Mercurial > illumos > illumos-gate
changeset 9288:70cdba551133
4622166 ldapaddent does not escape some special characters in DN for exec_attr, services and tnrhtp database
author | Sreedhar Chalamalasetti - Sun Microsystems - Bangalore India <Sreedhar.Chalamalasetti@Sun.COM> |
---|---|
date | Mon, 06 Apr 2009 11:10:20 +0530 |
parents | 7c8fa958aea0 |
children | 087a2aafc5d2 |
files | usr/src/lib/libsldap/common/ns_internal.h usr/src/lib/libsldap/common/ns_writes.c |
diffstat | 2 files changed, 72 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/lib/libsldap/common/ns_internal.h Sun Apr 05 21:37:20 2009 -0400 +++ b/usr/src/lib/libsldap/common/ns_internal.h Mon Apr 06 11:10:20 2009 +0530 @@ -114,7 +114,7 @@ #define NS_DEFAULT_SEARCH_TIMEOUT 30 /* timeout value in seconds */ /* max rdn length in conversion routines used by __ns_ldap_addTypedEntry() */ -#define RDNSIZE 256 +#define RDNSIZE 512 /* * special service used by ldap_cachemgr to indicate a shadow update
--- a/usr/src/lib/libsldap/common/ns_writes.c Sun Apr 05 21:37:20 2009 -0400 +++ b/usr/src/lib/libsldap/common/ns_writes.c Mon Apr 06 11:10:20 2009 +0530 @@ -63,6 +63,9 @@ static int send_to_cachemgr(const char *, ns_ldap_attr_t **, ns_ldap_error_t **); + +static int escape_str(char *, char *); + /* * If the rdn is a mapped attr: * return NS_LDAP_SUCCESS and a new_dn. @@ -1602,6 +1605,39 @@ } /* + * escape_str function escapes special characters in str and + * copies to escstr string. + * + * return 0 for successful + * 1 for fail + */ +static int escape_str(char *escstr, char *str) +{ + int index = 0; + + while ((*str != '\0') && (index < (RDNSIZE - 1))) { + if (*str == '+' || *str == ';' || *str == '>' || + *str == '<' || *str == ',' || *str == '"' || + *str == '\\' || *str == '=' || + (*str == '#' && index == 0)) { + *escstr++ = '\\'; + *escstr++ = *str++; + index += 2; + } else { + *escstr++ = *str++; + index++; + } + } + + if (*str == '\0') { + *escstr = '\0'; + return (0); + } else { + return (1); + } +} + +/* * Conversion: project * Input format: struct project * Exported objectclass: SolarisProject @@ -2265,6 +2301,7 @@ ns_ldap_entry_t *e; int rc; char trdn[RDNSIZE]; + char esc_str[RDNSIZE]; /* routine specific */ struct servent *ptr; int max_attr = 4; @@ -2292,9 +2329,19 @@ return (NS_LDAP_INVALID_PARAM); } + /* + * Escape special characters in service name. + */ + if (escape_str(esc_str, ptr->s_name) != 0) { + __ns_ldap_freeEntry(e); + *entry = NULL; + return (NS_LDAP_INVALID_PARAM); + } + /* Create an appropriate rdn */ (void) snprintf(trdn, RDNSIZE, "cn=%s+ipServiceProtocol=%s", - ptr->s_name, ptr->s_proto); + esc_str, ptr->s_proto); + *rdn = strdup(trdn); if (*rdn == NULL) { __ns_ldap_freeEntry(e); @@ -3203,6 +3250,7 @@ ns_ldap_entry_t *e; int rc; char trdn[RDNSIZE]; + char esc_str[RDNSIZE]; /* routine specific */ execstr_t *ptr; int max_attr = 7; @@ -3232,10 +3280,20 @@ return (NS_LDAP_INVALID_PARAM); } + /* + * Escape special characters in ProfileID. + */ + if (escape_str(esc_str, ptr->id) != 0) { + __ns_ldap_freeEntry(e); + *entry = NULL; + return (NS_LDAP_INVALID_PARAM); + } + /* Create an appropriate rdn */ (void) snprintf(trdn, RDNSIZE, "cn=%s+SolarisKernelSecurityPolicy=%s" "+SolarisProfileType=%s+SolarisProfileId=%s", - ptr->name, ptr->policy, ptr->type, ptr->id); + ptr->name, ptr->policy, ptr->type, esc_str); + *rdn = strdup(trdn); if (*rdn == NULL) { __ns_ldap_freeEntry(e); @@ -3536,6 +3594,7 @@ ns_ldap_entry_t *e; int rc; char trdn[RDNSIZE]; + char esc_str[RDNSIZE]; /* routine specific */ int max_attr = 2; tsol_tpstr_t *ptr; @@ -3561,8 +3620,17 @@ return (NS_LDAP_INVALID_PARAM); } + /* + * Escape special characters in Template name. + */ + if (escape_str(esc_str, ptr->template) != 0) { + __ns_ldap_freeEntry(e); + *entry = NULL; + return (NS_LDAP_INVALID_PARAM); + } + /* Create an appropriate rdn */ - (void) snprintf(trdn, RDNSIZE, "ipTnetTemplateName=%s", ptr->template); + (void) snprintf(trdn, RDNSIZE, "ipTnetTemplateName=%s", esc_str); *rdn = strdup(trdn); if (*rdn == NULL) { __ns_ldap_freeEntry(e);