ehlo, attached patches should fix https://fedorahosted.org/sssd/ticket/2163
LS
>From 14793ec8ed31560eb9792a658ddcd5881bb4af79 Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik <lsleb...@redhat.com> Date: Mon, 25 Nov 2013 13:43:30 +0100 Subject: [PATCH 1/2] SYSDB: Sanitize filter before sysdb_search_groups sysdb_delete_user fails with EIO if user does not exist and contains backslashes. ldb could not parse filter (&(objectclass=group)(ghost=usr\\\\001)), because ghost value was not sanitized Resolves: https://fedorahosted.org/sssd/ticket/2163 --- src/db/sysdb_ops.c | 9 ++++++++- src/tests/sysdb-tests.c | 4 ++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index c08415b095ce96623b88d7a47131324652bc88ac..b4ed202cc0c14fb35fa64439f5a19d7656cbbb30 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -2502,6 +2502,7 @@ int sysdb_delete_user(struct sss_domain_info *domain, struct ldb_message *msg; int ret; int i; + char *sanitized_name; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { @@ -2539,7 +2540,13 @@ int sysdb_delete_user(struct sss_domain_info *domain, } } else if (ret == ENOENT && name != NULL) { /* Perhaps a ghost user? */ - filter = talloc_asprintf(tmp_ctx, "(%s=%s)", SYSDB_GHOST, name); + ret = sss_filter_sanitize(tmp_ctx, name, &sanitized_name); + if (ret != EOK) { + goto fail; + } + + filter = talloc_asprintf(tmp_ctx, "(%s=%s)", + SYSDB_GHOST, sanitized_name); if (filter == NULL) { ret = ENOMEM; goto fail; diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c index f7e0638b51013ea3e7dd830ef50242a15dacd48f..9880ba0c7f3379e17bc17e281676870981fcdc47 100644 --- a/src/tests/sysdb-tests.c +++ b/src/tests/sysdb-tests.c @@ -3916,6 +3916,10 @@ START_TEST(test_odd_characters) fail_unless(ret == EOK, "sysdb_delete_user error [%d][%s]", ret, strerror(ret)); + /* Delete non existing User */ + ret = sysdb_delete_user(test_ctx->domain, odd_username, 10000); + fail_unless(ret == ENOENT, "sysdb_delete_user error [%d][%s]", + ret, strerror(ret)); /* Delete Group */ ret = sysdb_delete_group(test_ctx->domain, odd_groupname, 20000); -- 1.8.4.2
>From aec5a31d4433188a6fdb7829d949f60bf523ea99 Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik <lsleb...@redhat.com> Date: Mon, 25 Nov 2013 16:01:59 +0100 Subject: [PATCH 2/2] SYSDB: Sanitize filter before removing ghost attrs sysdb_add_user fails with EIO if enumeration is disabled and user contains backslashes. We try to remove ghost attributes from groups with disabled enumeration, but unsanitized filter is used to find ghost attributes "(|(ghost=usr\\\\002)" and ldb cannot parse this filter. Resolves: https://fedorahosted.org/sssd/ticket/2163 --- src/db/sysdb_ops.c | 9 ++++++++- src/tests/sysdb-tests.c | 18 ++++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index b4ed202cc0c14fb35fa64439f5a19d7656cbbb30..327345212e3df2a6ab60819a42701bbd8b9d7357 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -1082,6 +1082,7 @@ sysdb_remove_ghostattr_from_groups(struct sss_domain_info *domain, struct ldb_dn *tmpdn; const char *group_attrs[] = {SYSDB_NAME, SYSDB_GHOST, SYSDB_ORIG_MEMBER, NULL}; const char *userdn; + char *sanitized_name; char *filter; errno_t ret = EOK; size_t group_count = 0; @@ -1092,7 +1093,13 @@ sysdb_remove_ghostattr_from_groups(struct sss_domain_info *domain, return ENOENT; } - filter = talloc_asprintf(tmp_ctx, "(|(%s=%s)", SYSDB_GHOST, name); + ret = sss_filter_sanitize(tmp_ctx, name, &sanitized_name); + if (ret != EOK) { + goto done; + } + + filter = talloc_asprintf(tmp_ctx, "(|(%s=%s)", + SYSDB_GHOST, sanitized_name); if (!filter) { ret = ENOMEM; goto done; diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c index 9880ba0c7f3379e17bc17e281676870981fcdc47..5ec4caafe5d016d6af1053678b90723b7631b356 100644 --- a/src/tests/sysdb-tests.c +++ b/src/tests/sysdb-tests.c @@ -3823,6 +3823,8 @@ START_TEST(test_odd_characters) struct ldb_message *msg; const struct ldb_val *val; const char odd_username[] = "*(odd)\\user,name"; + const char odd_username_orig_dn[] = + "*(odd)\\5Cuser,name,cn=users,dc=example,dc=com"; const char odd_groupname[] = "*(odd\\*)\\group,name"; const char odd_netgroupname[] = "*(odd\\*)\\netgroup,name"; const char *received_user; @@ -3926,6 +3928,21 @@ START_TEST(test_odd_characters) fail_unless(ret == EOK, "sysdb_delete_group error [%d][%s]", ret, strerror(ret)); + /* Add */ + ret = sysdb_add_user(test_ctx->domain, + odd_username, + 10000, 0, + "","","", + odd_username_orig_dn, + NULL, 5400, 0); + fail_unless(ret == EOK, "sysdb_add_user error [%d][%s]", + ret, strerror(ret)); + + /* Delete User */ + ret = sysdb_delete_user(test_ctx->domain, odd_username, 10000); + fail_unless(ret == EOK, "sysdb_delete_user error [%d][%s]", + ret, strerror(ret)); + /* ===== Netgroups ===== */ /* Add */ ret = sysdb_add_netgroup(test_ctx->domain, @@ -5286,6 +5303,7 @@ int main(int argc, const char *argv[]) { sysdb_suite = create_sysdb_suite(); sr = srunner_create(sysdb_suite); + srunner_set_fork_status(sr, CK_NOFORK); /* If CK_VERBOSITY is set, use that, otherwise it defaults to CK_NORMAL */ srunner_run_all(sr, CK_ENV); failure_count = srunner_ntests_failed(sr); -- 1.8.4.2
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
