DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24437>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24437 mod_auth_ldap doubly-escapes backslash (\) characters in uids [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|Major |Normal ------- Additional Comments From [EMAIL PROTECTED] 2003-11-05 18:41 ------- It turns out that the Microsoft LDAP SDK escapes these characters on its own! I found the filter escape code in mod_auth_ldap_build_filter in mod_auth_ldap.c and observed that its input and output was exactly what I'd expect. I also note that it's output is what is passed to the LDAP SDK. I commented out the escape code (in the simplest fashion, i.e. yes, I could use strncpy at this point) and then (and only then) am able to authenticate with \, ), (, and * in my user name. I assume this is a Microsoft LDAP SDK feature as my other LDAP SDK experience suggests the escaping done by mod_auth_ldap is required. All the same, I believe we should #if out this filter code when using the Microsoft LDAP SDK -- as it only currently serves to prevent that which it is intended to allow. My change is to add the comments in the code excerpt below taken from mod_auth_ldap.c (sorry, I'm not creating a patch as strncpy would be better, etc, etc): filtbuf_end = filtbuf + FILTER_LENGTH - 1; for (p = user, q=filtbuf + strlen(filtbuf); *p && q < filtbuf_end; *q++ = *p++) { /* Microsoft LDAP SDK does this automatically (!); doing this here causes double-escaping!!! The following code block must therefore be removed when using Microsoft's LDAP SDK. */ /* if (strchr("*()\\", *p) != NULL) { *q++ = '\\'; if (q >= filtbuf_end) { break; } } */ } --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
