From 4bc0ce64e49f61b36f9f70c708aff7937957b638 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Tue, 6 Aug 2013 14:53:34 -0400 Subject: Compare object class names in bervals correctly Avoid possibly getting thrown by searches where a specified object class is a prefix of one that we're looking for. --- src/back-sch-nss.c | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) (limited to 'src/back-sch-nss.c') diff --git a/src/back-sch-nss.c b/src/back-sch-nss.c index c1ddb3c..a45d42d 100644 --- a/src/back-sch-nss.c +++ b/src/back-sch-nss.c @@ -63,8 +63,26 @@ struct backend_search_filter_config { char *name; }; +static int +bvstrcasecmp(const struct berval *bval, const char *s) +{ + ssize_t len; + int c; + + len = strlen(s); + if (strlen(s) == bval->bv_len) { + return strncasecmp(bval->bv_val, s, len); + } + c = strncasecmp(bval->bv_val, s, MIN(bval->bv_len, len)); + if (c != 0) { + return c; + } + return bval->bv_len - strlen(s); +} + /* Check simple filter to see if it has - * (cn|uid|uidNumber|gidNumber|memberUid=) or (objectClass=posixGroup|shadowAccount) + * (cn|uid|uidNumber|gidNumber|memberUid=) or + * (objectClass=posixGroup|shadowAccount) * Called by slapi_filter_apply(). */ static int backend_search_filter_has_cn_uid(Slapi_Filter *filter, void *arg) @@ -92,10 +110,10 @@ backend_search_filter_has_cn_uid(Slapi_Filter *filter, void *arg) config->name_set = TRUE; config->search_members = TRUE; } else if ((0 == strcasecmp(filter_type, "objectClass")) && - (0 == strncasecmp(bval->bv_val, "posixGroup", bval->bv_len))) { + (0 == bvstrcasecmp(bval, "posixGroup"))) { config->search_group = TRUE; } else if ((0 == strcasecmp(filter_type, "objectClass")) && - (0 == strncasecmp(bval->bv_val, "shadowAccount", bval->bv_len))) { + (0 == bvstrcasecmp(bval, "shadowAccount"))) { config->wrong_search = TRUE; } -- cgit