Jabberd

%u replaced only once in LDAP query string

Bug #832876 reported by Tobias G. Pfeiffer on 2011-08-24

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Jabberd	Confirmed	Wishlist	Unassigned

Bug Description

In c2s.xml, it is possible to give a query string that retrieves a user's DN, given the user name %u and the realm %r. In my place, I have a filter expression like
(|(&(cn=%u)(objectClass=simpleSecurityObject))(&(uid=%u)(objectClass=posixAccount)))
because I want some human users (these are posixAccounts) and also some "machine users" (these are simpleSecurityObjects), but not all human users to be able to login.
The problem now is that the %u is only replaced once in that string (cf. authreg_ldap.c, in static int _create_user_filter(moddata_t data)), i.e. the filter string passed to LDAP is
(|(&(cn=myUserName)(objectClass=simpleSecurityObject))(&(uid=%u)(objectClass=posixAccount)))
which obviously won't work.

The function mentioned above needs to be changed in order to fix this.

Revision history for this message

Tobias G. Pfeiffer (tgpfeiffer) wrote on 2011-08-29:

Uh, the issue seems harder to fix than I thought...

Apparently, the cases "only %u", "%u and %r (in that order)", and "%r and %u (in that order)" are hardcoded and replaced by strings that can be handled by printf, i.e. only containing %s as a placeholder. I guess that just substituting %u by the user name and %r by the realm would be a better way.

I would greatly appreciate if someone could fix this issue; for someone who knows C, this shouldn't be too hard.

Tomasz Sterna (smoku) on 2011-10-08

Changed in jabberd2:
importance:	Undecided → Wishlist
status:	New → Confirmed

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.