diff options
| author | 2026-05-31 11:50:37 +0100 | |
|---|---|---|
| committer | 2026-06-05 13:43:29 +0100 | |
| commit | 6319ae4fb8c10dabc9464ad49faec532096fbcb5 (patch) | |
| tree | 6b6418e4e50d867f7ff14ef4adb5813dfa5c6e65 | |
| parent | Port over some recent changes to the Anope LDAP API. (diff) | |
Fix escaping LDAP search filters in ldapauth and ldapoper.
| -rw-r--r-- | include/modules/ldap.h | 2 | ||||
| -rw-r--r-- | src/modules/m_ldapauth.cpp | 16 | ||||
| -rw-r--r-- | src/modules/m_ldapoper.cpp | 11 |
3 files changed, 18 insertions, 11 deletions
diff --git a/include/modules/ldap.h b/include/modules/ldap.h index d72dd1422..2d4fde80b 100644 --- a/include/modules/ldap.h +++ b/include/modules/ldap.h @@ -48,6 +48,8 @@ struct LDAPModification final typedef std::vector<LDAPModification> LDAPMods; +using LDAPAttribute = std::pair<std::string, std::string>; + struct LDAPAttributes final : public std::map<std::string, std::vector<std::string>> { diff --git a/src/modules/m_ldapauth.cpp b/src/modules/m_ldapauth.cpp index 00ac7a280..1f92f8819 100644 --- a/src/modules/m_ldapauth.cpp +++ b/src/modules/m_ldapauth.cpp @@ -275,10 +275,10 @@ class AdminBindInterface final const std::string provider; const std::string uuid; const std::string base; - const std::string what; + const LDAPAttribute what; public: - AdminBindInterface(Module* c, const std::string& p, const std::string& u, const std::string& b, const std::string& w) + AdminBindInterface(Module* c, const std::string& p, const std::string& u, const std::string& b, const LDAPAttribute& w) : LDAPInterface(c) , provider(p) , uuid(u) @@ -294,7 +294,8 @@ public: { try { - LDAP->Search(new SearchInterface(this->creator, provider, uuid), base, what); + const auto sf = INSP_FORMAT("{}={}", what.first, LDAP->EscapeSF(what.second)); + LDAP->Search(new SearchInterface(this->creator, provider, uuid), base, sf); } catch (const LDAPException& ex) { @@ -428,15 +429,16 @@ public: return MOD_RES_DENY; } - std::string what = attribute + "="; + LDAPAttribute what; + what.first = attribute; switch (field) { case AuthField::NICKNAME: - what += user->nick; + what.second = user->nick; break; case AuthField::USERNAME: - what += user->GetRealUser(); + what.second = user->GetRealUser(); break; case AuthField::PASSWORD: @@ -450,7 +452,7 @@ public: return MOD_RES_DENY; } - what += user->password.substr(0, pos); + what.second = user->password.substr(0, pos); user->password.erase(0, pos + 1); user->password.shrink_to_fit(); break; diff --git a/src/modules/m_ldapoper.cpp b/src/modules/m_ldapoper.cpp index 14776b913..8b8b4ec19 100644 --- a/src/modules/m_ldapoper.cpp +++ b/src/modules/m_ldapoper.cpp @@ -151,10 +151,10 @@ class AdminBindInterface final const std::string opername; const std::string password; const std::string base; - const std::string what; + const LDAPAttribute what; public: - AdminBindInterface(Module* c, const std::string& p, const std::string& u, const std::string& o, const std::string& pa, const std::string& b, const std::string& w) + AdminBindInterface(Module* c, const std::string& p, const std::string& u, const std::string& o, const std::string& pa, const std::string& b, const LDAPAttribute& w) : LDAPInterface(c) , provider(p) , user(u) @@ -172,7 +172,8 @@ public: { try { - LDAP->Search(new SearchInterface(this->creator, provider, user, opername, password), base, what); + const auto sf = INSP_FORMAT("{}={}", what.first, LDAP->EscapeSF(what.second)); + LDAP->Search(new SearchInterface(this->creator, provider, user, opername, password), base, sf); } catch (const LDAPException& ex) { @@ -233,7 +234,9 @@ public: try { - std::string what = attribute + "=" + opername; + LDAPAttribute what; + what.first = attribute; + what.second = opername; LDAP->BindAsManager(new AdminBindInterface(this, LDAP.GetProvider(), user->uuid, opername, password, base, what)); return MOD_RES_DENY; } |
