Merge pull request #6 from josefsabl/escape-fix

Bugfix: when group name in LDAP contains unescaped characters, the authenticator crashes
foglcz · Mar 3, 2016 · 5e62952 · 5e62952
2 parents dae2b8c + 908bb13
commit 5e62952
Showing 1 changed file with 80 additions and 1 deletion.
diff --git a/lib/Handlers/GroupsLoader.php b/lib/Handlers/GroupsLoader.php
@@ -146,6 +146,85 @@ protected function getUserMemberOf(Manager $ldap, array $userData, array $allowe
 	 */
 	protected function getGroupMemberOf(Manager $ldap, $groupDn)
 	{
-		return $ldap->search(null, str_replace(':group:', $groupDn, self::$GroupMemberOfLookup));
+		return $ldap->search(null, str_replace(':group:', ldap_escape($groupDn, null, LDAP_ESCAPE_DN), self::$GroupMemberOfLookup));
+	}
+}
+
+
+
+if (!function_exists('ldap_escape')) {
+	//from: http://stackoverflow.com/questions/8560874/php-ldap-add-function-to-escape-ldap-special-characters-in-dn-syntax
+	define('LDAP_ESCAPE_FILTER', 0x01);
+	define('LDAP_ESCAPE_DN', 0x02);
+
+
+	/**
+	 * @param string $subject The subject string
+	 * @param string $ignore Set of characters to leave untouched
+	 * @param int $flags Any combination of LDAP_ESCAPE_* flags to indicate the
+	 *                   set(s) of characters to escape.
+	 * @return string
+	 */
+	function ldap_escape($subject, $ignore = '', $flags = 0)
+	{
+		static $charMaps = array(
+			LDAP_ESCAPE_FILTER => array('\\', '*', '(', ')', "\x00"),
+			LDAP_ESCAPE_DN => array('\\', ',', '=', '+', '<', '>', ';', '"', '#'),
+		);
+
+		// Pre-process the char maps on first call
+		if (!isset($charMaps[0])) {
+			$charMaps[0] = array();
+			for ($i = 0; $i < 256; $i++) {
+				$charMaps[0][chr($i)] = sprintf('\\%02x', $i);
+				;
+			}
+
+			for ($i = 0, $l = count($charMaps[LDAP_ESCAPE_FILTER]); $i < $l; $i++) {
+				$chr = $charMaps[LDAP_ESCAPE_FILTER][$i];
+				unset($charMaps[LDAP_ESCAPE_FILTER][$i]);
+				$charMaps[LDAP_ESCAPE_FILTER][$chr] = $charMaps[0][$chr];
+			}
+
+			for ($i = 0, $l = count($charMaps[LDAP_ESCAPE_DN]); $i < $l; $i++) {
+				$chr = $charMaps[LDAP_ESCAPE_DN][$i];
+				unset($charMaps[LDAP_ESCAPE_DN][$i]);
+				$charMaps[LDAP_ESCAPE_DN][$chr] = $charMaps[0][$chr];
+			}
+		}
+
+		// Create the base char map to escape
+		$flags = (int)$flags;
+		$charMap = array();
+		if ($flags & LDAP_ESCAPE_FILTER) {
+			$charMap += $charMaps[LDAP_ESCAPE_FILTER];
+		}
+		if ($flags & LDAP_ESCAPE_DN) {
+			$charMap += $charMaps[LDAP_ESCAPE_DN];
+		}
+		if (!$charMap) {
+			$charMap = $charMaps[0];
+		}
+
+		// Remove any chars to ignore from the list
+		$ignore = (string)$ignore;
+		for ($i = 0, $l = strlen($ignore); $i < $l; $i++) {
+			unset($charMap[$ignore[$i]]);
+		}
+
+		// Do the main replacement
+		$result = strtr($subject, $charMap);
+
+		// Encode leading/trailing spaces if LDAP_ESCAPE_DN is passed
+		if ($flags & LDAP_ESCAPE_DN) {
+			if ($result[0] === ' ') {
+				$result = '\\20' . substr($result, 1);
+			}
+			if ($result[strlen($result) - 1] === ' ') {
+				$result = substr($result, 0, -1) . '\\20';
+			}
+		}
+
+		return $result;
 	}
 }