kdc ldap plugin code

Jim Shi hanmao_shi at apple.com
Mon Sep 10 18:05:08 EDT 2012


Hi,  I  found two issues in handing of special characters in the kdc  ldap plugin code in krb5.1.10.3. I believe the same problem exists in the previous versions as well.

Issue 1.
When persisting a principal record to ldap backend, in the file "ldap_principal2.c" with procedure:
krb5_error_code
krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry,
                       char **db_args)
in two seperated places, it should apply 'ldap_filter_correct' on 'user' to escape special characters in ldap search. But it did not.

I attached a patch for this.


Issue 2.
We need escape a few more special characters in the file "ldap_realm.c", subroutine:
char *
ldap_filter_correct (char *in)

See the  attached  patch.  I added four more characters to escape: '+',  '#',  ';',  ',' .
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: patch1.txt
Url: http://mailman.mit.edu/pipermail/krbdev/attachments/20120910/b20510fa/attachment.txt
-------------- next part --------------

Thanks for your attention.

Jim


More information about the krbdev mailing list