From f1e49be4cf07f9be302dbe8262a153dd42e4297e Mon Sep 17 00:00:00 2001
From: Daniel Kessler <dkessler@berkeley.edu>
Date: Fri, 26 Apr 2019 16:04:31 -0700
Subject: [PATCH] Escape filter chars in guess-passwords

---
 staff/acct/guess-passwords | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/staff/acct/guess-passwords b/staff/acct/guess-passwords
index 6fd6bbd..b5db5a2 100755
--- a/staff/acct/guess-passwords
+++ b/staff/acct/guess-passwords
@@ -13,12 +13,17 @@ from concurrent.futures import ProcessPoolExecutor
 
 import pexpect
 import requests
+from ldap3.utils.conv import escape_filter_chars
 from ocflib.account.search import SORRIED_SHELL
 from ocflib.account.search import users_by_filter
 
 
 def unsorried_users():
-    return users_by_filter('(&(uid=*)(!(loginShell={})))'.format(SORRIED_SHELL))
+    return users_by_filter(
+        '(&(uid=*)(!(loginShell={})))'.format(
+            escape_filter_chars(SORRIED_SHELL)
+        )
+    )
 
 
 def fast_password_matches(username, password):