[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Using ldap_xlat in unlang with Chars not allowed in an ldap search
From:       Phil Mayers <p.mayers () imperial ! ac ! uk>
Date:       2012-09-20 16:28:11
Message-ID: 505B441B.1010503 () imperial ! ac ! uk
[Download RAW message or body]

On 29/08/12 17:42, Phil Mayers wrote:

> There's no easy way to do this with the built-in LDAP code. When the
> "xlat" is called, it's called with one big string i.e. the un-escaped
> value is already inside the string, and can't be escaped.

Actually, following this up: I'm wrong here, due to misunderstanding how 
the xlat & escape stuff applies.

I think the actual problem is that ldap_xlat doesn't use the 
ldap_escape_func on the URL, because the escape func was added after the 
xlat, and the xlat not updated. That is, it's a simple bug.

If you edit rlm_ldap.c around line 1231, and change:

   if (!radius_xlat(url, sizeof(url), fmt, request, func))

...to:

   if (!radius_xlat(url, sizeof(url), fmt, request, ldap_escape_func))

...this should work. I'll submit a one-liner.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]