mod_auth_ldap: Handle the inconsistent way in which the MS LDAP

author Graham Leggett <minfrin@apache.org>

Mon, 4 Oct 2004 23:43:20 +0000 (23:43 +0000)

committer Graham Leggett <minfrin@apache.org>

Mon, 4 Oct 2004 23:43:20 +0000 (23:43 +0000)
author Graham Leggett <minfrin@apache.org>
Mon, 4 Oct 2004 23:43:20 +0000 (23:43 +0000)
committer Graham Leggett <minfrin@apache.org>
Mon, 4 Oct 2004 23:43:20 +0000 (23:43 +0000)
diff --git a/CHANGES b/CHANGES

index ef56e33685d24092f592abc67622998d414d9235..34688b0570db0055e4b3bba74555520b9529611f 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,9 @@ Changes with Apache 2.1.0-dev
  
    [Remove entries to the current 2.0 section below, when backported]
  
+  *) mod_auth_ldap: Handle the inconsistent way in which the MS LDAP
+     library handles special characters. PR 24437 [Jess Holle]
+
    *) mod_ldap: fix a bogus error message to tell the user which file
       is causing a potential problem with the LDAP shared memory cache.
       PR 31431 [Graham Leggett]
diff --git a/modules/aaa/mod_authnz_ldap.c b/modules/aaa/mod_authnz_ldap.c

index 88b7da389ece21959881a768f099364eda11c9d3..226aee94afafdf8b0db8866fe0adb6d630db0217 100644 (file)
--- a/modules/aaa/mod_authnz_ldap.c
+++ b/modules/aaa/mod_authnz_ldap.c
@@ -207,19 +207,47 @@ static void authn_ldap_build_filter(char *filtbuf,
       * LDAP filter metachars are escaped.
       */
      filtbuf_end = filtbuf + FILTER_LENGTH - 1;
-    for (p = user, q=filtbuf + strlen(filtbuf);
-         *p && q < filtbuf_end; *q++ = *p++) {
  #if APR_HAS_MICROSOFT_LDAPSDK
-        /* Note: The Microsoft SDK escapes for us, so is not necessary */
+    for (p = user, q=filtbuf + strlen(filtbuf);
+         *p && q < filtbuf_end; ) {
+        if (strchr("*()\\", *p) != NULL) {
+            if ( q + 3 >= filtbuf_end)
+              break;  /* Don't write part of escape sequence if we can't write all of it */
+            *q++ = '\\';
+            switch ( *p++ )
+            {
+              case '*':
+                *q++ = '2';
+                *q++ = 'a';
+                break;
+              case '(':
+                *q++ = '2';
+                *q++ = '8';
+                break;
+              case ')':
+                *q++ = '2';
+                *q++ = '9';
+                break;
+              case '\\':
+                *q++ = '5';
+                *q++ = 'c';
+                break;
+                       }
+        }
+        else
+            *q++ = *p++;
+    }
  #else
+    for (p = user, q=filtbuf + strlen(filtbuf);
+         *p && q < filtbuf_end; *q++ = *p++) {
          if (strchr("*()\\", *p) != NULL) {
              *q++ = '\\';
              if (q >= filtbuf_end) {
-                break;
+              break;
              }
          }
-#endif
      }
+#endif
      *q = '\0';
  
      /*
author	Graham Leggett <minfrin@apache.org>
	Mon, 4 Oct 2004 23:43:20 +0000 (23:43 +0000)
committer	Graham Leggett <minfrin@apache.org>
	Mon, 4 Oct 2004 23:43:20 +0000 (23:43 +0000)
CHANGES		patch \| blob \| blame \| history
modules/aaa/mod_authnz_ldap.c		patch \| blob \| blame \| history