Skip to content
Permalink
Browse files Browse the repository at this point in the history
Update user.py
Double check on bind from user input in case of external access of the function
  • Loading branch information
elg committed Jan 26, 2021
1 parent ca8c1c2 commit 366b03f
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions passhportd/app/views_mod/user/user.py
Expand Up @@ -28,7 +28,7 @@ def useruid(s, login):

# Look for the user entry.
if not c.search(config.LDAPBASE,
"(" + config.LDAPFIELD + "=" + login + ")") :
"(" + config.LDAPFIELD + "=" + escape_rdn(login) + ")") :
app.logger.error("Error: Connection to the LDAP with service account failed")
else:
if len(c.entries) >= 1 :
Expand All @@ -49,7 +49,7 @@ def try_ldap_login(login, password):
s = Server(config.LDAPURI, port=config.LDAPPORT,
use_ssl=False, get_info=ALL)
# 1. connection with service account to find the user uid
uid = useruid(s, login)
uid = useruid(s, escape_rdn(login))

if uid:
# 2. Try to bind the user to the LDAP
Expand Down

0 comments on commit 366b03f

Please sign in to comment.