Re: [Courier-imap] patch to dynamically modifying LDAP_FILTER on ip-basis and other stuff

[Brian Candler]

On Sun, Jul 02, 2006 at 08:30:40PM +0100, Brian Candler wrote:
> (However, does authldap log the filter string it has built, before trying to
> send it to the server? If not, it would be a good thing for it to do)

I think it does: in authldaplib.c I see

        DPRINTF("using search filter: %s", filter);

so it should have been clear with auth debugging turned on that the wrong
filter was being constructed.

You could add the untested patch below to idiot-proof the filter code (no
offence Tony :-) by not requiring the subexpression to be in parentheses.

However, this probably doesn't make much sense, since all LDAP filters
themselves have to have enclosing parentheses - see RFC 2254 (grammar in
section 4, examples in section 5). In other words, if you write

LDAP_FILTER     &(foo=bar)(baz=bap)

this is not by itself a valid LDAP filter anyway.

Regards,

Brian.

Index: authldaplib.c
===================================================================
RCS file: /cvsroot/courier/libs/authlib/authldaplib.c,v
retrieving revision 1.56
diff -u -r1.56 authldaplib.c
--- authldaplib.c       1 Jun 2006 10:47:32 -0000       1.56
+++ authldaplib.c       2 Jul 2006 19:41:45 -0000
@@ -1099,8 +1099,8 @@
         if (hasAdditionalFilter)
         {
             /* To add the additional filter, we need to add on the
-             * additional size for "(&)" and the other filter.  So
-             * filter+3
+             * additional size for "(&())" and the other filter.  So
+             * filter+5
              */
             additionalFilter = strlen(my_ldap.filter) + 3;
         }
@@ -1116,7 +1116,7 @@
 
         if (hasAdditionalFilter)
         {
-            strcat(filter, "(&");
+            strcat(filter, "(&(");
             strcat(filter, my_ldap.filter);
         }
 
@@ -1127,7 +1127,7 @@
         
         if (hasAdditionalFilter)
         {
-            strcat(filter, ")");
+            strcat(filter, "))");
         }
 
        DPRINTF("using search filter: %s", filter);

Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Courier-imap mailing list
Courier-imap@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap