kdc ldap plugin code
Jim Shi
hanmao_shi at apple.com
Mon Sep 10 18:05:08 EDT 2012
Hi, I found two issues in handing of special characters in the kdc ldap plugin code in krb5.1.10.3. I believe the same problem exists in the previous versions as well.
Issue 1.
When persisting a principal record to ldap backend, in the file "ldap_principal2.c" with procedure:
krb5_error_code
krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry,
char **db_args)
in two seperated places, it should apply 'ldap_filter_correct' on 'user' to escape special characters in ldap search. But it did not.
I attached a patch for this.
Issue 2.
We need escape a few more special characters in the file "ldap_realm.c", subroutine:
char *
ldap_filter_correct (char *in)
See the attached patch. I added four more characters to escape: '+', '#', ';', ',' .
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: patch1.txt
Url: http://mailman.mit.edu/pipermail/krbdev/attachments/20120910/b20510fa/attachment.txt
-------------- next part --------------
Thanks for your attention.
Jim
More information about the krbdev
mailing list