Managing DNs in libads only in utf8
Jeremy Allison
jra at samba.org
Tue Feb 27 18:40:57 GMT 2007
On Tue, Feb 27, 2007 at 01:23:32PM -0500, simo wrote:
>
> Ahh now I get it, you are speaking of the patch to fix the possible
> escaping problem, well .. if you would have read the thread you would
> have realized this is _another_ problem :-)
> Plus that patch was never posted to samba-technical afaik, so show me
> the code :-)
So I don't see this as a problem, that's the
difference.
> In any case they can't ?
> Why do we have the option at all ?
So people who have "strange" needs can do them
at will. But I don't want to refactor the code
to code with these things, unless we have enough
users out there who *need* this. The world is
moving to utf8, we don't want to make it easier
not to.
Here's the code.
Jeremy.
-------------- next part --------------
Index: nsswitch/winbindd_ads.c
===================================================================
--- nsswitch/winbindd_ads.c (revision 21528)
+++ nsswitch/winbindd_ads.c (working copy)
@@ -607,6 +607,7 @@
const char *attrs[] = {"memberOf", NULL};
size_t num_groups = 0;
DOM_SID *group_sids = NULL;
+ char *escaped_dn;
int i;
DEBUG(3,("ads: lookup_usergroups_memberof\n"));
@@ -618,9 +619,16 @@
goto done;
}
- rc = ads_search_retry_extended_dn(ads, &res, user_dn, attrs,
+ if (!(escaped_dn = escape_ldap_string_alloc(user_dn))) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ rc = ads_search_retry_extended_dn(ads, &res, escaped_dn, attrs,
ADS_EXTENDED_DN_HEX_STRING);
+ SAFE_FREE(escaped_dn);
+
if (!ADS_ERR_OK(rc) || !res) {
DEBUG(1,("lookup_usergroups_memberof ads_search member=%s: %s\n",
user_dn, ads_errstr(rc)));
More information about the samba-technical
mailing list