Re: [exim] Open relay?

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Phil Pennock
Ημερομηνία:  
Προς: Ralph Ballier
Υ/ο: exim-users exim.org
Αντικείμενο: Re: [exim] Open relay?
On 2012-02-15 at 00:25 +0100, Ralph Ballier wrote:
> server_condition = ${if or { \
> {pwcheck{$1:$2}} \
> {ldapauth{user=${lookup ldapdn{ LDAP_DEFAULT_CONTROLS ldap:///LDAP_BASEDN?dn?sub?(uid=$auth1)}} \
> pass=${quote:$auth2} \
> ldap:///}} \
> }}


uid=${quote_ldap:$auth1}
pass=${quote_ldap:$auth2}

For the pass case, you should be safe as generic quote-escaping should
protect you. For the uid case, without any quoting, someone can use an
authentication id which embeds LDAP query syntax.

It's probably hard to leverage this to make ldapauth pass, but you still
don't want to let attacker-supplied LDAP queries through.
--
https://twitter.com/syscomet