cwinfo/powerdns-admin
5
0
Fork 0
mirror of https://github.com/cwinfo/powerdns-admin.git synced 2024-12-04 19:15:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adding LDAP search filter cleansing mechanism to account for special characters that need replaced in LDAP search queries.

Browse Source
This commit is contained in:
Matt Scott 2023-12-08 04:53:52 -05:00
parent 66c262c57d
commit 7b6aafbb2c
No known key found for this signature in database
GPG Key ID: A9A0AFFC0E079001
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
powerdnsadmin/models/user.py
View File

@ -133,9 +133,21 @@ class User(db.Model):
conn.protocol_version = ldap.VERSION3 conn.protocol_version = ldap.VERSION3
return conn return conn
def escape_filter_chars(self, filter_str):
"""
Escape chars for ldap search
"""
escape_chars = ['\\', '*', '(', ')', '\x00']
replace_chars = ['\\5c', '\\2a', '\\28', '\\29', '\\00']
for escape_char in escape_chars:
filter_str = filter_str.replace(escape_char, replace_chars[escape_chars.index(escape_char)])
return filter_str
def ldap_search(self, searchFilter, baseDN, retrieveAttributes=None): def ldap_search(self, searchFilter, baseDN, retrieveAttributes=None):
searchScope = ldap.SCOPE_SUBTREE searchScope = ldap.SCOPE_SUBTREE
searchFilter = self.escape_filter_chars(searchFilter)
try: try:
conn = self.ldap_init_conn() conn = self.ldap_init_conn()
if Setting().get('ldap_type') == 'ad': if Setting().get('ldap_type') == 'ad':