Bug #4396: Escape filtering symbols when looking for a user

2025-03-21 14:50:08 +03:00 · 2016-05-24 10:13:02 +02:00 · 2016-05-24 10:13:02 +02:00 · 50c1e52b5e
commit 50c1e52b5e
parent f395c4c602
1 changed files with 25 additions and 3 deletions
--- a/src/authm_mad/remotes/ldap/ldap_auth.rb
+++ b/src/authm_mad/remotes/ldap/ldap_auth.rb
@ -122,10 +122,13 @@ class OpenNebula::LdapAuth

    def find_user(name)
        begin
-            result=@ldap.search(
-                :base => @options[:base],
+            filter = "#{@options[:user_field]}=#{escape(name)}"
+
+            result = @ldap.search(
+                :base       => @options[:base],
                :attributes => @options[:attributes],
-                :filter => "#{@options[:user_field]}=#{name}")
+                :filter     => filter
+            )

            if result && result.first
                @user = result.first
@ -187,5 +190,24 @@ class OpenNebula::LdapAuth
        groups.delete(false)
        groups.compact.uniq
    end
+
+private
+
+    # The escapes code has been copied from <net-ldap>/lib/net/ldap/filter.rb
+    FILTER_ESCAPES = {
+      "\0" => '00',
+      '*'  => '2A',
+      '('  => '28',
+      ')'  => '29',
+      '\\' => '5C',
+      '?'  => '3F',
+      '='  => '3D'
+    }
+
+    FILTER_ESCAPE_RE = Regexp.new("[" + FILTER_ESCAPES.keys.map { |e| Regexp.escape(e) }.join + "]")
+
+    def escape(string)
+      string.gsub(FILTER_ESCAPE_RE) { |char| "\\" + FILTER_ESCAPES[char] }
+    end
 end