Log an error when an LDAP filter is incorrect (EJAB-1395)

author Evgeniy Khramtsov <ekhramtsov@process-one.net>

Wed, 15 Jun 2011 10:06:32 +0000 (20:06 +1000)

committer Badlop <badlop@process-one.net>

Wed, 15 Jun 2011 16:11:08 +0000 (18:11 +0200)
author Evgeniy Khramtsov <ekhramtsov@process-one.net>
Wed, 15 Jun 2011 10:06:32 +0000 (20:06 +1000)
committer Badlop <badlop@process-one.net>
Wed, 15 Jun 2011 16:11:08 +0000 (18:11 +0200)
diff --git a/src/ejabberd_auth_ldap.erl b/src/ejabberd_auth_ldap.erl

index a35db33868086ea36be6ebd9539cd7cf68e3e0e7..8a0d333dc8239aa00bc676d88540509fa9cd47e0 100644 (file)
--- a/src/ejabberd_auth_ldap.erl
+++ b/src/ejabberd_auth_ldap.erl
@@ -530,11 +530,15 @@ parse_options(Host) ->
                end,
      UIDs = case ejabberd_config:get_local_option({ldap_uids, Host}) of
                undefined -> [{"uid", "%u"}];
-              UI -> UI
+              UI -> eldap_utils:uids_domain_subst(Host, UI)
            end,
+    SubFilter = lists:flatten(eldap_utils:generate_subfilter(UIDs)),
      UserFilter = case ejabberd_config:get_local_option({ldap_filter, Host}) of
                      undefined -> "";
-                    F -> F
+                    "" -> "";
+                    F ->
+                         eldap_utils:check_filter(F),
+                         "(&" ++ SubFilter ++ F ++ ")"
                  end,
      LDAPBase = ejabberd_config:get_local_option({ldap_base, Host}),
      {DNFilter, DNFilterAttrs} =
@@ -546,7 +550,8 @@ parse_options(Host) ->
             {DNF, DNFA} ->
                 {DNF, DNFA}
         end,
-       LocalFilter = ejabberd_config:get_local_option({ldap_local_filter, Host}),
+    eldap_utils:check_filter(DNFilter),
+    LocalFilter = ejabberd_config:get_local_option({ldap_local_filter, Host}),
      #state{host = Host,
            eldap_id = Eldap_ID,
            bind_eldap_id = Bind_Eldap_ID,
diff --git a/src/eldap/eldap_filter.erl b/src/eldap/eldap_filter.erl

index c427ab28c3586cc99a085a0b6197909bc3701094..18ed62f2da25f3a2a7d9e5850a89a6b9090a80b1 100644 (file)
--- a/src/eldap/eldap_filter.erl
+++ b/src/eldap/eldap_filter.erl
@@ -79,6 +79,8 @@ parse(L) when is_list(L) ->
  %%%-------------------------------------------------------------------
  parse(L, SList) when is_list(L), is_list(SList) ->
      case catch eldap_filter_yecc:parse(scan(L, SList)) of
+        {'EXIT', _} = Err ->
+            {error, Err};
         {error, {_, _, Msg}} ->
             {error, Msg};
         {ok, Result} ->
diff --git a/src/eldap/eldap_utils.erl b/src/eldap/eldap_utils.erl

index 14a421315999a7b889bda56b0d88fbe98532cf63..c49d108445cdb8cdd8e620406520bd662b73a8de 100644 (file)
--- a/src/eldap/eldap_utils.erl
+++ b/src/eldap/eldap_utils.erl
@@ -35,8 +35,11 @@
          make_filter/2,
          get_state/2,
          case_insensitive_match/2,
+         check_filter/1,
          uids_domain_subst/2]).
  
+-include("ejabberd.hrl").
+
  %% Generate an 'or' LDAP query on one or several attributes
  %% If there is only one attribute
  generate_subfilter([UID]) ->
@@ -144,3 +147,16 @@ uids_domain_subst(Host, UIDs) ->
                    (A) -> A 
                end,
                UIDs).
+
+check_filter(undefined) ->
+    ok;
+check_filter(Filter) ->
+    case eldap_filter:parse(Filter) of
+        {ok, _} ->
+            ok;
+        Err ->
+            ?ERROR_MSG("failed to parse LDAP filter:~n"
+                       "** Filter: ~p~n"
+                       "** Reason: ~p",
+                       [Filter, Err])
+    end.
diff --git a/src/mod_shared_roster_ldap.erl b/src/mod_shared_roster_ldap.erl

index aa30c34e3190af4236831e0c95a4ae9fc0bea8d3..d313d5676d3b186c0f59a6e595d27b8c3f3fab0f 100644 (file)
--- a/src/mod_shared_roster_ldap.erl
+++ b/src/mod_shared_roster_ldap.erl
@@ -631,7 +631,9 @@ parse_options(Host, Opts) ->
                        RF ->
                            RF
                    end,
-
+    lists:foreach(fun eldap_utils:check_filter/1, 
+                  [ConfigFilter, ConfigUserFilter,
+                   ConfigGroupFilter, RosterFilter]),
      SubFilter = "(&("++UIDAttr++"="++UIDAttrFormat++")("++GroupAttr++"=%g))",
      UserSubFilter = case ConfigUserFilter of
                          undefined -> eldap_filter:do_sub(SubFilter, [{"%g", "*"}]);
diff --git a/src/mod_vcard_ldap.erl b/src/mod_vcard_ldap.erl

index bb90939acae6ff1a452611bd6a7ef84b6ffad219..ab8088b4ea60a6b1a530c2f98f57b5a2af896c56 100644 (file)
--- a/src/mod_vcard_ldap.erl
+++ b/src/mod_vcard_ldap.erl
@@ -721,10 +721,14 @@ parse_options(Host, Opts) ->
                          case ejabberd_config:get_local_option({ldap_filter, Host}) of
                              undefined -> SubFilter;
                              "" -> SubFilter;
-                            F -> "(&" ++ SubFilter ++ F ++ ")"
+                            F ->
+                                 eldap_utils:check_filter(F),
+                                 "(&" ++ SubFilter ++ F ++ ")"
                          end;
                      "" -> SubFilter;
-                    F -> "(&" ++ SubFilter ++ F ++ ")"
+                    F ->
+                         eldap_utils:check_filter(F),
+                         "(&" ++ SubFilter ++ F ++ ")"
                  end,
      {ok, SearchFilter} = eldap_filter:parse(
                            eldap_filter:do_sub(UserFilter, [{"%u","*"}])),
author	Evgeniy Khramtsov <ekhramtsov@process-one.net>
	Wed, 15 Jun 2011 10:06:32 +0000 (20:06 +1000)
committer	Badlop <badlop@process-one.net>
	Wed, 15 Jun 2011 16:11:08 +0000 (18:11 +0200)
src/ejabberd_auth_ldap.erl		patch \| blob \| history
src/eldap/eldap_filter.erl		patch \| blob \| history
src/eldap/eldap_utils.erl		patch \| blob \| history
src/mod_shared_roster_ldap.erl		patch \| blob \| history
src/mod_vcard_ldap.erl		patch \| blob \| history