[389-commits] ldap/servers

[Nathan Kinder]

 ldap/servers/plugins/dna/dna.c |   15 +++++++++++++++
 1 file changed, 15 insertions(+)

New commits:
commit 5ebd590ee01e0fbab60bdebfe6215d3c47f5339b
Author: Nathan Kinder <nkinder at redhat.com>
Date:   Thu Jan 13 12:40:16 2011 -0800

    Bug 509897 - Validate dnaScope to ensure it is a legal DN
    
    The current DNA code does not validate the dnaScope setting to
    check if it is a valid DN.  This adds validation of dnaScope.  We
    normalize the value first to ensure that old config entries with
    values such as spaces between the DN elements still work.

diff --git a/ldap/servers/plugins/dna/dna.c b/ldap/servers/plugins/dna/dna.c
index a60690d..284203b 100644
--- a/ldap/servers/plugins/dna/dna.c
+++ b/ldap/servers/plugins/dna/dna.c
@@ -792,9 +792,24 @@ dna_parse_config_entry(Slapi_Entry * e, int apply)
 
     value = slapi_entry_attr_get_charptr(e, DNA_SCOPE);
     if (value) {
+        Slapi_DN *test_dn = NULL;
+
         /* TODO - Allow multiple scope settings for a single range.  This may
          * make ordering the scopes tough when we put them in the clist. */
         entry->scope = value;
+        /* Check if the scope is a valid DN.  We want to normalize the DN
+         * first to allow old config entries with things like spaces between
+         * RDN elements to still work. */
+        test_dn = slapi_sdn_new_dn_byref(value);
+        if (slapi_dn_syntax_check(NULL, (char *)slapi_sdn_get_ndn(test_dn), 1) == 1) {
+            slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
+                "Error: Invalid DN used as scope in entry [%s]: [%s]\n",
+                entry->dn, value);
+            ret = DNA_FAILURE;
+            slapi_sdn_free(&test_dn);
+            goto bail;
+        }
+        slapi_sdn_free(&test_dn);
     } else {
         slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
                         "dna_parse_config_entry: The %s config "