From: Frédéric Marchal <fmarchal@users.sourceforge.net>
Date: Mon, 31 Jan 2011 20:17:25 +0000 (+0000)
Subject: Accept any number of user id in the LDAP filter string
X-Git-Tag: v2.3.2~80
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d1d8390c7f4bbf31ed78d5236c65700e951f1fd0;p=thirdparty%2Fsarg.git

Accept any number of user id in the LDAP filter string

The previous code would only accept up to five %s in the LDAP search
string. It is sufficient in most cases but we can do better than that
and accept any number of occurences as long as the resulting filter
string can fit in the fixed size buffer hard coded in sarg.
---

diff --git a/usertab.c b/usertab.c
index a0748bb..f5a3eea 100644
--- a/usertab.c
+++ b/usertab.c
@@ -188,6 +188,8 @@ static void get_ldap_name(const char *userlogin,char *mappedname,int namelen)
 	LDAPMessage *result, *e;
 	BerElement *ber;
 	int i;
+	int slen;
+	int rc;
 	char *attrs[1];
 
 	searched_in_cache = search_in_cache(userlogin);
@@ -198,21 +200,33 @@ static void get_ldap_name(const char *userlogin,char *mappedname,int namelen)
 	}
 
 	// escape characters according to rfc2254 section 4
-	for (i=0 , ptr=userlogin ; i<sizeof(searchloginname)-1 && *ptr ; ptr++) {
+	for (slen=0 , ptr=userlogin ; slen<sizeof(searchloginname)-1 && *ptr ; ptr++) {
 		if (strchr(strictchars,*ptr)) {
-			if (i+3>=sizeof(searchloginname)-1) break;
-			i+=sprintf(searchloginname+i,"\\%02X",*ptr);
+			if (slen+3>=sizeof(searchloginname)-1) break;
+			slen+=sprintf(searchloginname+i,"\\%02X",*ptr);
 		} else {
-			searchloginname[i++]=*ptr;
+			searchloginname[slen++]=*ptr;
 		}
 	}
-	searchloginname[i]='\0';
+	searchloginname[slen]='\0';
 
-	snprintf(filtersearch, sizeof(filtersearch), LDAPFilterSearch, searchloginname, searchloginname, searchloginname, searchloginname, searchloginname);
+	i=0;
+	ptr=LDAPFilterSearch;
+	while (i<sizeof(filtersearch)-1 && *ptr) {
+		if (ptr[0]=='%' && ptr[1]=='s') {
+			if (i+slen>=sizeof(filtersearch)) break;
+			memcpy(filtersearch+i,searchloginname,slen);
+			i+=slen;
+			ptr+=2;
+		} else {
+			filtersearch[i++]=*ptr++;
+		}
+	}
+	filtersearch[i]='\0';
 
 	/* Search record(s) in LDAP base */
 	attrs[0]=LDAPTargetAttr;
-	int rc= ldap_search_ext_s(ldap_handle, LDAPBaseSearch, LDAP_SCOPE_SUBTREE, filtersearch, attrs, 0, NULL, NULL, NULL, -1, &result);
+	rc= ldap_search_ext_s(ldap_handle, LDAPBaseSearch, LDAP_SCOPE_SUBTREE, filtersearch, attrs, 0, NULL, NULL, NULL, -1, &result);
 	if (rc != LDAP_SUCCESS) {
 		debuga(_("LDAP search failed: %s\n"), ldap_err2string(rc));
 		debuga(_("looking for \"%s\" at or below \"%s\"\n"),filtersearch,LDAPBaseSearch);