mirror of
https://git.openldap.org/openldap/openldap.git
synced 2026-05-28 04:35:57 -04:00
ITS#10478 autoca: reject commas in email/ipaddr
This commit is contained in:
Howard Chu
Quanah Gibson-Mount
parent
7111c48467
commit
16564ca6c5
2 changed files with 43 additions and 8 deletions
|
|
@ -803,6 +803,40 @@ static ConfigOCs autoca_ocs[] = {
|
|||
{ NULL, 0, NULL }
|
||||
};
|
||||
|
||||
static int
|
||||
autoca_set_extras(
|
||||
Operation *op,
|
||||
Attribute *a,
|
||||
struct berval *tag,
|
||||
myext *extras
|
||||
)
|
||||
{
|
||||
char *ptr;
|
||||
int i;
|
||||
int len = 0;
|
||||
for ( i=0; i<a->a_numvals; i++ ) {
|
||||
if (strchr(a->a_vals[i].bv_val, ',')) {
|
||||
Debug( LDAP_DEBUG_TRACE, "autoca_set_extras: illegal characters in %s\n",
|
||||
a->a_desc->ad_cname.bv_val );
|
||||
return SLAP_CB_CONTINUE;
|
||||
}
|
||||
len += a->a_vals[i].bv_len;
|
||||
}
|
||||
len += ( tag->bv_len+1 ) * a->a_numvals;
|
||||
|
||||
extras[0].name = "subjectAltName";
|
||||
extras[1].name = NULL;
|
||||
extras[0].value = op->o_tmpalloc( len, op->o_tmpmemctx );
|
||||
ptr = extras[0].value;
|
||||
for ( i=0; i<a->a_numvals; i++ ) {
|
||||
if ( i )
|
||||
*ptr++ = ',';
|
||||
ptr = lutil_strcopy( ptr, tag->bv_val );
|
||||
ptr = lutil_strcopy( ptr, a->a_vals[i].bv_val );
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int
|
||||
autoca_op_response(
|
||||
Operation *op,
|
||||
|
|
@ -849,10 +883,10 @@ autoca_op_response(
|
|||
a = attr_find( rs->sr_entry->e_attrs, ad_mail );
|
||||
if ( a )
|
||||
{
|
||||
extras[0].name = "subjectAltName";
|
||||
extras[1].name = NULL;
|
||||
extras[0].value = op->o_tmpalloc( sizeof("email:") + a->a_vals[0].bv_len, op->o_tmpmemctx );
|
||||
sprintf(extras[0].value, "email:%s", a->a_vals[0].bv_val);
|
||||
struct berval bv = BER_BVC("email:");
|
||||
rc = autoca_set_extras( op, a, &bv, extras );
|
||||
if ( rc )
|
||||
return rc;
|
||||
args.more_exts = extras;
|
||||
}
|
||||
} else
|
||||
|
|
@ -862,10 +896,10 @@ autoca_op_response(
|
|||
args.days = ai->ai_srvdays;
|
||||
if ( ad_ipaddr && (a = attr_find( rs->sr_entry->e_attrs, ad_ipaddr )))
|
||||
{
|
||||
extras[0].name = "subjectAltName";
|
||||
extras[1].name = NULL;
|
||||
extras[0].value = op->o_tmpalloc( sizeof("IP:") + a->a_vals[0].bv_len, op->o_tmpmemctx );
|
||||
sprintf(extras[0].value, "IP:%s", a->a_vals[0].bv_val);
|
||||
struct berval bv = BER_BVC("IP:");
|
||||
rc = autoca_set_extras( op, a, &bv, extras );
|
||||
if ( rc )
|
||||
return rc;
|
||||
args.more_exts = extras;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -174,6 +174,7 @@ objectClass: device
|
|||
objectClass: ipHost
|
||||
cn: localhost
|
||||
ipHostNumber: 127.0.0.1
|
||||
ipHostNumber: ::1
|
||||
|
||||
dn: cn=www.example.com,ou=Servers,$BASEDN
|
||||
objectClass: device
|
||||
|
|
|
|||
Loading…
Reference in a new issue