The branch, master has been updated via d004fd0 talloc: added test suite for talloc_free_children() via 52182a5 talloc: preserve context name on talloc_free_children() via 03f9250 samba-tool: use ldb.binary_encode() on search expression elements via 8dda0ef samba-tool: fixed binary encoding of usernames in setpassword via 7ce4aca pyldb: added binary_encode() and binary_decode() methods via d815ce0 ldb: added a test for an invalid search expression via e3b76bd ldb: fixed a search expression parse bug from 2663586 s4-auth Fill in the remainder of the unix info in auth_session_info
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit d004fd0b53fb6f3ae64f0e24cf51f4471d434574 Author: Andrew Tridgell <tri...@samba.org> Date: Fri Jul 29 11:57:07 2011 +1000 talloc: added test suite for talloc_free_children() this tests the fix from Simo Autobuild-User: Andrew Tridgell <tri...@samba.org> Autobuild-Date: Fri Jul 29 11:30:13 CEST 2011 on sn-devel-104 commit 52182a528117c4dd9624f64b34a873c0903ad70a Author: Simo Sorce <i...@samba.org> Date: Wed Jul 27 12:02:35 2011 -0400 talloc: preserve context name on talloc_free_children() Otherwise tc->name will end up pointing to garbage when it is not set to a const but rather to a string allocate as child of the context itself. Signed-off-by: Andrew Tridgell <tri...@samba.org> commit 03f92508ef2ebb4e7790f612e3f833382c691051 Author: Andrew Tridgell <tri...@samba.org> Date: Thu Jul 28 17:14:28 2011 +1000 samba-tool: use ldb.binary_encode() on search expression elements this allows us to deal with search elements containing characters that must be escaped in LDAP Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> Pair-Programmed-With: Amitay Isaacs <ami...@gmail.com> commit 8dda0ef57fa908c94c14d2521ded883ceb253b2f Author: Andrew Tridgell <tri...@samba.org> Date: Thu Jul 28 17:03:57 2011 +1000 samba-tool: fixed binary encoding of usernames in setpassword Pair-Programmed-With: Amitay Isaacs <ami...@gmail.com> Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> commit 7ce4aca029473b219d053221ced1e3686ce2d3ad Author: Andrew Tridgell <tri...@samba.org> Date: Thu Jul 28 17:03:06 2011 +1000 pyldb: added binary_encode() and binary_decode() methods this gives access to RFC2254 encoding from python Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> Pair-Programmed-With: Amitay Isaacs <ami...@gmail.com> commit d815ce094e7a495fb2ddf0668015c5a1b9bb1dc4 Author: Andrew Tridgell <tri...@samba.org> Date: Thu Jul 28 15:56:15 2011 +1000 ldb: added a test for an invalid search expression this tests the fix for invalid expressions in & and | expressions Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> Pair-Programmed-With: Amitay Isaacs <ami...@gmail.com> commit e3b76bd6205acfc1a89fbcab5d9588b32cb47b88 Author: Andrew Tridgell <tri...@samba.org> Date: Thu Jul 28 15:51:31 2011 +1000 ldb: fixed a search expression parse bug when a secondary component of a & or | expression was invalid, it was ignored rather than giving an error. For example: (|(objectclass=user)(samaccountname=foo\blah)) was treated as being: (objectclass=user) whereas it should be an error, as foo\blah is invalid Pair-Programmed-With: Amitay Isaacs <ami...@gmail.com> Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> ----------------------------------------------------------------------- Summary of changes: lib/ldb/common/ldb_parse.c | 12 ++++- lib/ldb/pyldb.c | 53 ++++++++++++++++++++ lib/ldb/tests/python/api.py | 4 ++ lib/ldb/tests/test-generic.sh | 3 + lib/talloc/talloc.c | 23 +++++++++ lib/talloc/testsuite.c | 44 ++++++++++++++++ source4/scripting/python/samba/join.py | 4 +- .../scripting/python/samba/netcmd/delegation.py | 10 ++-- source4/scripting/python/samba/netcmd/domain.py | 2 +- source4/scripting/python/samba/netcmd/drs.py | 5 +- source4/scripting/python/samba/netcmd/gpo.py | 6 +- source4/scripting/python/samba/netcmd/rodc.py | 2 +- source4/scripting/python/samba/netcmd/spn.py | 8 ++-- source4/scripting/python/samba/netcmd/user.py | 8 ++-- source4/scripting/python/samba/samdb.py | 10 ++-- 15 files changed, 167 insertions(+), 27 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/ldb/common/ldb_parse.c b/lib/ldb/common/ldb_parse.c index b4eabf8..8c6c2d9 100644 --- a/lib/ldb/common/ldb_parse.c +++ b/lib/ldb/common/ldb_parse.c @@ -534,8 +534,18 @@ static struct ldb_parse_tree *ldb_parse_filterlist(TALLOC_CTX *mem_ctx, const ch while (isspace((unsigned char)*p)) p++; - while (*p && (next = ldb_parse_filter(ret->u.list.elements, &p))) { + while (*p) { + if (*p == ')') { + break; + } + + next = ldb_parse_filter(ret->u.list.elements, &p); struct ldb_parse_tree **e; + if (next == NULL) { + /* an invalid filter element */ + talloc_free(ret); + return NULL; + } e = talloc_realloc(ret, ret->u.list.elements, struct ldb_parse_tree *, ret->u.list.num_elements + 1); diff --git a/lib/ldb/pyldb.c b/lib/ldb/pyldb.c index adec424..c92d64d 100644 --- a/lib/ldb/pyldb.c +++ b/lib/ldb/pyldb.c @@ -3170,6 +3170,53 @@ static PyObject *py_valid_attr_name(PyObject *self, PyObject *args) return PyBool_FromLong(ldb_valid_attr_name(name)); } +/* + encode a string using RFC2254 rules + */ +static PyObject *py_binary_encode(PyObject *self, PyObject *args) +{ + char *str, *encoded; + Py_ssize_t size; + struct ldb_val val; + PyObject *ret; + + if (!PyArg_ParseTuple(args, "s#", &str, &size)) + return NULL; + val.data = (uint8_t *)str; + val.length = size; + + encoded = ldb_binary_encode(NULL, val); + if (encoded == NULL) { + PyErr_SetString(PyExc_TypeError, "unable to encode binary string"); + return NULL; + } + ret = PyString_FromString(encoded); + talloc_free(encoded); + return ret; +} + +/* + decode a string using RFC2254 rules + */ +static PyObject *py_binary_decode(PyObject *self, PyObject *args) +{ + char *str; + struct ldb_val val; + PyObject *ret; + + if (!PyArg_ParseTuple(args, "s", &str)) + return NULL; + + val = ldb_binary_decode(NULL, str); + if (val.data == NULL) { + PyErr_SetString(PyExc_TypeError, "unable to decode binary string"); + return NULL; + } + ret = Py_BuildValue("s#", val.data, val.length); + talloc_free(val.data); + return ret; +} + static PyMethodDef py_ldb_global_methods[] = { { "register_module", py_register_module, METH_VARARGS, "S.register_module(module) -> None\n" @@ -3185,6 +3232,12 @@ static PyMethodDef py_ldb_global_methods[] = { "Check whether the supplied name is a valid attribute name." }, { "open", (PyCFunction)py_ldb_new, METH_VARARGS|METH_KEYWORDS, NULL }, + { "binary_encode", py_binary_encode, METH_VARARGS, + "S.binary_encode(string) -> string\n" + "Perform a RFC2254 binary encoding on a string" }, + { "binary_decode", py_binary_decode, METH_VARARGS, + "S.binary_decode(string) -> string\n" + "Perform a RFC2254 binary decode on a string" }, { NULL } }; diff --git a/lib/ldb/tests/python/api.py b/lib/ldb/tests/python/api.py index bd10b0b..6a8df25 100755 --- a/lib/ldb/tests/python/api.py +++ b/lib/ldb/tests/python/api.py @@ -30,6 +30,10 @@ class NoContextTests(unittest.TestCase): self.assertEquals(0, ldb.string_to_time("19700101000000.0Z")) self.assertEquals(1195499412, ldb.string_to_time("20071119191012.0Z")) + def test_binary_encode(self): + encoded = self.binary_encode('test\\x') + decoded = self.binary_decode(encoded) + self.assertEquals(decoded, 'test\\x') class SimpleLdb(unittest.TestCase): diff --git a/lib/ldb/tests/test-generic.sh b/lib/ldb/tests/test-generic.sh index ae9ff73..7c3db4a 100755 --- a/lib/ldb/tests/test-generic.sh +++ b/lib/ldb/tests/test-generic.sh @@ -57,6 +57,9 @@ $VALGRIND ldbsearch$EXEEXT '(&(uid=uham)(uid=uham)(!(objectclass=xxx)))' || exi $VALGRIND ldbsearch$EXEEXT '(&(objectclass=person)(uid=uham)(!(uid=uhamxx)))' uid \* \+ dn || exit 1 $VALGRIND ldbsearch$EXEEXT '(&(uid=uham)(uid=uha*)(title=*))' uid || exit 1 +echo "Testing invalid search expression" +$VALGRIND ldbsearch$EXEEXT '(&(uid=uham)(title=foo\blah))' uid && exit 1 + # note that the "((" is treated as an attribute not an expression # this matches the openldap ldapsearch behaviour of looking for a '=' # to see if the first argument is an expression or not diff --git a/lib/talloc/talloc.c b/lib/talloc/talloc.c index 4700aa9..a820ebf 100644 --- a/lib/talloc/talloc.c +++ b/lib/talloc/talloc.c @@ -1282,6 +1282,7 @@ static inline void _talloc_free_children_internal(struct talloc_chunk *tc, */ _PUBLIC_ void talloc_free_children(void *ptr) { + struct talloc_chunk *tc_name = NULL; struct talloc_chunk *tc; if (unlikely(ptr == NULL)) { @@ -1290,7 +1291,29 @@ _PUBLIC_ void talloc_free_children(void *ptr) tc = talloc_chunk_from_ptr(ptr); + /* we do not want to free the context name if it is a child .. */ + if (likely(tc->child)) { + for (tc_name = tc->child; tc_name; tc_name = tc_name->next) { + if (tc->name == TC_PTR_FROM_CHUNK(tc_name)) break; + } + if (tc_name) { + _TLIST_REMOVE(tc->child, tc_name); + if (tc->child) { + tc->child->parent = tc; + } + } + } + _talloc_free_children_internal(tc, ptr, __location__); + + /* .. so we put it back after all other children have been freed */ + if (tc_name) { + if (tc->child) { + tc->child->parent = NULL; + } + tc_name->parent = tc; + _TLIST_ADD(tc->child, tc_name); + } } /* diff --git a/lib/talloc/testsuite.c b/lib/talloc/testsuite.c index 90417c6..b038d34 100644 --- a/lib/talloc/testsuite.c +++ b/lib/talloc/testsuite.c @@ -1320,6 +1320,48 @@ static bool test_rusty(void) return true; } +static bool test_free_children(void) +{ + void *root; + const char *p1, *p2, *name, *name2; + + talloc_enable_null_tracking(); + root = talloc_new(NULL); + p1 = talloc_strdup(root, "foo1"); + p2 = talloc_strdup(p1, "foo2"); + + talloc_set_name(p1, "%s", "testname"); + talloc_free_children(p1); + /* check its still a valid talloc ptr */ + talloc_get_size(talloc_get_name(p1)); + if (strcmp(talloc_get_name(p1), "testname") != 0) { + return false; + } + + talloc_set_name(p1, "%s", "testname"); + name = talloc_get_name(p1); + talloc_free_children(p1); + /* check its still a valid talloc ptr */ + talloc_get_size(talloc_get_name(p1)); + torture_assert("name", name == talloc_get_name(p1), "name ptr changed"); + torture_assert("namecheck", strcmp(talloc_get_name(p1), "testname") == 0, + "wrong name"); + CHECK_BLOCKS("name1", p1, 2); + + /* note that this does not free the old child name */ + talloc_set_name_const(p1, "testname2"); + name2 = talloc_get_name(p1); + /* but this does */ + talloc_free_children(p1); + torture_assert("namecheck", strcmp(talloc_get_name(p1), "testname2") == 0, + "wrong name"); + CHECK_BLOCKS("name1", p1, 1); + + talloc_report_full(root, stdout); + talloc_free(root); + return true; +} + static void test_reset(void) { @@ -1379,6 +1421,8 @@ bool torture_local_talloc(struct torture_context *tctx) ret &= test_free_ref_null_context(); test_reset(); ret &= test_rusty(); + test_reset(); + ret &= test_free_children(); if (ret) { test_reset(); diff --git a/source4/scripting/python/samba/join.py b/source4/scripting/python/samba/join.py index b586e2c..4495b52 100644 --- a/source4/scripting/python/samba/join.py +++ b/source4/scripting/python/samba/join.py @@ -147,7 +147,7 @@ class dc_join(object): # find the krbtgt link print("checking samaccountname") res = ctx.samdb.search(base=ctx.samdb.get_default_basedn(), - expression='samAccountName=%s' % ctx.samname, + expression='samAccountName=%s' % ldb.binary_encode(ctx.samname), attrs=["msDS-krbTgtLink"]) if res: ctx.del_noerror(res[0].dn, recursive=True) @@ -408,7 +408,7 @@ class dc_join(object): ctx.samdb.modify(m) print "Setting account password for %s" % ctx.samname - ctx.samdb.setpassword("(&(objectClass=user)(sAMAccountName=%s))" % ctx.samname, + ctx.samdb.setpassword("(&(objectClass=user)(sAMAccountName=%s))" % ldb.binary_encode(ctx.samname), ctx.acct_pass, force_change_at_next_login=False, username=ctx.samname) diff --git a/source4/scripting/python/samba/netcmd/delegation.py b/source4/scripting/python/samba/netcmd/delegation.py index 1980203..9aa8287 100644 --- a/source4/scripting/python/samba/netcmd/delegation.py +++ b/source4/scripting/python/samba/netcmd/delegation.py @@ -72,7 +72,7 @@ class cmd_delegation_show(Command): # to the correct domain (cleanedaccount, realm, domain) = _get_user_realm_domain(accountname) print "Searching for: %s" % (cleanedaccount) - res = sam.search(expression="sAMAccountName=%s" % cleanedaccount, + res = sam.search(expression="sAMAccountName=%s" % ldb.binary_encode(cleanedaccount), scope=ldb.SCOPE_SUBTREE, attrs=["userAccountControl", "msDS-AllowedToDelegateTo"]) if len(res) != 1: @@ -122,7 +122,7 @@ class cmd_delegation_for_any_service(Command): # to the correct domain (cleanedaccount, realm, domain) = _get_user_realm_domain(accountname) - search_filter = "sAMAccountName=%s" % cleanedaccount + search_filter = "sAMAccountName=%s" % ldb.binary_encode(cleanedaccount) flag = dsdb.UF_TRUSTED_FOR_DELEGATION try: sam.toggle_userAccountFlags(search_filter, flag, on=on, strict=True) @@ -154,7 +154,7 @@ class cmd_delegation_for_any_protocol(Command): # to the correct domain (cleanedaccount, realm, domain) = _get_user_realm_domain(accountname) - search_filter = "sAMAccountName=%s" % cleanedaccount + search_filter = "sAMAccountName=%s" % ldb.binary_encode(cleanedaccount) flag = dsdb.UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION try: sam.toggle_userAccountFlags(search_filter, flag, on=on, strict=True) @@ -178,7 +178,7 @@ class cmd_delegation_add_service(Command): # to the correct domain (cleanedaccount, realm, domain) = _get_user_realm_domain(accountname) - res = sam.search(expression="sAMAccountName=%s" % cleanedaccount, + res = sam.search(expression="sAMAccountName=%s" % ldb.binary_encode(cleanedaccount), scope=ldb.SCOPE_SUBTREE, attrs=["msDS-AllowedToDelegateTo"]) if len(res) != 1: @@ -211,7 +211,7 @@ class cmd_delegation_del_service(Command): # to the correct domain (cleanedaccount, realm, domain) = _get_user_realm_domain(accountname) - res = sam.search(expression="sAMAccountName=%s" % cleanedaccount, + res = sam.search(expression="sAMAccountName=%s" % ldb.binary_encode(cleanedaccount), scope=ldb.SCOPE_SUBTREE, attrs=["msDS-AllowedToDelegateTo"]) if len(res) != 1: diff --git a/source4/scripting/python/samba/netcmd/domain.py b/source4/scripting/python/samba/netcmd/domain.py index 8dffbd2..50b5d80 100644 --- a/source4/scripting/python/samba/netcmd/domain.py +++ b/source4/scripting/python/samba/netcmd/domain.py @@ -317,7 +317,7 @@ class cmd_domain_machinepassword(Command): secretsdb = Ldb(url=url, session_info=system_session(), credentials=creds, lp=lp) result = secretsdb.search(attrs=["secret"], - expression="(&(objectclass=primaryDomain)(samaccountname=%s))" % secret) + expression="(&(objectclass=primaryDomain)(samaccountname=%s))" % ldb.binary_encode(secret)) if len(result) != 1: raise CommandError("search returned %d records, expected 1" % len(result)) diff --git a/source4/scripting/python/samba/netcmd/drs.py b/source4/scripting/python/samba/netcmd/drs.py index f9b55f4..e9cd540 100644 --- a/source4/scripting/python/samba/netcmd/drs.py +++ b/source4/scripting/python/samba/netcmd/drs.py @@ -287,8 +287,9 @@ class cmd_drs_replicate(Command): # we need to find the NTDS GUID of the source DC msg = self.samdb.search(base=self.samdb.get_config_basedn(), - expression="(&(objectCategory=server)(|(name=%s)(dNSHostName=%s)))" % (SOURCE_DC, - SOURCE_DC), + expression="(&(objectCategory=server)(|(name=%s)(dNSHostName=%s)))" % ( + ldb.binary_encode(SOURCE_DC), + ldb.binary_encode(SOURCE_DC)), attrs=[]) if len(msg) == 0: raise CommandError("Failed to find source DC %s" % SOURCE_DC) diff --git a/source4/scripting/python/samba/netcmd/gpo.py b/source4/scripting/python/samba/netcmd/gpo.py index 72c157d..e59b79d 100644 --- a/source4/scripting/python/samba/netcmd/gpo.py +++ b/source4/scripting/python/samba/netcmd/gpo.py @@ -131,10 +131,10 @@ def get_gpo_info(samdb, gpo=None, displayname=None, dn=None): search_scope = ldb.SCOPE_ONELEVEL if gpo is not None: - search_expr = "(&(objectClass=groupPolicyContainer)(name=%s))" % gpo + search_expr = "(&(objectClass=groupPolicyContainer)(name=%s))" % ldb.binary_encode(gpo) if displayname is not None: - search_expr = "(&(objectClass=groupPolicyContainer)(displayname=%s))" % displayname + search_expr = "(&(objectClass=groupPolicyContainer)(displayname=%s))" % ldb.binary_encode(displayname) if dn is not None: base_dn = dn @@ -253,7 +253,7 @@ class cmd_list(Command): try: msg = self.samdb.search(expression='(&(|(samAccountName=%s)(samAccountName=%s$))(objectClass=User))' % - (username,username)) + (ldb.binary_encode(username),ldb.binary_encode(username))) user_dn = msg[0].dn except Exception, e: raise CommandError("Failed to find account %s" % username, e) diff --git a/source4/scripting/python/samba/netcmd/rodc.py b/source4/scripting/python/samba/netcmd/rodc.py index 411221e..75c326f 100644 --- a/source4/scripting/python/samba/netcmd/rodc.py +++ b/source4/scripting/python/samba/netcmd/rodc.py @@ -52,7 +52,7 @@ class cmd_rodc_preload(Command): expression="objectclass=user", scope=ldb.SCOPE_BASE, attrs=[]) else: - res = samdb.search(expression="(&(samAccountName=%s)(objectclass=user))" % account, + res = samdb.search(expression="(&(samAccountName=%s)(objectclass=user))" % ldb.binary_encode(account), scope=ldb.SCOPE_SUBTREE, attrs=[]) if len(res) != 1: raise Exception("Failed to find account '%s'" % account) diff --git a/source4/scripting/python/samba/netcmd/spn.py b/source4/scripting/python/samba/netcmd/spn.py index e81cdce..672f140 100644 --- a/source4/scripting/python/samba/netcmd/spn.py +++ b/source4/scripting/python/samba/netcmd/spn.py @@ -69,7 +69,7 @@ class cmd_spn_list(Command): # to the correct domain (cleaneduser, realm, domain) = _get_user_realm_domain(user) print cleaneduser - res = sam.search(expression="samaccountname=%s" % cleaneduser, + res = sam.search(expression="samaccountname=%s" % ldb.binary_encode(cleaneduser), scope=ldb.SCOPE_SUBTREE, attrs=["servicePrincipalName"]) if len(res) >0: @@ -102,7 +102,7 @@ class cmd_spn_add(Command): paths = provision.provision_paths_from_lp(lp, lp.get("realm")) sam = SamDB(paths.samdb, session_info=system_session(), credentials=creds, lp=lp) - res = sam.search(expression="servicePrincipalName=%s" % name, + res = sam.search(expression="servicePrincipalName=%s" % ldb.binary_encode(name), scope=ldb.SCOPE_SUBTREE, ) if len(res) != 0 and not force: @@ -110,7 +110,7 @@ class cmd_spn_add(Command): " affected to another user" % name) (cleaneduser, realm, domain) = _get_user_realm_domain(user) - res = sam.search(expression="samaccountname=%s" % cleaneduser, + res = sam.search(expression="samaccountname=%s" % ldb.binary_encode(cleaneduser), scope=ldb.SCOPE_SUBTREE, attrs=["servicePrincipalName"]) if len(res) >0: @@ -151,7 +151,7 @@ class cmd_spn_delete(Command): paths = provision.provision_paths_from_lp(lp, lp.get("realm")) sam = SamDB(paths.samdb, session_info=system_session(), credentials=creds, lp=lp) - res = sam.search(expression="servicePrincipalName=%s" % name, + res = sam.search(expression="servicePrincipalName=%s" % ldb.binary_encode(name), scope=ldb.SCOPE_SUBTREE, attrs=["servicePrincipalName", "samAccountName"]) if len(res) >0: diff --git a/source4/scripting/python/samba/netcmd/user.py b/source4/scripting/python/samba/netcmd/user.py index 96a198a..88d93e3 100644 --- a/source4/scripting/python/samba/netcmd/user.py +++ b/source4/scripting/python/samba/netcmd/user.py @@ -21,7 +21,7 @@ # import samba.getopt as options -import sys +import sys, ldb from getpass import getpass from samba.auth import system_session from samba.samdb import SamDB @@ -142,7 +142,7 @@ class cmd_user_enable(Command): raise CommandError("Either the username or '--filter' must be specified!") if filter is None: - filter = "(&(objectClass=user)(sAMAccountName=%s))" % (username) + filter = "(&(objectClass=user)(sAMAccountName=%s))" % (ldb.binary_encode(username)) lp = sambaopts.get_loadparm() creds = credopts.get_credentials(lp, fallback_machine=True) @@ -178,7 +178,7 @@ class cmd_user_setexpiry(Command): raise CommandError("Either the username or '--filter' must be specified!") if filter is None: - filter = "(&(objectClass=user)(sAMAccountName=%s))" % (username) + filter = "(&(objectClass=user)(sAMAccountName=%s))" % (ldb.binary_encode(username)) lp = sambaopts.get_loadparm() creds = credopts.get_credentials(lp) @@ -258,7 +258,7 @@ class cmd_user_setpassword(Command): password = getpass("New Password: ") if filter is None: - filter = "(&(objectClass=user)(sAMAccountName=%s))" % (username) + filter = "(&(objectClass=user)(sAMAccountName=%s))" % (ldb.binary_encode(username)) lp = sambaopts.get_loadparm() creds = credopts.get_credentials(lp) diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py index a7ed1d2..6f39535 100644 --- a/source4/scripting/python/samba/samdb.py +++ b/source4/scripting/python/samba/samdb.py @@ -189,7 +189,7 @@ pwdLastSet: 0 :param groupname: Name of the target group """ - groupfilter = "(&(sAMAccountName=%s)(objectCategory=%s,%s))" % (groupname, "CN=Group,CN=Schema,CN=Configuration", self.domain_dn()) + groupfilter = "(&(sAMAccountName=%s)(objectCategory=%s,%s))" % (ldb.binary_encode(groupname), "CN=Group,CN=Schema,CN=Configuration", self.domain_dn()) self.transaction_start() try: targetgroup = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE, @@ -214,7 +214,8 @@ pwdLastSet: 0 operation """ - groupfilter = "(&(sAMAccountName=%s)(objectCategory=%s,%s))" % (groupname, "CN=Group,CN=Schema,CN=Configuration", self.domain_dn()) + groupfilter = "(&(sAMAccountName=%s)(objectCategory=%s,%s))" % ( + ldb.binary_encode(groupname), "CN=Group,CN=Schema,CN=Configuration", self.domain_dn()) groupmembers = listofmembers.split(',') self.transaction_start() @@ -234,7 +235,8 @@ changetype: modify for member in groupmembers: targetmember = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE, - expression="(|(sAMAccountName=%s)(CN=%s))" % (member, member), attrs=[]) + expression="(|(sAMAccountName=%s)(CN=%s))" % ( + ldb.binary_encode(member), ldb.binary_encode(member)), attrs=[]) if len(targetmember) != 1: continue @@ -378,7 +380,7 @@ member: %s # Sets the password for it if setpassword: - self.setpassword("(samAccountName=%s)" % username, password, + self.setpassword("(samAccountName=%s)" % ldb.binary_encode(username), password, force_password_change_at_next_login_req) except Exception: self.transaction_cancel() -- Samba Shared Repository