diff options
| author | equinox <equinox@diac24.net> | 2011-09-29 23:34:18 +0200 |
|---|---|---|
| committer | equinox <equinox@diac24.net> | 2011-09-29 23:34:18 +0200 |
| commit | 6eeadd3e2f7c0ce30810eea1539844005c2d123c (patch) | |
| tree | e55321275b826c30c6d678e21ab74b4fa0869a62 | |
| parent | 045081c6ed315595970775d4f7f50518461743d5 (diff) | |
fix "minor" bugs - including LDAP injection ;)
| -rwxr-xr-x | index.py | 11 | ||||
| -rw-r--r-- | ja.po | 4 |
2 files changed, 8 insertions, 7 deletions
@@ -11,7 +11,8 @@ from tmpl import expose, render, _ from lxml import etree from lxml.html import formfill from StringIO import StringIO -import ldap +import ldap, ldap.filter +ldapf = ldap.filter.filter_format import mx.DateTime, urllib from accountservice import accountservice import ticket @@ -55,7 +56,7 @@ class SubdapSite(object): return render(errors = {}, username = username) def login_perform(s, username, password): - dn = "cn=%s,ou=people,dc=sublab,dc=org" % (username) + dn = ldapf("cn=%s,ou=people,dc=sublab,dc=org", [username]) try: l = ldap.initialize('ldap://oberon.local.sublab.org/') l.start_tls_s() @@ -79,7 +80,7 @@ class SubdapSite(object): try: l, dn = s.login_perform(username, password) except LoginError, e: - return render(errors = {'password': str(e)}) + return render(errors = {'password': unicode(e)}) return s.selectpage(l, dn) @@ -142,13 +143,13 @@ class SubdapSite(object): try: l, dn = s.login_perform(username, oldpassword) except LoginError, e: - return render(errors = {'oldpassword': str(e)}, username = username) + return render(errors = {'oldpassword': unicode(e)}, username = username) import kerberos try: assert kerberos.changePassword(username + '@SUBLAB.ORG', oldpassword, password) == True except kerberos.PwdChangeError, e: - return render(errors = {'password2': str(e[0])}, username = username) + return render(errors = {'password2': unicode(e[0])}, username = username) if os.fork() == 0: accountservice.kprop() @@ -121,8 +121,8 @@ msgid "" " password will work." msgstr "" "[1:パスワードが改めされました][2:]\n" -" けど、「ケルベロスの[3:3つ頭]」は数分後まで立て込む。\n" -" まえのパスワードか新しいパスワードか使える可能性があります。" +"けど、「ケルベロスの[3:3つ頭]」は数分後まで立て込む。" +"まえのパスワードか新しいパスワードか使える可能性があります。" #: templates/select.html:20 #, python-format |