From 18e483856bca8bdfa0b58f9397d819a562ee4ad6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Sun, 26 Oct 2008 18:20:23 +0000
Subject: [PATCH] =?UTF-8?q?Use=20ldap=5Fbv2escaped=5Ffilter=5Fvalue=20to?=
 =?UTF-8?q?=20filter=20the=20search=20query.=20Idea=20from=20Michael=20Str?=
 =?UTF-8?q?=C3=B6der.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23955 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/hdb/hdb-ldap.c | 34 +++++++++++++++++-----------------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/lib/hdb/hdb-ldap.c b/lib/hdb/hdb-ldap.c
index f50118f58..0e5b034c8 100644
--- a/lib/hdb/hdb-ldap.c
+++ b/lib/hdb/hdb-ldap.c
@@ -794,34 +794,34 @@ LDAP__lookup_princ(krb5_context context,
 		   const char *userid,
 		   LDAPMessage **msg)
 {
+    struct berval princnamebv, quotedp;
     krb5_error_code ret;
     int rc;
     char *filter = NULL;
-    size_t len;
-
-    /* 
-     * Filter out searches for *@REALM, which takes very long time,
-     * and other ldap special characters, this should really be
-     * quoting instead.
-     */
-    len = strcspn(princname, "()*=&\\|~=<>!");
-    if (princname[len] != '\0') {
-	krb5_set_error_message(context, HDB_ERR_NOENTRY,
-			       "Principal contains ldap "
-			       "search term: %s", princname);
-	return HDB_ERR_NOENTRY;
-    }
 
     ret = LDAP__connect(context, db);
     if (ret)
 	return ret;
 
+    /* 
+     * Quote searches that contain filter language, this quote
+     * searches for *@REALM, which takes very long time.
+     */
+
+    ber_str2bv(princname, 0, 0, &princnamebv);
+    if (ldap_bv2escaped_filter_value(&princnamebv, &quotedp) != 0) {
+	ret = ENOMEM;
+	krb5_set_error_message(context, ret, "malloc: out of memory");
+	goto out;
+    }
     rc = asprintf(&filter,
 		  "(&(objectClass=krb5Principal)(krb5PrincipalName=%s))",
-		  princname);
+		  quotedp.bv_val);
+    ber_memfree(quotedp.bv_val);
+
     if (rc < 0) {
 	ret = ENOMEM;
-	krb5_set_error_message(context, ret, "asprintf: out of memory");
+	krb5_set_error_message(context, ret, "malloc: out of memory");
 	goto out;
     }
 
@@ -1198,8 +1198,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
 	if (ent->entry.pw_end == NULL) {
             ent->entry.pw_end = malloc(sizeof(*ent->entry.pw_end));
             if (ent->entry.pw_end == NULL) {
-                krb5_set_error_string(context, "malloc: out of memory");
                 ret = ENOMEM;
+                krb5_set_error_message(context, ret, "malloc: out of memory");
                 goto out;
             }
         }