Hi,
Kaushik found a code path where we didn't sanitize the user name. To
reproduce it try to authentication as an LDAP user with a user name like
'user\01'. It is important to have '\0' followed by other characters in
the name.
The attached patch should fix the issue. The related trac ticket is
#639.
bye,
Sumit
From 16845181d50edf4f63b83ad8df3a9ca8467acdbf Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Wed, 25 May 2011 10:54:17 +0200
Subject: [PATCH] Sanitize username during initgroups call
---
src/providers/ldap/sdap_async_accounts.c | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletions(-)
diff --git a/src/providers/ldap/sdap_async_accounts.c
b/src/providers/ldap/sdap_async_accounts.c
index d34b884..df5feac 100644
--- a/src/providers/ldap/sdap_async_accounts.c
+++ b/src/providers/ldap/sdap_async_accounts.c
@@ -3007,6 +3007,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX
*memctx,
const char *base_dn;
char *filter;
int ret;
+ char *clean_name;
DEBUG(9, ("Retrieving info for initgroups call\n"));
@@ -3023,9 +3024,14 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX
*memctx,
state->grp_attrs = grp_attrs;
state->orig_user = NULL;
+ ret = sss_filter_sanitize(state, name, &clean_name);
+ if (ret != EOK) {
+ return NULL;
+ }
+
filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s))",
state->opts->user_map[SDAP_AT_USER_NAME].name,
- state->name,
+ clean_name,
state->opts->user_map[SDAP_OC_USER].name);
if (!filter) {
talloc_zfree(req);
--
1.7.5.1
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
