kdc: always ldb escape the realm

author Andrew Bartlett <abartlet@samba.org>

Tue, 5 Apr 2011 06:21:14 +0000 (16:21 +1000)

committer Andrew Bartlett <abartlet@samba.org>

Tue, 5 Apr 2011 21:46:04 +0000 (23:46 +0200)
author Andrew Bartlett <abartlet@samba.org>
Tue, 5 Apr 2011 06:21:14 +0000 (16:21 +1000)
committer Andrew Bartlett <abartlet@samba.org>
Tue, 5 Apr 2011 21:46:04 +0000 (23:46 +0200)
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c

index 6ef928caa15ab7cd4a717225c6721a820254ab39..732e553ca3d96d2fac09069344018897d474d715 100644 (file)
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -1002,9 +1002,19 @@ static krb5_error_code samba_kdc_lookup_trust(krb5_context context, struct ldb_c
         const char * const *attrs = trust_attrs;
  
         struct ldb_result *res = NULL;
-       filter = talloc_asprintf(mem_ctx, "(&(objectClass=trustedDomain)(|(flatname=%s)(trustPartner=%s)))", realm, realm);
+       char *realm_encoded = ldb_binary_encode_string(mem_ctx, realm);
+       if (!realm_encoded) {
+               if (!filter) {
+                       ret = ENOMEM;
+                       krb5_set_error_message(context, ret, "talloc_asprintf: out of memory");
+                       return ret;
+               }
+       }
+       filter = talloc_asprintf(mem_ctx, "(&(objectClass=trustedDomain)(|(flatname=%s)(trustPartner=%s)))", 
+                                realm_encoded, realm_encoded);
  
         if (!filter) {
+               talloc_free(realm_encoded);
                 ret = ENOMEM;
                 krb5_set_error_message(context, ret, "talloc_asprintf: out of memory");
                 return ret;
author	Andrew Bartlett <abartlet@samba.org>
	Tue, 5 Apr 2011 06:21:14 +0000 (16:21 +1000)
committer	Andrew Bartlett <abartlet@samba.org>
	Tue, 5 Apr 2011 21:46:04 +0000 (23:46 +0200)