classicupgrade: Avoid needing to quote CN values in an DN, use dn.set_component()

While invalid for samAccountName values, when also used for
samAccountName we should be dealing with this at the samldb layer, not
here.

This comes from unvalidated Samba3 data that can contain a , or =
without a problem in that codebase.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

diff --git a/python/samba/upgrade.py b/python/samba/upgrade.py
index 215ccd391643026d6af4f0ee770a6e6b68a79bfc..38563235841661c6acb3ac7dcf6ebfdb1f7937c5 100644 (file)
--- a/python/samba/upgrade.py
+++ b/python/samba/upgrade.py
@@ -272,8 +272,10 @@ def add_group_from_mapping_entry(samdb, groupmap, logger):
                 return
 
         m = ldb.Message()
-        m.dn = ldb.Dn(samdb, "CN=%s,CN=Users,%s" % (groupmap.nt_name, samdb.get_default_basedn()))
-        m['cn'] = ldb.MessageElement(groupmap.nt_name, ldb.FLAG_MOD_ADD, 'cn')
+        # We avoid using the format string to avoid needing to escape the CN values
+        m.dn = ldb.Dn(samdb, "CN=X,CN=Users")
+        m.dn.set_component(0, "CN", groupmap.nt_name)
+        m.dn.add_base(samdb.get_default_basedn())
         m['objectClass'] = ldb.MessageElement('group', ldb.FLAG_MOD_ADD, 'objectClass')
         m['objectSid'] = ldb.MessageElement(ndr_pack(groupmap.sid), ldb.FLAG_MOD_ADD,
             'objectSid')