From: <gi...@ma...> - 2009-07-20 01:08:47
|
The branch, master-1.2.x has been updated via 4d0a1d785ac6bff2ede656282e54bd4623024a00 (commit) from 918d8e3048be40eeb6894db95815667c41b500f9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4d0a1d785ac6bff2ede656282e54bd4623024a00 Author: Victor Boctor <vb...@gm...> Date: Mon Jul 20 10:15:56 2009 +1000 Fixes #10737: LDAP auth always fails. ----------------------------------------------------------------------- Summary of changes: core/ldap_api.php | 29 ++++++++++++++++++++++++++--- 1 files changed, 26 insertions(+), 3 deletions(-) ----------------------------------------------------------------------- commit 4d0a1d785ac6bff2ede656282e54bd4623024a00 Author: Victor Boctor <vb...@gm...> Date: Mon Jul 20 10:15:56 2009 +1000 Fixes #10737: LDAP auth always fails. diff --git a/core/ldap_api.php b/core/ldap_api.php index 31fccb2..1a90c43 100644 --- a/core/ldap_api.php +++ b/core/ldap_api.php @@ -152,6 +152,23 @@ function ldap_realname_from_username( $p_username ) { } /** + * Escapes the LDAP string to disallow injection. + * + * @param string $p_string The string to escape. + * @return string The escaped string. + */ +function ldap_escape_string( $p_string ) { + $t_string = str_replace( '\\', '\5c', $p_string ); + + $t_find = array( '*', '(', ')' ); + $t_replace = array( '\2a', '\28', '\29' ); + + $t_string = str_replace( $t_find, $t_replace, $t_string ); + + return $t_string; +} + +/** * Gets the value of a specific field from LDAP given the user name * and LDAP field name. * @@ -167,12 +184,14 @@ function ldap_get_field_from_username( $p_username, $p_field ) { $t_ldap_root_dn = config_get( 'ldap_root_dn' ); $t_ldap_uid_field = config_get( 'ldap_uid_field' ); + $c_username = ldap_escape_string( $p_username ); + # Bind log_event( LOG_LDAP, "Binding to LDAP server" ); $t_ds = ldap_connect_bind(); # Search - $t_search_filter = "(&$t_ldap_organization($t_ldap_uid_field=$p_username))"; + $t_search_filter = "(&$t_ldap_organization($t_ldap_uid_field=$c_username))"; $t_search_attrs = array( $t_ldap_uid_field, $p_field, 'dn' ); log_event( LOG_LDAP, "Searching for $t_search_filter" ); $t_sr = ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs ); @@ -262,11 +281,13 @@ function ldap_authenticate_by_username( $p_username, $p_password ) { return ldap_simulation_authenticate_by_username( $p_username, $p_password ); } + $c_username = ldap_escape_string( $p_username ); + $t_ldap_organization = config_get( 'ldap_organization' ); $t_ldap_root_dn = config_get( 'ldap_root_dn' ); $t_ldap_uid_field = config_get( 'ldap_uid_field', 'uid' ); - $t_search_filter = "(&$t_ldap_organization($t_ldap_uid_field=$t_username))"; + $t_search_filter = "(&$t_ldap_organization($t_ldap_uid_field=$c_username))"; $t_search_attrs = array( $t_ldap_uid_field, 'dn', @@ -386,7 +407,9 @@ function ldap_simulatiom_realname_from_username( $p_username ) { * @return bool true for authenticated, false otherwise. */ function ldap_simulation_authenticate_by_username( $p_username, $p_password ) { - $t_user = ldap_simulation_get_user( $p_username ); + $c_username = ldap_escape_string( $p_username ); + + $t_user = ldap_simulation_get_user( $c_username ); if ( $t_user === null ) { log_event( LOG_LDAP, "ldap_simulation_authenticate: user '$p_username' not found." ); return false; ----------------------------------------------------------------------- -- Mantis Bug Tracker |