From efc90645de397d8ca7c61da7c89b7b0b19f03010 Mon Sep 17 00:00:00 2001
From: Lars Karlslund <lars@karlslund.dk>
Date: Mon, 13 Dec 2021 11:00:08 +0100
Subject: [PATCH] Fix for method filtering in the LDAP queries using _pwnable
 and _canpwn synthetic attributes

---
 modules/engine/pwn.go            | 1 +
 modules/ldapquery/queryparser.go | 6 ++++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/modules/engine/pwn.go b/modules/engine/pwn.go
index 48528e8..8a2e938 100644
--- a/modules/engine/pwn.go
+++ b/modules/engine/pwn.go
@@ -151,6 +151,7 @@ func AllPwnMethodsSlice() []PwnMethod {
 
 var (
 	NonExistingPwnMethod = PwnMethod(10000)
+	AnyPwnMethod         = PwnMethod(9999)
 )
 
 var AllPwnMethods PwnMethodBitmap
diff --git a/modules/ldapquery/queryparser.go b/modules/ldapquery/queryparser.go
index d459a55..cfa9f58 100644
--- a/modules/ldapquery/queryparser.go
+++ b/modules/ldapquery/queryparser.go
@@ -247,7 +247,9 @@ valueloop:
 				target, _ = ParseQueryStrict(values[1], ao)
 			}
 			var method engine.PwnMethod
-			if pwnmethod != "" && pwnmethod != "*" {
+			if pwnmethod == "*" {
+				method = engine.AnyPwnMethod
+			} else {
 				method = engine.P(pwnmethod)
 				if method == engine.NonExistingPwnMethod {
 					return nil, nil, fmt.Errorf("Could not convert value %v to pwn method", pwnmethod)
@@ -636,7 +638,7 @@ func (p pwnquery) Evaluate(o *engine.Object) bool {
 		items = o.PwnableBy
 	}
 	for _, pwnmethod := range items {
-		if p.method == 0 || pwnmethod.IsSet(p.method) {
+		if (p.method == engine.AnyPwnMethod && pwnmethod.Count() != 0) || pwnmethod.IsSet(p.method) {
 			return true
 		}
 	}