Properly escape DNs of nsswitch-based entries

1 files changed, 59 insertions, 15 deletions

diff --git a/src/back-sch-nss.c b/src/back-sch-nss.c
index 22168f7..4c8eb0c 100644
--- a/src/back-sch-nss.c
+++ b/src/back-sch-nss.c
@@ -66,11 +66,11 @@ struct backend_search_filter_config {
 static int
 bvstrcasecmp(const struct berval *bval, const char *s)
 {
-	ssize_t len;
+	size_t len;
 	int c;
 
 	len = strlen(s);
-	if (strlen(s) == bval->bv_len) {
+	if (len == bval->bv_len) {
 		return strncasecmp(bval->bv_val, s, len);
 	}
 	c = strncasecmp(bval->bv_val, s, MIN(bval->bv_len, len));
@@ -136,6 +136,47 @@ backend_search_filter_has_cn_uid(Slapi_Filter *filter, void *arg)
 	return SLAPI_FILTER_SCAN_CONTINUE;
 }
 
+static char *
+backend_build_dn(const char *attribute, const char *value,
+		 const char *container_sdn)
+{
+	Slapi_RDN *rdn;
+	Slapi_DN *sdn;
+	char *val, *dn = NULL;
+	const char *ndn, *hexchars = "0123456789ABCDEF";
+	int i;
+
+	val = malloc(strlen(value) * 3 + 1);
+	if (val == NULL) {
+		return NULL;
+	}
+	rdn = slapi_rdn_new();
+	if (rdn == NULL) {
+		free(val);
+		return NULL;
+	}
+        for (i = 0; value[i] != '\0'; i++) {
+		val[i * 3] = '\\';
+		val[i * 3 + 1] = hexchars[(value[i] & 0xf0) >> 4];
+		val[i * 3 + 2] = hexchars[value[i] & 0xf];
+	}
+	val[i * 3] = '\0';
+	if (slapi_rdn_add(rdn, attribute, val) == 1) {
+		sdn = slapi_sdn_new_dn_byval(container_sdn);
+		if (sdn != NULL) {
+			sdn = slapi_sdn_add_rdn(sdn, rdn);
+			ndn = slapi_sdn_get_ndn(sdn);
+			if (ndn != NULL) {
+				dn = slapi_ch_strdup(ndn);
+			}
+			slapi_sdn_free(&sdn);
+		}
+	}
+	free(val);
+	slapi_rdn_free(&rdn);
+	return dn;
+}
+
 static Slapi_Entry *
 backend_retrieve_user_entry_from_nsswitch(char *user_name, bool_t is_uid,
 					  char *container_sdn,
@@ -186,12 +227,12 @@ repeat:
 		return NULL;
 	}
 
-	name = format_escape_for_filter(pwd.pw_name);
-	if (name != NULL) {
-		dn = slapi_ch_smprintf("uid=%s,%s", name, container_sdn);
-		free(name);
-	}
+	dn = backend_build_dn("uid", pwd.pw_name, container_sdn);
 	if (dn == NULL) {
+		slapi_log_error(SLAPI_LOG_FATAL,
+				cbdata->state->plugin_desc->spd_id,
+				"error building DN for uid=%s,%s skipping\n",
+				pwd.pw_name, container_sdn);
 		slapi_entry_free(entry);
 		return NULL;
 	}
@@ -240,7 +281,8 @@ repeat:
 
 static Slapi_Entry *
 backend_retrieve_group_entry_from_nsswitch_helper(struct group *grp,
-						  char *container_sdn)
+						  char *container_sdn,
+						  struct backend_search_cbdata *cbdata)
 {
 	Slapi_Entry *entry;
 	int rc, i;
@@ -256,12 +298,12 @@ backend_retrieve_group_entry_from_nsswitch_helper(struct group *grp,
 		return NULL;
 	}
 
-	name = format_escape_for_filter(grp->gr_name);
-	if (name != NULL) {
-		dn = slapi_ch_smprintf("cn=%s,%s", name, container_sdn);
-		free(name);
-	}
+	dn = backend_build_dn("cn", grp->gr_name, container_sdn);
 	if (dn == NULL) {
+		slapi_log_error(SLAPI_LOG_FATAL,
+				cbdata->state->plugin_desc->spd_id,
+				"error building DN for cn=%s,%s skipping\n",
+				grp->gr_name, container_sdn);
 		slapi_entry_free(entry);
 		return NULL;
 	}
@@ -334,7 +376,8 @@ repeat:
 		return NULL;
 	}
 
-	entry = backend_retrieve_group_entry_from_nsswitch_helper(&grp, container_sdn);
+	entry = backend_retrieve_group_entry_from_nsswitch_helper(&grp, container_sdn,
+								  cbdata);
 
 	return entry;
 }
@@ -373,7 +416,8 @@ repeat:
 		return NULL;
 	}
 
-	entry = backend_retrieve_group_entry_from_nsswitch_helper(&grp, container_sdn);
+	entry = backend_retrieve_group_entry_from_nsswitch_helper(&grp, container_sdn,
+								  cbdata);
 
 	return entry;
 }