#VERIFICATION FOR XENIAL (1.13.4-1ubuntu1.5) Using the following script to test "faulty" users (with trailing /r /n):
ubuntu@vtapia-xenial:~$ cat san.sh #!/bin/bash echo '- SSSD version' dpkg -l | grep sssd-common echo '- Query "user1"' sss_cache -E; getent passwd 'user1' ldbsearch -H /var/lib/sss/db/cache_openstacklocal.ldb -b name=user1,cn=users,cn=openstacklocal,cn=sysdb 2>&1 | grep entries echo '- Query "user1\n"' sudo sss_cache -E; getent passwd 'user1 ' ldbsearch -H /var/lib/sss/db/cache_openstacklocal.ldb -b name=user1,cn=users,cn=openstacklocal,cn=sysdb 2>&1 | grep entries echo '- Query "user1\r"' sudo sss_cache -E; getent passwd $(echo -e "user1\r") ldbsearch -H /var/lib/sss/db/cache_openstacklocal.ldb -b name=user1,cn=users,cn=openstacklocal,cn=sysdb 2>&1 | grep entries echo '- SSSD log' grep 'calling ldap_search_ext with' /var/log/sssd/sssd_openstacklocal.log | grep user1 | tail -n3 I can confirm the bug is fixed: ubuntu@vtapia-xenial:~$ sudo ./san.sh - SSSD version ii sssd-common 1.13.4-1ubuntu1.5 amd64 System Security Services Daemon -- common files - Query "user1" user1:*:10000:5000:user1:/home/user1:/bin/bash # 1 entries - Query "user1\n" # 1 entries - Query "user1\r" # 1 entries - SSSD log (Thu May 4 10:51:52 2017) [sssd[be[openstacklocal]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(uid=user1)(objectclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))][dc=openstacklocal]. (Thu May 4 10:51:52 2017) [sssd[be[openstacklocal]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(uid=user1\0a)(objectclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))][dc=openstacklocal]. (Thu May 4 10:51:52 2017) [sssd[be[openstacklocal]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(uid=user1\0d)(objectclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))][dc=openstacklocal]. The correct entry persists as the queries are sanitized (user\0a / user\0d) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1669712 Title: Newline characters (\n) must be sanitized before LDAP requests take place. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1669712/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
