From: lhm-gosa <lhm-gosa@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Tue, 10 Feb 2009 12:55:02 +0000 (+0000)
Subject: * Fix LDAP search filter escaping
X-Git-Url: https://git.tokkee.org/?p=gosa.git;a=commitdiff_plain;h=ac0caead013f3c096b6f75dbc1f3606d0d56013f

* Fix LDAP search filter escaping
* Fix base stripping, when it contains regexp characters


git-svn-id: https://oss.gonicus.de/repositories/gosa/branches/2.6-lhm@13419 594d385d-05f5-0310-b6e9-bd551577e9d8
---

diff --git a/gosa-si/gosa-si-server b/gosa-si/gosa-si-server
index 1bf9728c3..e9fe6ed78 100755
--- a/gosa-si/gosa-si-server
+++ b/gosa-si/gosa-si-server
@@ -2412,8 +2412,10 @@ sub create_fai_release_db {
 			attrs  => [],
 			filter => "(&(objectClass=organizationalUnit)(ou=fai))",
 		);
-		if($mesg->{'resultCode'} == 0 &&
-			$mesg->count != 0) {
+		if(($mesg->code == 0) && ($mesg->count != 0))
+		{
+			daemon_log("$session_id DEBUG: create_fai_release_db: count " . $mesg->count,8);
+
 			# Walk through all possible FAI container ou's
 			my @sql_list;
 			my $timestamp= &get_time();
@@ -2439,13 +2441,15 @@ sub create_fai_release_db {
 				}
 			}
 
-			daemon_log("$session_id DEBUG: Inserting ".scalar @sql_list." entries to DB",8);
+			daemon_log("$session_id DEBUG: create_fai_release_db: Inserting ".scalar @sql_list." entries to DB",8);
 			if(@sql_list) {
 				unshift @sql_list, "VACUUM";
 				unshift @sql_list, "DELETE FROM $table_name";
 				$fai_release_db->exec_statementlist(\@sql_list);
 			}
-			daemon_log("$session_id DEBUG: Done with inserting",7);
+			daemon_log("$session_id DEBUG: create_fai_release_db: Done with inserting",7);
+		} else {
+			daemon_log("$session_id INFO: create_fai_release_db: error: " . $mesg->code ,5);
 		}
 		daemon_log("$session_id INFO: create_fai_release_db: finished",5);
 	}
@@ -2508,9 +2512,11 @@ sub resolve_fai_classes {
 		foreach my $entry (@{$mesg->{entries}}) {
 			if($entry->exists('cn')) {
 				my $tmp_dn= $entry->dn();
+				$tmp_dn= substr( $tmp_dn, 0, length($tmp_dn)
+					- length($fai_base) - 1 );
 
 				# Skip classname and ou dn parts for class
-				my $tmp_release = ($1) if $tmp_dn =~ /^[^,]+,[^,]+,(.*?),$fai_base$/;
+				my $tmp_release = ($1) if $tmp_dn =~ /^[^,]+,[^,]+,(.*?)$/;
 
 				# Skip classes without releases
 				if((!defined($tmp_release)) || length($tmp_release)==0) {
@@ -2545,7 +2551,9 @@ sub resolve_fai_classes {
 				}
 			} elsif (!$entry->exists('cn')) {
 				my $tmp_dn= $entry->dn();
-				my $tmp_release = ($1) if $tmp_dn =~ /^(.*?),$fai_base$/;
+				$tmp_dn= substr( $tmp_dn, 0, length($tmp_dn)
+					- length($fai_base) - 1 );
+				my $tmp_release = ($1) if $tmp_dn =~ /^(.*?)$/;
 
 				# Skip classes without releases
 				if((!defined($tmp_release)) || length($tmp_release)==0) {
@@ -2973,7 +2981,7 @@ sub get_package {
         unlink($dest);
         daemon_log("$session_id DEBUG: delete file '$dest'", 5); 
     } else {
-        daemon_log("$session_id ERROR: create_packages_list_db: get_packages: fetching '$url' failed!", 1);
+        daemon_log("$session_id ERROR: create_packages_list_db: get_packages: fetching '$url' into '$dest' failed!", 1);
     }
     return 0;
 }
diff --git a/gosa-si/modules/ClientPackages.pm b/gosa-si/modules/ClientPackages.pm
index e5f24ff33..08c868935 100644
--- a/gosa-si/modules/ClientPackages.pm
+++ b/gosa-si/modules/ClientPackages.pm
@@ -628,7 +628,7 @@ sub new_syslog_config {
 	}
 
 	my $entry= $ldap_res->entry(0);
-    my $dn = &Net::LDAP::Util::escape_dn_value($entry->dn);
+    my $filter_dn = &Net::LDAP::Util::escape_filter_value($entry->dn);
 	my $syslog_server = $entry->get_value("gotoSyslogServer");
 
     # If no syslog server is specified at host, just have a look at the object group of the host
@@ -637,7 +637,7 @@ sub new_syslog_config {
         my $ldap_res = $ldap_handle->search( base   => $ldap_base,
                 scope  => 'sub',
                 attrs => ['gotoSyslogServer'],
-                filter => "(&(objectClass=gosaGroupOfNames)(member=$dn))");
+                filter => "(&(objectClass=gosaGroupOfNames)(member=$filter_dn))");
         if($ldap_res->code) {
             &main::daemon_log("$session_id ".$ldap_res->error, 1);
             return;
@@ -649,7 +649,7 @@ sub new_syslog_config {
                     "\n\tbase: $ldap_base".
                     "\n\tscope: sub".
                     "\n\tattrs: gotoSyslogServer".
-                    "\n\tfilter: (&(objectClass=gosaGroupOfNames)(member=$dn))", 1);
+                    "\n\tfilter: (&(objectClass=gosaGroupOfNames)(member=$filter_dn))", 1);
             return;
         }
 
@@ -662,6 +662,7 @@ sub new_syslog_config {
         &main::daemon_log("$session_id WARNING: no syslog server specified for this host '$mac_address'", 3);
         return;
     }
+
  
     # Add syslog server to 'syslog_config' message
     my $syslog_msg_hash = &create_xml_hash("new_syslog_config", $server_address, $mac_address);
@@ -703,7 +704,7 @@ sub new_ntp_config {
 	}
 
 	my $entry= $ldap_res->entry(0);
-    my $dn = &Net::LDAP::Util::escape_dn_value($entry->dn);
+    my $filter_dn = &Net::LDAP::Util::escape_filter_value($entry->dn);
 	my @ntp_servers= $entry->get_value("gotoNtpServer");
 
     # If no ntp server is specified at host, just have a look at the object group of the host
@@ -712,7 +713,7 @@ sub new_ntp_config {
         my $ldap_res = $ldap_handle->search( base   => $ldap_base,
                 scope  => 'sub',
                 attrs => ['gotoNtpServer'],
-                filter => "(&(objectClass=gosaGroupOfNames)(member=$dn))");
+                filter => "(&(objectClass=gosaGroupOfNames)(member=$filter_dn))");
         if($ldap_res->code) {
             &main::daemon_log("$session_id ".$ldap_res->error, 1);
             return;
@@ -724,7 +725,7 @@ sub new_ntp_config {
                     "\n\tbase: $ldap_base".
                     "\n\tscope: sub".
                     "\n\tattrs: gotoNtpServer".
-                    "\n\tfilter: (&(objectClass=gosaGroupOfNames)(member=$dn))", 1);
+                    "\n\tfilter: (&(objectClass=gosaGroupOfNames)(member=$filter_dn))", 1);
             return;
         }
 
@@ -804,13 +805,14 @@ sub new_ldap_config {
 	}
 
 	my $entry= $mesg->entry(0);
-	my $dn= $entry->dn;
+	my $filter_dn= &Net::LDAP::Util::escape_filter_value($entry->dn);
 	my @servers= $entry->get_value("gotoLdapServer");
 	my $unit_tag= $entry->get_value("gosaUnitTag");
 	my @ldap_uris;
 	my $server;
 	my $base;
 	my $release;
+    my $dn= $entry->dn;
 
 	# Fill release if available
 	my $FAIclass= $entry->get_value("FAIclass");
@@ -820,13 +822,12 @@ sub new_ldap_config {
 
 	# Do we need to look at an object class?
 	if (not @servers){
-          my $escaped_dn = &Net::LDAP::Util::escape_dn_value($dn);
 	        $mesg = $ldap_handle->search( base   => $ldap_base,
 			scope  => 'sub',
 			attrs => ['dn', 'gotoLdapServer', 'FAIclass'],
-			filter => "(&(objectClass=gosaGroupOfNames)(member=$escaped_dn))");
+			filter => "(&(objectClass=gosaGroupOfNames)(member=$filter_dn))");
 		if($mesg->code) {
-			&main::daemon_log("$session_id ERROR: unable to search for '(&(objectClass=gosaGroupOfNames)(member=$dn))': ".$mesg->error, 1);
+			&main::daemon_log("$session_id ERROR: unable to search for '(&(objectClass=gosaGroupOfNames)(member=$filter_dn))': ".$mesg->error, 1);
 			return;
 		}
 
@@ -836,7 +837,7 @@ sub new_ldap_config {
                     "\n\tbase: $ldap_base".
                     "\n\tscope: sub".
                     "\n\tattrs: dn, gotoLdapServer, FAIclass".
-                    "\n\tfilter: (&(objectClass=gosaGroupOfNames)(member=$escaped_dn))", 1);
+                    "\n\tfilter: (&(objectClass=gosaGroupOfNames)(member=$filter_dn))", 1);
             return;
         }
 
@@ -988,7 +989,6 @@ sub hardware_config {
 	
 	} else {
 		my $entry= $mesg->entry(0);
-		my $dn= $entry->dn;
 		if (defined($entry->get_value("gotoHardwareChecksum"))) {
 			if (! $entry->get_value("gotoHardwareChecksum") eq $gotoHardwareChecksum) {
 				$entry->replace(gotoHardwareChecksum => $gotoHardwareChecksum);