[dovecot-cvs] dovecot/src/auth db-ldap.c,1.9,1.10 db-ldap.h,1.6,1.7 passdb-ldap.c,1.3,1.4 userdb-ldap.c,1.7,1.8

cras at procontrol.fi cras at procontrol.fi
Tue Feb 18 19:18:34 EET 2003 

Update of /home/cvs/dovecot/src/auth
In directory danu:/tmp/cvs-serv31966

Modified Files:
	db-ldap.c db-ldap.h passdb-ldap.c userdb-ldap.c 
Log Message:
Escape special chars in username if needed.



Index: db-ldap.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/db-ldap.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- db-ldap.c	17 Feb 2003 14:57:23 -0000	1.9
+++ db-ldap.c	18 Feb 2003 17:18:31 -0000	1.10
@@ -9,6 +9,7 @@
 #include "network.h"
 #include "ioloop.h"
 #include "hash.h"
+#include "str.h"
 #include "settings.h"
 #include "db-ldap.h"
 
@@ -259,6 +260,29 @@
 			dest++;
 		}
 	}
+}
+
+const char *ldap_escape(const char *str)
+{
+	string_t *s;
+	const char *p;
+
+	for (p = str; *p != '\0'; p++) {
+		if (strchr("*()\\", *p) != NULL)
+			break;
+	}
+
+	if (*p == '\0')
+		return str;
+
+	s = t_str_new(64);
+	str_append_n(s, str, (size_t) (p-str));
+	for (; *p != '\0'; p++) {
+		if (strchr("*()\\", *p) != NULL)
+			str_append_c(s, '\\');
+		str_append_c(s, *p);
+	}
+	return str_c(s);
 }
 
 static const char *parse_setting(const char *key, const char *value,

Index: db-ldap.h
===================================================================
RCS file: /home/cvs/dovecot/src/auth/db-ldap.h,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- db-ldap.h	11 Feb 2003 14:06:46 -0000	1.6
+++ db-ldap.h	18 Feb 2003 17:18:31 -0000	1.7
@@ -59,4 +59,6 @@
 struct ldap_connection *db_ldap_init(const char *config_path);
 void db_ldap_unref(struct ldap_connection *conn);
 
+const char *ldap_escape(const char *str);
+
 #endif

Index: passdb-ldap.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/passdb-ldap.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- passdb-ldap.c	17 Feb 2003 14:57:23 -0000	1.3
+++ passdb-ldap.c	18 Feb 2003 17:18:31 -0000	1.4
@@ -73,6 +73,7 @@
 	} else {
 		attr = ldap_first_attribute(conn->ld, entry, &ber);
 		while (attr != NULL) {
+			i_warning("attr: %s", attr);
 			vals = ldap_get_values(conn->ld, entry, attr);
 			if (vals != NULL && vals[0] != NULL &&
 			    vals[1] == NULL) {
@@ -160,6 +161,7 @@
 				   auth_request->realm, NULL);
 	}
 
+	user = ldap_escape(user);
 	if (conn->set.pass_filter == NULL) {
 		filter = t_strdup_printf("(&(objectClass=posixAccount)(%s=%s))",
 			passdb_ldap_conn->attr_names[ATTR_VIRTUAL_USER], user);

Index: userdb-ldap.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/userdb-ldap.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- userdb-ldap.c	17 Feb 2003 14:57:23 -0000	1.7
+++ userdb-ldap.c	18 Feb 2003 17:18:31 -0000	1.8
@@ -148,6 +148,7 @@
 	if (realm != NULL)
 		user = t_strconcat(user, "@", realm, NULL);
 
+	user = ldap_escape(user);
 	if (conn->set.user_filter == NULL) {
 		filter = t_strdup_printf("(&(objectClass=posixAccount)(%s=%s))",
 			userdb_ldap_conn->attr_names[ATTR_VIRTUAL_USER], user);

More information about the dovecot-cvs mailing list