | 6 +-
source4/scripting/python/samba/netcmd/rodc.py | 2 +-
source4/scripting/python/samba/netcmd/spn.py | 8 ++--
source4/scripting/python/samba/netcmd/user.py | 8 ++--
source4/scripting/python/samba/samdb.py | 10 ++--
15 files changed, 167 insertions(+), 27 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/ldb/common/ldb_parse.c b/lib/ldb/common/ldb_parse.c
index b4eabf8..8c6c2d9 100644
--- a/lib/ldb/common/ldb_parse.c
+++ b/lib/ldb/common/ldb_parse.c
@@ -534,8 +534,18 @@ static struct ldb_parse_tree
*ldb_parse_filterlist(TALLOC_CTX *mem_ctx, const ch
while (isspace((unsigned char)*p)) p++;
- while (*p && (next = ldb_parse_filter(ret->u.list.elements, &p))) {
+ while (*p) {
+ if (*p == ')') {
+ break;
+ }
+
+ next = ldb_parse_filter(ret->u.list.elements, &p);
struct ldb_parse_tree **e;
+ if (next == NULL) {
+ /* an invalid filter element */
+ talloc_free(ret);
+ return NULL;
+ }
e = talloc_realloc(ret, ret->u.list.elements,
struct ldb_parse_tree *,
ret->u.list.num_elements + 1);
diff --git a/lib/ldb/pyldb.c b/lib/ldb/pyldb.c
index adec424..c92d64d 100644
--- a/lib/ldb/pyldb.c
+++ b/lib/ldb/pyldb.c
@@ -3170,6 +3170,53 @@ static PyObject *py_valid_attr_name(PyObject *self,
PyObject *args)
return PyBool_FromLong(ldb_valid_attr_name(name));
}
+/*
+ encode a string using RFC2254 rules
+ */
+static PyObject *py_binary_encode(PyObject *self, PyObject *args)
+{
+ char *str, *encoded;
+ Py_ssize_t size;
+ struct ldb_val val;
+ PyObject *ret;
+
+ if (!PyArg_ParseTuple(args, "s#", &str, &size))
+ return NULL;
+ val.data = (uint8_t *)str;
+ val.length = size;
+
+ encoded = ldb_binary_encode(NULL, val);
+ if (encoded == NULL) {
+ PyErr_SetString(PyExc_TypeError, "unable to encode binary
string");
+ return NULL;
+ }
+ ret = PyString_FromString(encoded);
+ talloc_free(encoded);
+ return ret;
+}
+
+/*
+ decode a string using RFC2254 rules
+ */
+static PyObject *py_binary_decode(PyObject *self, PyObject *args)
+{
+ char *str;
+ struct ldb_val val;
+ PyObject *ret;
+
+ if (!PyArg_ParseTuple(args, "s", &str))
+ return NULL;
+
+ val = ldb_binary_decode(NULL, str);
+ if (val.data == NULL) {
+ PyErr_SetString(PyExc_TypeError, "unable to decode binary
string");
+ return NULL;
+ }
+ ret = Py_BuildValue("s#", val.data, val.length);
+ talloc_free(val.data);
+ return ret;
+}
+
static PyMethodDef py_ldb_global_methods[] = {
{ "register_module", py_register_module, METH_VARARGS,
"S.register_module(module) -> None\n"
@@ -3185,6 +3232,12 @@ static PyMethodDef py_ldb_global_methods[] = {
"Check whether the supplied name is a valid attribute name." },
{ "open", (PyCFunction)py_ldb_new, METH_VARARGS|METH_KEYWORDS,
NULL },
+ { "binary_encode", py_binary_encode, METH_VARARGS,
+ "S.binary_encode(string) -> string\n"
+ "Perform a RFC2254 binary encoding on a string" },
+ { "binary_decode", py_binary_decode, METH_VARARGS,
+ "S.binary_decode(string) -> string\n"
+ "Perform a RFC2254 binary decode on a string" },
{ NULL }
};
diff --git a/lib/ldb/tests/python/api.py b/lib/ldb/tests/python/api.py
index bd10b0b..6a8df25 100755
--- a/lib/ldb/tests/python/api.py
+++ b/lib/ldb/tests/python/api.py
@@ -30,6 +30,10 @@ class NoContextTests(unittest.TestCase):
self.assertEquals(0, ldb.string_to_time("19700101000000.0Z"))
self.assertEquals(1195499412, ldb.string_to_time("20071119191012.0Z"))
+ def test_binary_encode(self):
+ encoded = self.binary_encode('test\\x')
+ decoded = self.binary_decode(encoded)
+ self.assertEquals(decoded, 'test\\x')
class SimpleLdb(unittest.TestCase):
diff --git a/lib/ldb/tests/test-generic.sh b/lib/ldb/tests/test-generic.sh
index ae9ff73..7c3db4a 100755
--- a/lib/ldb/tests/test-generic.sh
+++ b/lib/ldb/tests/test-generic.sh
@@ -57,6 +57,9 @@ $VALGRIND ldbsearch$EXEEXT
'(&(uid=uham)(uid=uham)(!(objectclass=xxx)))' || exi
$VALGRIND ldbsearch$EXEEXT '(&(objectclass=person)(uid=uham)(!(uid=uhamxx)))'
uid \* \+ dn || exit 1
$VALGRIND ldbsearch$EXEEXT '(&(uid=uham)(uid=uha*)(title=*))' uid || exit 1
+echo "Testing invalid search expression"
+$VALGRIND ldbsearch$EXEEXT '(&(uid=uham)(title=foo\blah))' uid && exit 1
+
# note that the "((" is treated as an attribute not an expression
# this matches the openldap ldapsearch behaviour of looking for a '='
# to see if the first argument is an expression or not
diff --git a/lib/talloc/talloc.c b/lib/talloc/talloc.c
index 4700aa9..a820ebf 100644
--- a/lib/talloc/talloc.c
+++ b/lib/talloc/talloc.c
@@ -1282,6 +1282,7 @@ static inline void _talloc_free_children_internal(struct
talloc_chunk *tc,
*/
_PUBLIC_ void talloc_free_children(void *ptr)
{
+ struct talloc_chunk *tc_name = NULL;
struct talloc_chunk *tc;
if (unlikely(ptr == NULL)) {
@@ -1290,7 +1291,29 @@ _PUBLIC_ void talloc_free_children(void *ptr)
tc = talloc_chunk_from_ptr(ptr);
+ /* we do not want to free the context name if it is a child .. */
+ if (likely(tc->child)) {
+ for (tc_name = tc->child; tc_name; tc_name = tc_name->next) {
+ if (tc->name == TC_PTR_FROM_CHUNK(tc_name)) break;
+ }
+ if (tc_name) {
+ _TLIST_REMOVE(tc->child, tc_name);
+ if (tc->child) {
+ tc->child->parent = tc;
+ }
+ }
+ }
+
_talloc_free_children_internal(tc, ptr, __location__);
+
+ /* .. so we put it back after all other children have been freed */
+ if (tc_name) {
+ if (tc->child) {
+ tc->child->parent = NULL;
+ }
+ tc_name->parent = tc;
+ _TLIST_ADD(tc->child, tc_name);
+ }
}
/*
diff --git a/lib/talloc/testsuite.c b/lib/talloc/testsuite.c
index 90417c6..b038d34 100644
--- a/lib/talloc/testsuite.c
+++ b/lib/talloc/testsuite.c
@@ -1320,6 +1320,48 @@ static bool test_rusty(void)
return true;
}
+static bool test_free_children(void)
+{
+ void *root;
+ const char *p1, *p2, *name, *name2;
+
+ talloc_enable_null_tracking();
+ root = talloc_new(NULL);
+ p1 = talloc_strdup(root, "foo1");
+ p2 = talloc_strdup(p1, "foo2");
+
+ talloc_set_name(p1, "%s", "testname");
+ talloc_free_children(p1);
+ /* check its still a valid talloc ptr */
+ talloc_get_size(talloc_get_name(p1));
+ if (strcmp(talloc_get_name(p1), "testname") != 0) {
+ return false;
+ }
+
+ talloc_set_name(p1, "%s", "testname");
+ name = talloc_get_name(p1);
+ talloc_free_children(p1);
+ /* check its still a valid talloc ptr */
+ talloc_get_size(talloc_get_name(p1));
+ torture_assert("name", name == talloc_get_name(p1), "name ptr changed");
+ torture_assert("namecheck", strcmp(talloc_get_name(p1), "testname") ==
0,
+ "wrong name");
+ CHECK_BLOCKS("name1", p1, 2);
+
+ /* note that this does not free the old child name */
+ talloc_set_name_const(p1, "testname2");
+ name2 = talloc_get_name(p1);
+ /* but this does */
+ talloc_free_children(p1);
+ torture_assert("namecheck", strcmp(talloc_get_name(p1), "testname2") ==
0,
+ "wrong name");
+ CHECK_BLOCKS("name1", p1, 1);
+
+ talloc_report_full(root, stdout);
+ talloc_free(root);
+ return true;
+}
+
static void test_reset(void)
{
@@ -1379,6 +1421,8 @@ bool torture_local_talloc(struct torture_context *tctx)
ret &= test_free_ref_null_context();
test_reset();
ret &= test_rusty();
+ test_reset();
+ ret &= test_free_children();
if (ret) {
test_reset();
diff --git a/source4/scripting/python/samba/join.py
b/source4/scripting/python/samba/join.py
index b586e2c..4495b52 100644
--- a/source4/scripting/python/samba/join.py
+++ b/source4/scripting/python/samba/join.py
@@ -147,7 +147,7 @@ class dc_join(object):
# find the krbtgt link
print("checking samaccountname")
res = ctx.samdb.search(base=ctx.samdb.get_default_basedn(),
- expression='samAccountName=%s' %
ctx.samname,
+ expression='samAccountName=%s' %
ldb.binary_encode(ctx.samname),
attrs=["msDS-krbTgtLink"])
if res:
ctx.del_noerror(res[0].dn, recursive=True)
@@ -408,7 +408,7 @@ class dc_join(object):
ctx.samdb.modify(m)
print "Setting account password for %s" % ctx.samname
- ctx.samdb.setpassword("(&(objectClass=user)(sAMAccountName=%s))" %
ctx.samname,
+ ctx.samdb.setpassword("(&(objectClass=user)(sAMAccountName=%s))" %
ldb.binary_encode(ctx.samname),
ctx.acct_pass,
force_change_at_next_login=False,
username=ctx.samname)
diff --git a/source4/scripting/python/samba/netcmd/delegation.py
b/source4/scripting/python/samba/netcmd/delegation.py
index 1980203..9aa8287 100644
--- a/source4/scripting/python/samba/netcmd/delegation.py
+++ b/source4/scripting/python/samba/netcmd/delegation.py
@@ -72,7 +72,7 @@ class cmd_delegation_show(Command):
# to the correct domain
(cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
print "Searching for: %s" % (cleanedaccount)
- res = sam.search(expression="sAMAccountName=%s" % cleanedaccount,
+ res = sam.search(expression="sAMAccountName=%s" %
ldb.binary_encode(cleanedaccount),
scope=ldb.SCOPE_SUBTREE,
attrs=["userAccountControl",
"msDS-AllowedToDelegateTo"])
if len(res) != 1:
@@ -122,7 +122,7 @@ class cmd_delegation_for_any_service(Command):
# to the correct domain
(cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
- search_filter = "sAMAccountName=%s" % cleanedaccount
+ search_filter = "sAMAccountName=%s" % ldb.binary_encode(cleanedaccount)
flag = dsdb.UF_TRUSTED_FOR_DELEGATION
try:
sam.toggle_userAccountFlags(search_filter, flag, on=on,
strict=True)
@@ -154,7 +154,7 @@ class cmd_delegation_for_any_protocol(Command):
# to the correct domain
(cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
- search_filter = "sAMAccountName=%s" % cleanedaccount
+ search_filter = "sAMAccountName=%s" % ldb.binary_encode(cleanedaccount)
flag = dsdb.UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
try:
sam.toggle_userAccountFlags(search_filter, flag, on=on,
strict=True)
@@ -178,7 +178,7 @@ class cmd_delegation_add_service(Command):
# to the correct domain
(cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
- res = sam.search(expression="sAMAccountName=%s" % cleanedaccount,
+ res = sam.search(expression="sAMAccountName=%s" %
ldb.binary_encode(cleanedaccount),
scope=ldb.SCOPE_SUBTREE,
attrs=["msDS-AllowedToDelegateTo"])
if len(res) != 1:
@@ -211,7 +211,7 @@ class cmd_delegation_del_service(Command):
# to the correct domain
(cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
- res = sam.search(expression="sAMAccountName=%s" % cleanedaccount,
+ res = sam.search(expression="sAMAccountName=%s" %
ldb.binary_encode(cleanedaccount),
scope=ldb.SCOPE_SUBTREE,
attrs=["msDS-AllowedToDelegateTo"])
if len(res) != 1:
diff --git a/source4/scripting/python/samba/netcmd/domain.py
b/source4/scripting/python/samba/netcmd/domain.py
index 8dffbd2..50b5d80 100644
--- a/source4/scripting/python/samba/netcmd/domain.py
+++ b/source4/scripting/python/samba/netcmd/domain.py
@@ -317,7 +317,7 @@ class cmd_domain_machinepassword(Command):
secretsdb = Ldb(url=url, session_info=system_session(),
credentials=creds, lp=lp)
result = secretsdb.search(attrs=["secret"],
- expression="(&(objectclass=primaryDomain)(samaccountname=%s))" %
secret)
+ expression="(&(objectclass=primaryDomain)(samaccountname=%s))" %
ldb.binary_encode(secret))
if len(result) != 1:
raise CommandError("search returned %d records, expected 1" %
len(result))
diff --git a/source4/scripting/python/samba/netcmd/drs.py
b/source4/scripting/python/samba/netcmd/drs.py
index f9b55f4..e9cd540 100644
--- a/source4/scripting/python/samba/netcmd/drs.py
+++ b/source4/scripting/python/samba/netcmd/drs.py
@@ -287,8 +287,9 @@ class cmd_drs_replicate(Command):
# we need to find the NTDS GUID of the source DC
msg = self.samdb.search(base=self.samdb.get_config_basedn(),
-
expression="(&(objectCategory=server)(|(name=%s)(dNSHostName=%s)))" %
(SOURCE_DC,
-
SOURCE_DC),
+
expression="(&(objectCategory=server)(|(name=%s)(dNSHostName=%s)))" % (
+ ldb.binary_encode(SOURCE_DC),
+ ldb.binary_encode(SOURCE_DC)),
attrs=[])
if len(msg) == 0:
raise CommandError("Failed to find source DC %s" % SOURCE_DC)
diff --git a/source4/scripting/python/samba/netcmd/gpo.py
b/source4/scripting/python/samba/netcmd/gpo.py
index 72c157d..e59b79d 100644
--- a/source4/scripting/python/samba/netcmd/gpo.py
+++ b/source4/scripting/python/samba/netcmd/gpo.py
@@ -131,10 +131,10 @@ def get_gpo_info(samdb, gpo=None, displayname=None,
dn=None):
search_scope = ldb.SCOPE_ONELEVEL
if gpo is not None:
- search_expr = "(&(objectClass=groupPolicyContainer)(name=%s))" % gpo
+ search_expr = "(&(objectClass=groupPolicyContainer)(name=%s))" %
ldb.binary_encode(gpo)
if displayname is not None:
- search_expr = "(&(objectClass=groupPolicyContainer)(displayname=%s))"
% displayname
+ search_expr = "(&(objectClass=groupPolicyContainer)(displayname=%s))"
% ldb.binary_encode(displayname)
if dn is not None:
base_dn = dn
@@ -253,7 +253,7 @@ class cmd_list(Command):
try:
msg =
self.samdb.search(expression='(&(|(samAccountName=%s)(samAccountName=%s$))(objectClass=User))'
%
- (username,username))
+
(ldb.binary_encode(username),ldb.binary_encode(username)))
user_dn = msg[0].dn
except Exception, e:
raise CommandError("Failed to find account %s" % username, e)
diff --git a/source4/scripting/python/samba/netcmd/rodc.py
b/source4/scripting/python/samba/netcmd/rodc.py
index 411221e..75c326f 100644
--- a/source4/scripting/python/samba/netcmd/rodc.py
+++ b/source4/scripting/python/samba/netcmd/rodc.py
@@ -52,7 +52,7 @@ class cmd_rodc_preload(Command):
expression="objectclass=user",
scope=ldb.SCOPE_BASE, attrs=[])
else:
- res =
samdb.search(expression="(&(samAccountName=%s)(objectclass=user))" % account,
+ res =
samdb.search(expression="(&(samAccountName=%s)(objectclass=user))" %
ldb.binary_encode(account),
scope=ldb.SCOPE_SUBTREE, attrs=[])
if len(res) != 1:
raise Exception("Failed to find account '%s'" % account)
diff --git a/source4/scripting/python/samba/netcmd/spn.py
b/source4/scripting/python/samba/netcmd/spn.py
index e81cdce..672f140 100644
--- a/source4/scripting/python/samba/netcmd/spn.py
+++ b/source4/scripting/python/samba/netcmd/spn.py
@@ -69,7 +69,7 @@ class cmd_spn_list(Command):
# to the correct domain
(cleaneduser, realm, domain) = _get_user_realm_domain(user)
print cleaneduser
- res = sam.search(expression="samaccountname=%s" % cleaneduser,
+ res = sam.search(expression="samaccountname=%s" %
ldb.binary_encode(cleaneduser),
scope=ldb.SCOPE_SUBTREE,
attrs=["servicePrincipalName"])
if len(res) >0:
@@ -102,7 +102,7 @@ class cmd_spn_add(Command):
paths = provision.provision_paths_from_lp(lp, lp.get("realm"))
sam = SamDB(paths.samdb, session_info=system_session(),
credentials=creds, lp=lp)
- res = sam.search(expression="servicePrincipalName=%s" % name,
+ res = sam.search(expression="servicePrincipalName=%s" %
ldb.binary_encode(name),
scope=ldb.SCOPE_SUBTREE,
)
if len(res) != 0 and not force:
@@ -110,7 +110,7 @@ class cmd_spn_add(Command):
" affected to another user" % name)
(cleaneduser, realm, domain) = _get_user_realm_domain(user)
- res = sam.search(expression="samaccountname=%s" % cleaneduser,
+ res = sam.search(expression="samaccountname=%s" %
ldb.binary_encode(cleaneduser),
scope=ldb.SCOPE_SUBTREE,
attrs=["servicePrincipalName"])
if len(res) >0:
@@ -151,7 +151,7 @@ class cmd_spn_delete(Command):
paths = provision.provision_paths_from_lp(lp, lp.get("realm"))
sam = SamDB(paths.samdb, session_info=system_session(),
credentials=creds, lp=lp)
- res = sam.search(expression="servicePrincipalName=%s" % name,
+ res = sam.search(expression="servicePrincipalName=%s" %
ldb.binary_encode(name),
scope=ldb.SCOPE_SUBTREE,
attrs=["servicePrincipalName", "samAccountName"])
if len(res) >0:
diff --git a/source4/scripting/python/samba/netcmd/user.py
b/source4/scripting/python/samba/netcmd/user.py
index 96a198a..88d93e3 100644
--- a/source4/scripting/python/samba/netcmd/user.py
+++ b/source4/scripting/python/samba/netcmd/user.py
@@ -21,7 +21,7 @@
#
import samba.getopt as options
-import sys
+import sys, ldb
from getpass import getpass
from samba.auth import system_session
from samba.samdb import SamDB
@@ -142,7 +142,7 @@ class cmd_user_enable(Command):
raise CommandError("Either the username or '--filter' must be
specified!")
if filter is None:
- filter = "(&(objectClass=user)(sAMAccountName=%s))" % (username)
+ filter = "(&(objectClass=user)(sAMAccountName=%s))" %
(ldb.binary_encode(username))
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp, fallback_machine=True)
@@ -178,7 +178,7 @@ class cmd_user_setexpiry(Command):
raise CommandError("Either the username or '--filter' must be
specified!")
if filter is None:
- filter = "(&(objectClass=user)(sAMAccountName=%s))" % (username)
+ filter = "(&(objectClass=user)(sAMAccountName=%s))" %
(ldb.binary_encode(username))
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
@@ -258,7 +258,7 @@ class cmd_user_setpassword(Command):
password = getpass("New Password: ")
if filter is None:
- filter = "(&(objectClass=user)(sAMAccountName=%s))" % (username)
+ filter = "(&(objectClass=user)(sAMAccountName=%s))" %
(ldb.binary_encode(username))
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
diff --git a/source4/scripting/python/samba/samdb.py
b/source4/scripting/python/samba/samdb.py
index a7ed1d2..6f39535 100644
--- a/source4/scripting/python/samba/samdb.py
+++ b/source4/scripting/python/samba/samdb.py
@@ -189,7 +189,7 @@ pwdLastSet: 0
:param groupname: Name of the target group
"""
- groupfilter = "(&(sAMAccountName=%s)(objectCategory=%s,%s))" %
(groupname, "CN=Group,CN=Schema,CN=Configuration", self.domain_dn())
+ groupfilter = "(&(sAMAccountName=%s)(objectCategory=%s,%s))" %
(ldb.binary_encode(groupname), "CN=Group,CN=Schema,CN=Configuration",
self.domain_dn())
self.transaction_start()
try:
targetgroup = self.search(base=self.domain_dn(),
scope=ldb.SCOPE_SUBTREE,
@@ -214,7 +214,8 @@ pwdLastSet: 0
operation
"""
- groupfilter = "(&(sAMAccountName=%s)(objectCategory=%s,%s))" %
(groupname, "CN=Group,CN=Schema,CN=Configuration", self.domain_dn())
+ groupfilter = "(&(sAMAccountName=%s)(objectCategory=%s,%s))" % (
+ ldb.binary_encode(groupname),
"CN=Group,CN=Schema,CN=Configuration", self.domain_dn())
groupmembers = listofmembers.split(',')
self.transaction_start()
@@ -234,7 +235,8 @@ changetype: modify
for member in groupmembers:
targetmember = self.search(base=self.domain_dn(),
scope=ldb.SCOPE_SUBTREE,
- expression="(|(sAMAccountName=%s)(CN=%s))"
% (member, member), attrs=[])
+ expression="(|(sAMAccountName=%s)(CN=%s))"
% (
+ ldb.binary_encode(member), ldb.binary_encode(member)),
attrs=[])
if len(targetmember) != 1:
continue
@@ -378,7 +380,7 @@ member: %s
# Sets the password for it
if setpassword:
- self.setpassword("(samAccountName=%s)" % username, password,
+ self.setpassword("(samAccountName=%s)" %
ldb.binary_encode(username), password,
force_password_change_at_next_login_req)
except Exception:
self.transaction_cancel()
--
Samba Shared Repository
