import fix to ITS#3419

author Pierangelo Masarati <ando@openldap.org>

Tue, 7 Dec 2004 10:03:13 +0000 (10:03 +0000)

committer Pierangelo Masarati <ando@openldap.org>

Tue, 7 Dec 2004 10:03:13 +0000 (10:03 +0000)
author Pierangelo Masarati <ando@openldap.org>
Tue, 7 Dec 2004 10:03:13 +0000 (10:03 +0000)
committer Pierangelo Masarati <ando@openldap.org>
Tue, 7 Dec 2004 10:03:13 +0000 (10:03 +0000)
diff --git a/CHANGES b/CHANGES

index b7edc808d2d3ca2d971ced2c1be15f27897f7b08..88c4d4e83676942b8130e04fd749c6e7d396be3d 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,7 @@ OpenLDAP 2.2 Change Log
  
  OpenLDAP 2.2.20 Engineering
         Fixed slapd sanity check on protocol in authz-regexp URI (ITS#3411)
+       Fixed slapd ID to DN mapping when values need DN escaping (ITS#3419)
         Fixed back-sql segfault when logging and delete_rule is NULL (ITS#3407)
  
  OpenLDAP 2.2.19 Release
diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c

index b10b0ffa92400c47cfb6d45fb1581cda6cef8ec4..69e5d370ffac3ab83f8180f8cdb69bb98fe9e0a5 100644 (file)
--- a/servers/slapd/sasl.c
+++ b/servers/slapd/sasl.c
@@ -1792,48 +1792,61 @@ int slap_sasl_getdn( Connection *conn, Operation *op, char *id, int len,
  
         /* Username strings */
         if( is_dn == SET_U ) {
-               char            *p;
-               struct berval   realm = BER_BVNULL, c1 = *dn;
-
-               len = dn->bv_len + sizeof("uid=")-1 + sizeof(",cn=auth")-1;
-
-               if( user_realm && *user_realm ) {
-                       realm.bv_val = user_realm;
-                       realm.bv_len = strlen( user_realm );
-                       len += realm.bv_len + sizeof(",cn=") - 1;
-               }
-
-               if( mech->bv_len ) {
-                       len += mech->bv_len + sizeof(",cn=")-1;
-               }
-
-               /* Build the new dn */
-               dn->bv_val = sl_malloc( len+1, op->o_tmpmemctx );
-               if( dn->bv_val == NULL ) {
-#ifdef NEW_LOGGING
-                       LDAP_LOG( TRANSPORT, ERR, 
-                               "slap_sasl_getdn: SLAP_MALLOC failed", 0, 0, 0 );
-#else
-                       Debug( LDAP_DEBUG_ANY, 
-                               "slap_sasl_getdn: SLAP_MALLOC failed", 0, 0, 0 );
-#endif
-                       return LDAP_OTHER;
-               }
-               p = lutil_strcopy( dn->bv_val, "uid=" );
-               p = lutil_strncopy( p, c1.bv_val, c1.bv_len );
-
-               if( realm.bv_len ) {
-                       p = lutil_strcopy( p, ",cn=" );
-                       p = lutil_strncopy( p, realm.bv_val, realm.bv_len );
-               }
-
-               if( mech->bv_len ) {
-                       p = lutil_strcopy( p, ",cn=" );
-                       p = lutil_strcopy( p, mech->bv_val );
-               }
-               p = lutil_strcopy( p, ",cn=auth" );
-               dn->bv_len = p - dn->bv_val;
-
+               /* ITS#3419: values may need escape */
+               LDAPRDN         DN[ 5 ];
+               LDAPAVA         *RDNs[ 4 ][ 2 ];
+               LDAPAVA         AVAs[ 4 ];
+               int             irdn;
+ 
+               irdn = 0;
+               DN[ irdn ] = RDNs[ irdn ];
+               RDNs[ irdn ][ 0 ] = &AVAs[ irdn ];
+               BER_BVSTR( &AVAs[ irdn ].la_attr, "uid" );
+               AVAs[ irdn ].la_value = *dn;
+               AVAs[ irdn ].la_flags = LDAP_AVA_NULL;
+               AVAs[ irdn ].la_private = NULL;
+               RDNs[ irdn ][ 1 ] = NULL;
+ 
+               if ( user_realm && *user_realm ) {
+                       irdn++;
+                       DN[ irdn ] = RDNs[ irdn ];
+                       RDNs[ irdn ][ 0 ] = &AVAs[ irdn ];
+                       BER_BVSTR( &AVAs[ irdn ].la_attr, "cn" );
+                       ber_str2bv( user_realm, 0, 0, &AVAs[ irdn ].la_value );
+                       AVAs[ irdn ].la_flags = LDAP_AVA_NULL;
+                       AVAs[ irdn ].la_private = NULL;
+                       RDNs[ irdn ][ 1 ] = NULL;
+               }
+ 
+               if ( !BER_BVISNULL( mech ) ) {
+                       irdn++;
+                       DN[ irdn ] = RDNs[ irdn ];
+                       RDNs[ irdn ][ 0 ] = &AVAs[ irdn ];
+                       BER_BVSTR( &AVAs[ irdn ].la_attr, "cn" );
+                       AVAs[ irdn ].la_value = *mech;
+                       AVAs[ irdn ].la_flags = LDAP_AVA_NULL;
+                       AVAs[ irdn ].la_private = NULL;
+                       RDNs[ irdn ][ 1 ] = NULL;
+               }
+ 
+               irdn++;
+               DN[ irdn ] = RDNs[ irdn ];
+               RDNs[ irdn ][ 0 ] = &AVAs[ irdn ];
+               BER_BVSTR( &AVAs[ irdn ].la_attr, "cn" );
+               BER_BVSTR( &AVAs[ irdn ].la_value, "auth" );
+               AVAs[ irdn ].la_flags = LDAP_AVA_NULL;
+               AVAs[ irdn ].la_private = NULL;
+               RDNs[ irdn ][ 1 ] = NULL;
+  
+               irdn++;
+               DN[ irdn ] = NULL;
+  
+               rc = ldap_dn2bv_x( DN, dn, LDAP_DN_FORMAT_LDAPV3, op->o_tmpmemctx );
+               if ( rc != LDAP_SUCCESS ) {
+                       BER_BVZERO( dn );
+                       return rc;
+               }
+  
  #ifdef NEW_LOGGING
                 LDAP_LOG( TRANSPORT, ENTRY, 
                         "slap_sasl_getdn: u:id converted to %s.\n", dn->bv_val, 0, 0 );
author	Pierangelo Masarati <ando@openldap.org>
	Tue, 7 Dec 2004 10:03:13 +0000 (10:03 +0000)
committer	Pierangelo Masarati <ando@openldap.org>
	Tue, 7 Dec 2004 10:03:13 +0000 (10:03 +0000)
CHANGES		patch \| blob \| history
servers/slapd/sasl.c		patch \| blob \| history