ITS#9768 Enforce single name per olcTranslucentLocal/olcTranslucentRemote value

author Ondřej Kuzník <ondra@mistotebe.net>

Thu, 9 Dec 2021 12:01:36 +0000 (12:01 +0000)

committer Quanah Gibson-Mount <quanah@openldap.org>

Wed, 5 Jan 2022 21:24:07 +0000 (21:24 +0000)
author Ondřej Kuzník <ondra@mistotebe.net>
Thu, 9 Dec 2021 12:01:36 +0000 (12:01 +0000)
committer Quanah Gibson-Mount <quanah@openldap.org>
Wed, 5 Jan 2022 21:24:07 +0000 (21:24 +0000)
diff --git a/servers/slapd/overlays/translucent.c b/servers/slapd/overlays/translucent.c

index 654142548b3191d5aa3afc4e3871fcb5316652cc..16dd1f94651337c592b02de5d71b704ba0c2abb8 100644 (file)
--- a/servers/slapd/overlays/translucent.c
+++ b/servers/slapd/overlays/translucent.c
@@ -218,10 +218,21 @@ translucent_cf_gen( ConfigArgs *c )
                 }
                 return 0;
         }
+
+       /* cn=config values could be deleted later, make sure we only allow one
+        * name per value for valx to match. */
+       if ( c->op != SLAP_CONFIG_ADD && strchr( c->argv[1], ',' ) ) {
+               snprintf( c->cr_msg, sizeof( c->cr_msg ),
+                       "%s: Please provide attribute names in separate values",
+                       c->argv[0] );
+               goto fail;
+       }
+
         a2 = str2anlist( *an, c->argv[1], "," );
         if ( !a2 ) {
                 snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s unable to parse attribute %s",
                         c->argv[0], c->argv[1] );
+fail:
                 Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
                         "%s: %s\n", c->log, c->cr_msg );
                 return ARG_BAD_CONF;
author	Ondřej Kuzník <ondra@mistotebe.net>
	Thu, 9 Dec 2021 12:01:36 +0000 (12:01 +0000)
committer	Quanah Gibson-Mount <quanah@openldap.org>
	Wed, 5 Jan 2022 21:24:07 +0000 (21:24 +0000)