sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-05 12:22:11 +03:00
Code Activity

samba-tool: use ldb.binary_encode() on search expression elements

Browse Source 
this allows us to deal with search elements containing characters that
must be escaped in LDAP

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
This commit is contained in:
Andrew Tridgell
2011-07-28 17:14:28 +10:00
parent 8dda0ef57f
commit 03f92508ef
9 changed files with 27 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
source4/scripting/python/samba/netcmd/delegation.py
View File

@ -72,7 +72,7 @@ class cmd_delegation_show(Command):
# to the correct domain
(cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
print "Searching for: %s" % (cleanedaccount)
res = sam.search(expression="sAMAccountName=%s" % cleanedaccount,
res = sam.search(expression="sAMAccountName=%s" % ldb.binary_encode(cleanedaccount),
scope=ldb.SCOPE_SUBTREE,
attrs=["userAccountControl", "msDS-AllowedToDelegateTo"])
if len(res) != 1:
@ -122,7 +122,7 @@ class cmd_delegation_for_any_service(Command):
# to the correct domain
(cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
search_filter = "sAMAccountName=%s" % cleanedaccount
search_filter = "sAMAccountName=%s" % ldb.binary_encode(cleanedaccount)
flag = dsdb.UF_TRUSTED_FOR_DELEGATION
try:
sam.toggle_userAccountFlags(search_filter, flag, on=on, strict=True)
@ -154,7 +154,7 @@ class cmd_delegation_for_any_protocol(Command):
# to the correct domain
(cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
search_filter = "sAMAccountName=%s" % cleanedaccount
search_filter = "sAMAccountName=%s" % ldb.binary_encode(cleanedaccount)
flag = dsdb.UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
try:
sam.toggle_userAccountFlags(search_filter, flag, on=on, strict=True)
@ -178,7 +178,7 @@ class cmd_delegation_add_service(Command):
# to the correct domain
(cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
res = sam.search(expression="sAMAccountName=%s" % cleanedaccount,
res = sam.search(expression="sAMAccountName=%s" % ldb.binary_encode(cleanedaccount),
scope=ldb.SCOPE_SUBTREE,
attrs=["msDS-AllowedToDelegateTo"])
if len(res) != 1:
@ -211,7 +211,7 @@ class cmd_delegation_del_service(Command):
# to the correct domain
(cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
res = sam.search(expression="sAMAccountName=%s" % cleanedaccount,
res = sam.search(expression="sAMAccountName=%s" % ldb.binary_encode(cleanedaccount),
scope=ldb.SCOPE_SUBTREE,
attrs=["msDS-AllowedToDelegateTo"])
if len(res) != 1:

2
source4/scripting/python/samba/netcmd/domain.py
View File

@ -317,7 +317,7 @@ class cmd_domain_machinepassword(Command):
secretsdb = Ldb(url=url, session_info=system_session(),
credentials=creds, lp=lp)
result = secretsdb.search(attrs=["secret"],
expression="(&(objectclass=primaryDomain)(samaccountname=%s))" % secret)
expression="(&(objectclass=primaryDomain)(samaccountname=%s))" % ldb.binary_encode(secret))
if len(result) != 1:
raise CommandError("search returned %d records, expected 1" % len(result))

5
source4/scripting/python/samba/netcmd/drs.py
View File

@ -287,8 +287,9 @@ class cmd_drs_replicate(Command):
# we need to find the NTDS GUID of the source DC
msg = self.samdb.search(base=self.samdb.get_config_basedn(),
expression="(&(objectCategory=server)(|(name=%s)(dNSHostName=%s)))" % (SOURCE_DC,
SOURCE_DC),
expression="(&(objectCategory=server)(|(name=%s)(dNSHostName=%s)))" % (
ldb.binary_encode(SOURCE_DC),
ldb.binary_encode(SOURCE_DC)),
attrs=[])
if len(msg) == 0:
raise CommandError("Failed to find source DC %s" % SOURCE_DC)

6
source4/scripting/python/samba/netcmd/gpo.py
View File

@ -131,10 +131,10 @@ def get_gpo_info(samdb, gpo=None, displayname=None, dn=None):
search_scope = ldb.SCOPE_ONELEVEL
if gpo is not None:
search_expr = "(&(objectClass=groupPolicyContainer)(name=%s))" % gpo
search_expr = "(&(objectClass=groupPolicyContainer)(name=%s))" % ldb.binary_encode(gpo)
if displayname is not None:
search_expr = "(&(objectClass=groupPolicyContainer)(displayname=%s))" % displayname
search_expr = "(&(objectClass=groupPolicyContainer)(displayname=%s))" % ldb.binary_encode(displayname)
if dn is not None:
base_dn = dn
@ -253,7 +253,7 @@ class cmd_list(Command):
try:
msg = self.samdb.search(expression='(&(|(samAccountName=%s)(samAccountName=%s$))(objectClass=User))' %
(username,username))
(ldb.binary_encode(username),ldb.binary_encode(username)))
user_dn = msg[0].dn
except Exception, e:
raise CommandError("Failed to find account %s" % username, e)

2
source4/scripting/python/samba/netcmd/rodc.py
View File

@ -52,7 +52,7 @@ class cmd_rodc_preload(Command):
expression="objectclass=user",
scope=ldb.SCOPE_BASE, attrs=[])
else:
res = samdb.search(expression="(&(samAccountName=%s)(objectclass=user))" % account,
res = samdb.search(expression="(&(samAccountName=%s)(objectclass=user))" % ldb.binary_encode(account),
scope=ldb.SCOPE_SUBTREE, attrs=[])
if len(res) != 1:
raise Exception("Failed to find account '%s'" % account)

8
source4/scripting/python/samba/netcmd/spn.py
View File

@ -69,7 +69,7 @@ class cmd_spn_list(Command):
# to the correct domain
(cleaneduser, realm, domain) = _get_user_realm_domain(user)
print cleaneduser
res = sam.search(expression="samaccountname=%s" % cleaneduser,
res = sam.search(expression="samaccountname=%s" % ldb.binary_encode(cleaneduser),
scope=ldb.SCOPE_SUBTREE,
attrs=["servicePrincipalName"])
if len(res) >0:
@ -102,7 +102,7 @@ class cmd_spn_add(Command):
paths = provision.provision_paths_from_lp(lp, lp.get("realm"))
sam = SamDB(paths.samdb, session_info=system_session(),
credentials=creds, lp=lp)
res = sam.search(expression="servicePrincipalName=%s" % name,
res = sam.search(expression="servicePrincipalName=%s" % ldb.binary_encode(name),
scope=ldb.SCOPE_SUBTREE,
)
if len(res) != 0 and not force:
@ -110,7 +110,7 @@ class cmd_spn_add(Command):
" affected to another user" % name)
(cleaneduser, realm, domain) = _get_user_realm_domain(user)
res = sam.search(expression="samaccountname=%s" % cleaneduser,
res = sam.search(expression="samaccountname=%s" % ldb.binary_encode(cleaneduser),
scope=ldb.SCOPE_SUBTREE,
attrs=["servicePrincipalName"])
if len(res) >0:
@ -151,7 +151,7 @@ class cmd_spn_delete(Command):
paths = provision.provision_paths_from_lp(lp, lp.get("realm"))
sam = SamDB(paths.samdb, session_info=system_session(),
credentials=creds, lp=lp)
res = sam.search(expression="servicePrincipalName=%s" % name,
res = sam.search(expression="servicePrincipalName=%s" % ldb.binary_encode(name),
scope=ldb.SCOPE_SUBTREE,
attrs=["servicePrincipalName", "samAccountName"])
if len(res) >0:

4
source4/scripting/python/samba/netcmd/user.py
View File

@ -142,7 +142,7 @@ class cmd_user_enable(Command):
raise CommandError("Either the username or '--filter' must be specified!")
if filter is None:
filter = "(&(objectClass=user)(sAMAccountName=%s))" % (username)
filter = "(&(objectClass=user)(sAMAccountName=%s))" % (ldb.binary_encode(username))
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp, fallback_machine=True)
@ -178,7 +178,7 @@ class cmd_user_setexpiry(Command):
raise CommandError("Either the username or '--filter' must be specified!")
if filter is None:
filter = "(&(objectClass=user)(sAMAccountName=%s))" % (username)
filter = "(&(objectClass=user)(sAMAccountName=%s))" % (ldb.binary_encode(username))
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)