Issue 6199 - wrong search query during certificate based authentication

[progier389]

Problems:
SubjectDN extracted from the certificate is not escaped when used by certmap.conf
Other extracted value are wrongly escaped and quoted when added in filter

Solution: Ensure that proper escape function is used in these two cases.
Values in filter should not be quoted but * should be escaped.

Note: I considered to reuse the ldap_bv2escaped_filter_value function but it needless realloc the returned data
so I ended up to rewrite something the escape function (which is quite straightforward anyway).

Issue: #6199

Reviewed by: @droideck

[progier389]

Fixed the extra space that cause "Validate tests" to fail
Fixed the missing free(certFilter)

[droideck]

I think it'll be better to wait for CI to be fixed so we can check the PR against tests, but the code looks good to me!

[progier389]

I agree about waiting for the CI tests

[tbordaz]

Sorry to come late to this thread. Just a question regarding value2filter_sizes.
should not we also escape chars: ',' (comma), '=' (equal), '&' (and), '|' (or), '!'

[progier389]

According to https://datatracker.ietf.org/doc/html/rfc4515:

The <valueencoding> rule ensures that the entire filter string is a
   valid UTF-8 string and provides that the octets that represent the
   ASCII characters "*" (ASCII 0x2a), "(" (ASCII 0x28), ")" (ASCII
   0x29), "\" (ASCII 0x5c), and NUL (ASCII 0x00) are represented as a
   backslash "\" (ASCII 0x5c) followed by the two hexadecimal digits
   representing the value of the encoded octet.

So the answer is no.

FYI: in this code we are escaping filter value (that are already dn string representation (i.e escaped as dn according to RFC4514 ) )
so value2filter_sizes only handles the filter value escape.