sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

samba-tool: use ldb.binary_encode() on search expression elements

Browse Source 
this allows us to deal with search elements containing characters that
must be escaped in LDAP

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
This commit is contained in:
Andrew Tridgell 2011-07-28 17:14:28 +10:00
parent 8dda0ef57f
commit 03f92508ef
9 changed files with 27 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
source4/scripting/python/samba/join.py
View File

@ -147,7 +147,7 @@ class dc_join(object):
# find the krbtgt link
print("checking samaccountname")
res = ctx.samdb.search(base=ctx.samdb.get_default_basedn(),
expression='samAccountName=%s' % ctx.samname,
expression='samAccountName=%s' % ldb.binary_encode(ctx.samname),
attrs=["msDS-krbTgtLink"])
if res:
ctx.del_noerror(res[0].dn, recursive=True)
@ -408,7 +408,7 @@ class dc_join(object):
ctx.samdb.modify(m)
print "Setting account password for %s" % ctx.samname
ctx.samdb.setpassword("(&(objectClass=user)(sAMAccountName=%s))" % ctx.samname,
ctx.samdb.setpassword("(&(objectClass=user)(sAMAccountName=%s))" % ldb.binary_encode(ctx.samname),
ctx.acct_pass,
force_change_at_next_login=False,
username=ctx.samname)

10
source4/scripting/python/samba/netcmd/delegation.py
View File

@ -72,7 +72,7 @@ class cmd_delegation_show(Command):
# to the correct domain
(cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
print "Searching for: %s" % (cleanedaccount)
res = sam.search(expression="sAMAccountName=%s" % cleanedaccount,
res = sam.search(expression="sAMAccountName=%s" % ldb.binary_encode(cleanedaccount),
scope=ldb.SCOPE_SUBTREE,
attrs=["userAccountControl", "msDS-AllowedToDelegateTo"])
if len(res) != 1:
@ -122,7 +122,7 @@ class cmd_delegation_for_any_service(Command):
# to the correct domain
(cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
search_filter = "sAMAccountName=%s" % cleanedaccount
search_filter = "sAMAccountName=%s" % ldb.binary_encode(cleanedaccount)
flag = dsdb.UF_TRUSTED_FOR_DELEGATION
try:
sam.toggle_userAccountFlags(search_filter, flag, on=on, strict=True)
@ -154,7 +154,7 @@ class cmd_delegation_for_any_protocol(Command):
# to the correct domain
(cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
search_filter = "sAMAccountName=%s" % cleanedaccount
search_filter = "sAMAccountName=%s" % ldb.binary_encode(cleanedaccount)
flag = dsdb.UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
try:
sam.toggle_userAccountFlags(search_filter, flag, on=on, strict=True)
@ -178,7 +178,7 @@ class cmd_delegation_add_service(Command):
# to the correct domain
(cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
res = sam.search(expression="sAMAccountName=%s" % cleanedaccount,
res = sam.search(expression="sAMAccountName=%s" % ldb.binary_encode(cleanedaccount),
scope=ldb.SCOPE_SUBTREE,
attrs=["msDS-AllowedToDelegateTo"])
if len(res) != 1:
@ -211,7 +211,7 @@ class cmd_delegation_del_service(Command):
# to the correct domain
(cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
res = sam.search(expression="sAMAccountName=%s" % cleanedaccount,
res = sam.search(expression="sAMAccountName=%s" % ldb.binary_encode(cleanedaccount),
scope=ldb.SCOPE_SUBTREE,
attrs=["msDS-AllowedToDelegateTo"])
if len(res) != 1:

2
source4/scripting/python/samba/netcmd/domain.py
View File

@ -317,7 +317,7 @@ class cmd_domain_machinepassword(Command):
secretsdb = Ldb(url=url, session_info=system_session(),
credentials=creds, lp=lp)
result = secretsdb.search(attrs=["secret"],
expression="(&(objectclass=primaryDomain)(samaccountname=%s))" % secret)
expression="(&(objectclass=primaryDomain)(samaccountname=%s))" % ldb.binary_encode(secret))
if len(result) != 1:
raise CommandError("search returned %d records, expected 1" % len(result))

5
source4/scripting/python/samba/netcmd/drs.py
View File

@ -287,8 +287,9 @@ class cmd_drs_replicate(Command):
# we need to find the NTDS GUID of the source DC
msg = self.samdb.search(base=self.samdb.get_config_basedn(),
expression="(&(objectCategory=server)(|(name=%s)(dNSHostName=%s)))" % (SOURCE_DC,
SOURCE_DC),
expression="(&(objectCategory=server)(|(name=%s)(dNSHostName=%s)))" % (
ldb.binary_encode(SOURCE_DC),
ldb.binary_encode(SOURCE_DC)),
attrs=[])
if len(msg) == 0:
raise CommandError("Failed to find source DC %s" % SOURCE_DC)

6
source4/scripting/python/samba/netcmd/gpo.py
View File

@ -131,10 +131,10 @@ def get_gpo_info(samdb, gpo=None, displayname=None, dn=None):
search_scope = ldb.SCOPE_ONELEVEL
if gpo is not None:
search_expr = "(&(objectClass=groupPolicyContainer)(name=%s))" % gpo
search_expr = "(&(objectClass=groupPolicyContainer)(name=%s))" % ldb.binary_encode(gpo)
if displayname is not None:
search_expr = "(&(objectClass=groupPolicyContainer)(displayname=%s))" % displayname
search_expr = "(&(objectClass=groupPolicyContainer)(displayname=%s))" % ldb.binary_encode(displayname)
if dn is not None:
base_dn = dn
@ -253,7 +253,7 @@ class cmd_list(Command):
try:
msg = self.samdb.search(expression='(&(|(samAccountName=%s)(samAccountName=%s$))(objectClass=User))' %
(username,username))
(ldb.binary_encode(username),ldb.binary_encode(username)))
user_dn = msg[0].dn
except Exception, e:
raise CommandError("Failed to find account %s" % username, e)

2
source4/scripting/python/samba/netcmd/rodc.py
View File

@ -52,7 +52,7 @@ class cmd_rodc_preload(Command):
expression="objectclass=user",
scope=ldb.SCOPE_BASE, attrs=[])
else:
res = samdb.search(expression="(&(samAccountName=%s)(objectclass=user))" % account,
res = samdb.search(expression="(&(samAccountName=%s)(objectclass=user))" % ldb.binary_encode(account),
scope=ldb.SCOPE_SUBTREE, attrs=[])
if len(res) != 1:
raise Exception("Failed to find account '%s'" % account)

8
source4/scripting/python/samba/netcmd/spn.py
View File

@ -69,7 +69,7 @@ class cmd_spn_list(Command):
# to the correct domain
(cleaneduser, realm, domain) = _get_user_realm_domain(user)
print cleaneduser
res = sam.search(expression="samaccountname=%s" % cleaneduser,
res = sam.search(expression="samaccountname=%s" % ldb.binary_encode(cleaneduser),
scope=ldb.SCOPE_SUBTREE,
attrs=["servicePrincipalName"])
if len(res) >0:
@ -102,7 +102,7 @@ class cmd_spn_add(Command):
paths = provision.provision_paths_from_lp(lp, lp.get("realm"))
sam = SamDB(paths.samdb, session_info=system_session(),
credentials=creds, lp=lp)
res = sam.search(expression="servicePrincipalName=%s" % name,
res = sam.search(expression="servicePrincipalName=%s" % ldb.binary_encode(name),
scope=ldb.SCOPE_SUBTREE,
)
if len(res) != 0 and not force:
@ -110,7 +110,7 @@ class cmd_spn_add(Command):
" affected to another user" % name)
(cleaneduser, realm, domain) = _get_user_realm_domain(user)
res = sam.search(expression="samaccountname=%s" % cleaneduser,
res = sam.search(expression="samaccountname=%s" % ldb.binary_encode(cleaneduser),
scope=ldb.SCOPE_SUBTREE,
attrs=["servicePrincipalName"])
if len(res) >0:
@ -151,7 +151,7 @@ class cmd_spn_delete(Command):
paths = provision.provision_paths_from_lp(lp, lp.get("realm"))
sam = SamDB(paths.samdb, session_info=system_session(),
credentials=creds, lp=lp)
res = sam.search(expression="servicePrincipalName=%s" % name,
res = sam.search(expression="servicePrincipalName=%s" % ldb.binary_encode(name),
scope=ldb.SCOPE_SUBTREE,
attrs=["servicePrincipalName", "samAccountName"])
if len(res) >0:

4
source4/scripting/python/samba/netcmd/user.py
View File

@ -142,7 +142,7 @@ class cmd_user_enable(Command):
raise CommandError("Either the username or '--filter' must be specified!")
if filter is None:
filter = "(&(objectClass=user)(sAMAccountName=%s))" % (username)
filter = "(&(objectClass=user)(sAMAccountName=%s))" % (ldb.binary_encode(username))
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp, fallback_machine=True)
@ -178,7 +178,7 @@ class cmd_user_setexpiry(Command):
raise CommandError("Either the username or '--filter' must be specified!")
if filter is None:
filter = "(&(objectClass=user)(sAMAccountName=%s))" % (username)
filter = "(&(objectClass=user)(sAMAccountName=%s))" % (ldb.binary_encode(username))
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)

10
source4/scripting/python/samba/samdb.py
View File

@ -189,7 +189,7 @@ pwdLastSet: 0
:param groupname: Name of the target group
"""
groupfilter = "(&(sAMAccountName=%s)(objectCategory=%s,%s))" % (groupname, "CN=Group,CN=Schema,CN=Configuration", self.domain_dn())
groupfilter = "(&(sAMAccountName=%s)(objectCategory=%s,%s))" % (ldb.binary_encode(groupname), "CN=Group,CN=Schema,CN=Configuration", self.domain_dn())
self.transaction_start()
try:
targetgroup = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
@ -214,7 +214,8 @@ pwdLastSet: 0
operation
"""
groupfilter = "(&(sAMAccountName=%s)(objectCategory=%s,%s))" % (groupname, "CN=Group,CN=Schema,CN=Configuration", self.domain_dn())
groupfilter = "(&(sAMAccountName=%s)(objectCategory=%s,%s))" % (
ldb.binary_encode(groupname), "CN=Group,CN=Schema,CN=Configuration", self.domain_dn())
groupmembers = listofmembers.split(',')
self.transaction_start()
@ -234,7 +235,8 @@ changetype: modify
for member in groupmembers:
targetmember = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
expression="(|(sAMAccountName=%s)(CN=%s))" % (member, member), attrs=[])
expression="(|(sAMAccountName=%s)(CN=%s))" % (
ldb.binary_encode(member), ldb.binary_encode(member)), attrs=[])
if len(targetmember) != 1:
continue
@ -378,7 +380,7 @@ member: %s
# Sets the password for it
if setpassword:
self.setpassword("(samAccountName=%s)" % username, password,
self.setpassword("(samAccountName=%s)" % ldb.binary_encode(username), password,
force_password_change_at_next_login_req)
except Exception:
self.transaction_cancel()