From a2e54fb970d0bc6495ae2650edb41287ca8972a2 Mon Sep 17 00:00:00 2001
From: Graham Leggett <minfrin@apache.org>
Date: Mon, 4 Oct 2004 23:43:20 +0000
Subject: [PATCH] mod_auth_ldap: Handle the inconsistent way in which the MS
 LDAP library handles special characters. PR:	24437 Obtained from: Submitted
 by:	Jess Holle Reviewed by:

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@105379 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES                       |  3 +++
 modules/aaa/mod_authnz_ldap.c | 38 ++++++++++++++++++++++++++++++-----
 2 files changed, 36 insertions(+), 5 deletions(-)

diff --git a/CHANGES b/CHANGES
index ef56e33685..34688b0570 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,9 @@ Changes with Apache 2.1.0-dev
 
   [Remove entries to the current 2.0 section below, when backported]
 
+  *) mod_auth_ldap: Handle the inconsistent way in which the MS LDAP
+     library handles special characters. PR 24437 [Jess Holle]
+
   *) mod_ldap: fix a bogus error message to tell the user which file
      is causing a potential problem with the LDAP shared memory cache.
      PR 31431 [Graham Leggett]
diff --git a/modules/aaa/mod_authnz_ldap.c b/modules/aaa/mod_authnz_ldap.c
index 88b7da389e..226aee94af 100644
--- a/modules/aaa/mod_authnz_ldap.c
+++ b/modules/aaa/mod_authnz_ldap.c
@@ -207,19 +207,47 @@ static void authn_ldap_build_filter(char *filtbuf,
      * LDAP filter metachars are escaped.
      */
     filtbuf_end = filtbuf + FILTER_LENGTH - 1;
+#if APR_HAS_MICROSOFT_LDAPSDK
+    for (p = user, q=filtbuf + strlen(filtbuf);
+         *p && q < filtbuf_end; ) {
+        if (strchr("*()\\", *p) != NULL) {
+            if ( q + 3 >= filtbuf_end)
+              break;  /* Don't write part of escape sequence if we can't write all of it */
+            *q++ = '\\';
+            switch ( *p++ )
+            {
+              case '*':
+                *q++ = '2';
+                *q++ = 'a';
+                break;
+              case '(':
+                *q++ = '2';
+                *q++ = '8';
+                break;
+              case ')':
+                *q++ = '2';
+                *q++ = '9';
+                break;
+              case '\\':
+                *q++ = '5';
+                *q++ = 'c';
+                break;
+		        }
+        }
+        else
+            *q++ = *p++;
+    }
+#else
     for (p = user, q=filtbuf + strlen(filtbuf);
          *p && q < filtbuf_end; *q++ = *p++) {
-#if APR_HAS_MICROSOFT_LDAPSDK
-        /* Note: The Microsoft SDK escapes for us, so is not necessary */
-#else
         if (strchr("*()\\", *p) != NULL) {
             *q++ = '\\';
             if (q >= filtbuf_end) {
-                break;
+              break;
             }
         }
-#endif
     }
+#endif
     *q = '\0';
 
     /*