aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Sadie Powell2026-05-31 11:50:37 +0100
committerGravatar Sadie Powell2026-06-05 13:43:29 +0100
commit6319ae4fb8c10dabc9464ad49faec532096fbcb5 (patch)
tree6b6418e4e50d867f7ff14ef4adb5813dfa5c6e65
parentPort over some recent changes to the Anope LDAP API. (diff)
Fix escaping LDAP search filters in ldapauth and ldapoper.
-rw-r--r--include/modules/ldap.h2
-rw-r--r--src/modules/m_ldapauth.cpp16
-rw-r--r--src/modules/m_ldapoper.cpp11
3 files changed, 18 insertions, 11 deletions
diff --git a/include/modules/ldap.h b/include/modules/ldap.h
index d72dd1422..2d4fde80b 100644
--- a/include/modules/ldap.h
+++ b/include/modules/ldap.h
@@ -48,6 +48,8 @@ struct LDAPModification final
typedef std::vector<LDAPModification> LDAPMods;
+using LDAPAttribute = std::pair<std::string, std::string>;
+
struct LDAPAttributes final
: public std::map<std::string, std::vector<std::string>>
{
diff --git a/src/modules/m_ldapauth.cpp b/src/modules/m_ldapauth.cpp
index 00ac7a280..1f92f8819 100644
--- a/src/modules/m_ldapauth.cpp
+++ b/src/modules/m_ldapauth.cpp
@@ -275,10 +275,10 @@ class AdminBindInterface final
const std::string provider;
const std::string uuid;
const std::string base;
- const std::string what;
+ const LDAPAttribute what;
public:
- AdminBindInterface(Module* c, const std::string& p, const std::string& u, const std::string& b, const std::string& w)
+ AdminBindInterface(Module* c, const std::string& p, const std::string& u, const std::string& b, const LDAPAttribute& w)
: LDAPInterface(c)
, provider(p)
, uuid(u)
@@ -294,7 +294,8 @@ public:
{
try
{
- LDAP->Search(new SearchInterface(this->creator, provider, uuid), base, what);
+ const auto sf = INSP_FORMAT("{}={}", what.first, LDAP->EscapeSF(what.second));
+ LDAP->Search(new SearchInterface(this->creator, provider, uuid), base, sf);
}
catch (const LDAPException& ex)
{
@@ -428,15 +429,16 @@ public:
return MOD_RES_DENY;
}
- std::string what = attribute + "=";
+ LDAPAttribute what;
+ what.first = attribute;
switch (field)
{
case AuthField::NICKNAME:
- what += user->nick;
+ what.second = user->nick;
break;
case AuthField::USERNAME:
- what += user->GetRealUser();
+ what.second = user->GetRealUser();
break;
case AuthField::PASSWORD:
@@ -450,7 +452,7 @@ public:
return MOD_RES_DENY;
}
- what += user->password.substr(0, pos);
+ what.second = user->password.substr(0, pos);
user->password.erase(0, pos + 1);
user->password.shrink_to_fit();
break;
diff --git a/src/modules/m_ldapoper.cpp b/src/modules/m_ldapoper.cpp
index 14776b913..8b8b4ec19 100644
--- a/src/modules/m_ldapoper.cpp
+++ b/src/modules/m_ldapoper.cpp
@@ -151,10 +151,10 @@ class AdminBindInterface final
const std::string opername;
const std::string password;
const std::string base;
- const std::string what;
+ const LDAPAttribute what;
public:
- AdminBindInterface(Module* c, const std::string& p, const std::string& u, const std::string& o, const std::string& pa, const std::string& b, const std::string& w)
+ AdminBindInterface(Module* c, const std::string& p, const std::string& u, const std::string& o, const std::string& pa, const std::string& b, const LDAPAttribute& w)
: LDAPInterface(c)
, provider(p)
, user(u)
@@ -172,7 +172,8 @@ public:
{
try
{
- LDAP->Search(new SearchInterface(this->creator, provider, user, opername, password), base, what);
+ const auto sf = INSP_FORMAT("{}={}", what.first, LDAP->EscapeSF(what.second));
+ LDAP->Search(new SearchInterface(this->creator, provider, user, opername, password), base, sf);
}
catch (const LDAPException& ex)
{
@@ -233,7 +234,9 @@ public:
try
{
- std::string what = attribute + "=" + opername;
+ LDAPAttribute what;
+ what.first = attribute;
+ what.second = opername;
LDAP->BindAsManager(new AdminBindInterface(this, LDAP.GetProvider(), user->uuid, opername, password, base, what));
return MOD_RES_DENY;
}