From: Frédéric Marchal <fmarchal@users.sourceforge.net>
Date: Wed, 15 Sep 2010 06:16:15 +0000 (+0000)
Subject: Escape the LDAP search string instead of truncating it.
X-Git-Tag: v2.3.1~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1b048c438401313c0f9938953655920ec87199aa;p=thirdparty%2Fsarg.git

Escape the LDAP search string instead of truncating it.

A few characters must be escaped in a LDAP search string. Sarg used to
truncate the user login name at the first "dubious" character found in
the string and the list of "dubious" character was much longer than
necessary. Instead of truncating the user login, this patch escape the
characters.
---

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 9b6d7de..8c6f77f 100755
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -3,7 +3,7 @@ PROJECT(sarg C)
 SET(sarg_VERSION 2)
 SET(sarg_REVISION "3.1-pre1")
 SET(sarg_BUILD "")
-SET(sarg_BUILDDATE "Sep-02-2010")
+SET(sarg_BUILDDATE "Sep-15-2010")
 
 INCLUDE(AddFileDependencies)
 INCLUDE(CheckIncludeFile)
diff --git a/include/info.h b/include/info.h
index 6549948..a59b32d 100755
--- a/include/info.h
+++ b/include/info.h
@@ -1,3 +1,3 @@
-#define VERSION PACKAGE_VERSION" Sep-02-2010"
+#define VERSION PACKAGE_VERSION" Sep-15-2010"
 #define PGM PACKAGE_NAME
 #define URL "http://sarg.sourceforge.net"
diff --git a/log.c b/log.c
index 41299ff..bfc6f43 100644
--- a/log.c
+++ b/log.c
@@ -288,7 +288,7 @@ int main(int argc,char *argv[])
    LDAPBindDN[0]='\0';
    LDAPBindPW[0]='\0';
    LDAPBaseSearch[0]='\0';
-   strcpy(LDAPFilterSearch, "uid=%s");
+   strcpy(LDAPFilterSearch, "(uid=%s)");
    strcpy(LDAPTargetAttr, "cn");
 
    dia[0]='\0';
diff --git a/sarg.conf b/sarg.conf
index 0c05e41..0ffd6ed 100644
--- a/sarg.conf
+++ b/sarg.conf
@@ -338,13 +338,13 @@
 #	default is empty line
 #LDAPBaseSearch ou=users,dc=mydomain,dc=local
 
-# TAG: LDAPFilterSearch uid=%s
+# TAG: LDAPFilterSearch (uid=%s)
 #	User search filter by user's logins in LDAP
 #	First founded record will be used
 #	%s - will be changed to userlogins from access.log file
-#       filter string can have some tags '%s'
-#	default value is 'uid=%s'
-#LDAPFilterSearch uid=%s
+#       filter string can have up to 5 '%s' tags
+#	default value is '(uid=%s)'
+#LDAPFilterSearch (uid=%s)
 
 # TAG: LDAPTargetAttr attributename
 #	Name of the attribute containing a name of the user
diff --git a/usertab.c b/usertab.c
index 9598aa1..36d84aa 100644
--- a/usertab.c
+++ b/usertab.c
@@ -162,38 +162,46 @@ static void init_ldap_usertab(void) {
 static void get_ldap_name(const char *userlogin,char *mappedname,int namelen)
 {
    /* Start searching username in cache */
-
-   char filtersearch[256], strictchars[] = " ~!@^&(){}|<>?:;\"\'\\[]`,\r\n\0", *strictptr = strictchars, *searched_in_cache;
+   // According to rfc2254 section 4, only *()\ and NUL must be escaped. This list is rather conservative !
+   const char strictchars[] = " ~!@^&(){}|<>?:;\"\'\\[]`,\r\n\0";
+   char filtersearch[256], *searched_in_cache;
+   char searchloginname[3*MAX_USER_LEN];
    char *attr, **vals;
    LDAPMessage *result, *e;
    BerElement *ber;
+   int i;
 
-   while (*strictptr) {
-      char *foundchr;
-      if ((foundchr = strchr(userlogin, *strictptr)))
-         *foundchr = '\0';
-      strictptr++;
+   for (i=0 ; i<sizeof(searchloginname)-1 && *userlogin ; userlogin++) {
+      if (strchr(strictchars,*userlogin)) {
+         // escape character according to rfc2254 section 4
+         if (i+3>=sizeof(searchloginname)-1) break;
+         i+=sprintf(searchloginname+i,"\\%02X",*userlogin);
+      } else {
+         searchloginname[i++]=*userlogin;
+      }
    }
+   searchloginname[i]='\0';
 
-   if (!(searched_in_cache = search_in_cache(userlogin))) {
-      snprintf(filtersearch, sizeof(filtersearch), LDAPFilterSearch, userlogin, userlogin, userlogin, userlogin, userlogin);
+   if (!(searched_in_cache = search_in_cache(searchloginname))) {
+      snprintf(filtersearch, sizeof(filtersearch), LDAPFilterSearch, searchloginname, searchloginname, searchloginname, searchloginname, searchloginname);
 
       /* Search record(s) in LDAP base */
 
       int rc= ldap_search_s(ldap_handle, LDAPBaseSearch, LDAP_SCOPE_SUBTREE, filtersearch, NULL, 0, &result);
       if ( rc != LDAP_SUCCESS ) {
          debuga(_("LDAP search failed: %s\n"), ldap_err2string(rc));
-         strcpy(mappedname,userlogin);
+         strncpy(mappedname,searchloginname,namelen-1);
+         mappedname[namelen-1]='\0';
          return;
       }
 
       if (!(e = ldap_first_entry(ldap_handle, result)))
-         insert_to_cache(userlogin, userlogin);
+         insert_to_cache(searchloginname, searchloginname);
       else
          for (attr = ldap_first_attribute(ldap_handle, e, &ber); attr != NULL; attr = ldap_next_attribute(ldap_handle, e, ber)) {
             if (!strcasecmp(attr, LDAPTargetAttr)) {
                if ((vals = (char **)ldap_get_values(ldap_handle, e, attr))!=NULL) {
-                  insert_to_cache(userlogin, vals[0]);
+                  insert_to_cache(searchloginname, vals[0]);
                   strncpy(mappedname, vals[0],namelen-1);
                   mappedname[namelen-1]='\0';
                   ldap_memfree(vals);