EscapeFilter the group dn membership (#20200)

The uid provided to the group filter must be properly escaped using the provided
ldap.EscapeFilter function.

Fix #20181

Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
zeripath 2022-07-05 16:59:27 +01:00 committed by GitHub
parent 45f17528a8
commit 6efbe49439
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -199,7 +199,7 @@ func checkRestricted(l *ldap.Conn, ls *Source, userDN string) bool {
// List all group memberships of a user // List all group memberships of a user
func (source *Source) listLdapGroupMemberships(l *ldap.Conn, uid string) []string { func (source *Source) listLdapGroupMemberships(l *ldap.Conn, uid string) []string {
var ldapGroups []string var ldapGroups []string
groupFilter := fmt.Sprintf("(%s=%s)", source.GroupMemberUID, uid) groupFilter := fmt.Sprintf("(%s=%s)", source.GroupMemberUID, ldap.EscapeFilter(uid))
result, err := l.Search(ldap.NewSearchRequest( result, err := l.Search(ldap.NewSearchRequest(
source.GroupDN, source.GroupDN,
ldap.ScopeWholeSubtree, ldap.ScopeWholeSubtree,