# HG changeset patch # User Thierry Florac # Date 1547815341 -3600 # Node ID b38760ada646fe055bfcdf9ee9be308fe4a85a8d # Parent 5457f6fff2b54501d08ecf2fde37564706a912bf Escape LDAP filters characters in authentication method diff -r 5457f6fff2b5 -r b38760ada646 src/pyams_ldap/plugin.py --- a/src/pyams_ldap/plugin.py Fri Nov 16 15:19:21 2018 +0100 +++ b/src/pyams_ldap/plugin.py Fri Jan 18 13:42:21 2019 +0100 @@ -13,25 +13,27 @@ __docformat__ = 'restructuredtext' import logging -logger = logging.getLogger('PyAMS (ldap)') - -import ldap3 import re -from pyams_ldap.interfaces import ILDAPPlugin, ILDAPUserInfo, ILDAPGroupInfo -from pyams_mail.interfaces import IPrincipalMailInfo -from zope.intid.interfaces import IIntIds - +import ldap3 from beaker.cache import cache_region +from ldap3.utils.conv import escape_filter_chars from persistent import Persistent -from pyams_ldap.query import LDAPQuery -from pyams_security.principal import PrincipalInfo -from pyams_utils.adapter import adapter_config, ContextAdapter -from pyams_utils.registry import query_utility from zope.container.contained import Contained from zope.interface import implementer +from zope.intid.interfaces import IIntIds from zope.schema.fieldproperty import FieldProperty +from pyams_ldap.interfaces import ILDAPGroupInfo, ILDAPPlugin, ILDAPUserInfo +from pyams_ldap.query import LDAPQuery +from pyams_mail.interfaces import IPrincipalMailInfo +from pyams_security.principal import PrincipalInfo +from pyams_utils.adapter import ContextAdapter, adapter_config +from pyams_utils.registry import query_utility + + +logger = logging.getLogger('PyAMS (ldap)') + managers = {} @@ -269,7 +271,7 @@ conn = self.get_connection() search = LDAPQuery(self.base_dn, self.login_query, self.search_scope, (self.login_attribute, self.uid_attribute)) - result = search.execute(conn, login=login, password=password) + result = search.execute(conn, login=escape_filter_chars(login)) if not result or len(result) > 1: return None result = result[0]