diff options
| author | Noriko Hosoi <nhosoi@redhat.com> | 2010-02-01 13:22:02 -0800 |
|---|---|---|
| committer | Noriko Hosoi <nhosoi@redhat.com> | 2010-02-01 13:22:02 -0800 |
| commit | c9c424c34c703082d7da3e4b2f3c366f81185a58 (patch) | |
| tree | 3285736637bafebbaf28346b9978d8c0a9cb56cc | |
| parent | 1378b056d9662a5667e86f3834e0d82c1610e6a6 (diff) | |
| download | ds-c9c424c34c703082d7da3e4b2f3c366f81185a58.tar.gz ds-c9c424c34c703082d7da3e4b2f3c366f81185a58.tar.xz ds-c9c424c34c703082d7da3e4b2f3c366f81185a58.zip | |
555577 - Syntax validation fails for "ou=NetscapeRoot" tree
https://bugzilla.redhat.com/show_bug.cgi?id=555577
[See comment 7 of the bug]
DistinguishName validation slapi_dn_syntax_check should be
called only when nsslapd-dn-validate-strict is on.
| -rw-r--r-- | ldap/servers/slapd/back-ldbm/ldbm_add.c | 13 | ||||
| -rw-r--r-- | ldap/servers/slapd/back-ldbm/ldbm_delete.c | 13 | ||||
| -rw-r--r-- | ldap/servers/slapd/back-ldbm/ldbm_modify.c | 13 | ||||
| -rw-r--r-- | ldap/servers/slapd/back-ldbm/ldbm_modrdn.c | 26 |
4 files changed, 40 insertions, 25 deletions
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_add.c b/ldap/servers/slapd/back-ldbm/ldbm_add.c index 75c64c3d..6f51aea3 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_add.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_add.c @@ -193,12 +193,15 @@ ldbm_back_add( Slapi_PBlock *pb ) { goto error_return; } - ldap_result_code = slapi_dn_syntax_check(pb, dn, 1); - if (ldap_result_code) + if (config_get_dn_validate_strict()) { - ldap_result_code = LDAP_INVALID_DN_SYNTAX; - slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &ldap_result_message); - goto error_return; + ldap_result_code = slapi_dn_syntax_check(pb, dn, 1); + if (ldap_result_code) + { + ldap_result_code = LDAP_INVALID_DN_SYNTAX; + slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &ldap_result_message); + goto error_return; + } } slapi_sdn_set_dn_byref(&sdn, dn); slapi_sdn_get_backend_parent(&sdn,&parentsdn,pb->pb_backend); diff --git a/ldap/servers/slapd/back-ldbm/ldbm_delete.c b/ldap/servers/slapd/back-ldbm/ldbm_delete.c index 97873003..f9933054 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_delete.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_delete.c @@ -103,12 +103,15 @@ ldbm_back_delete( Slapi_PBlock *pb ) { goto error_return; } - ldap_result_code = slapi_dn_syntax_check(pb, addr->dn, 1); - if (ldap_result_code) + if (config_get_dn_validate_strict()) { - ldap_result_code = LDAP_INVALID_DN_SYNTAX; - slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &ldap_result_message); - goto error_return; + ldap_result_code = slapi_dn_syntax_check(pb, addr->dn, 1); + if (ldap_result_code) + { + ldap_result_code = LDAP_INVALID_DN_SYNTAX; + slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &ldap_result_message); + goto error_return; + } } is_fixup_operation = operation_is_flag_set(operation, OP_FLAG_REPL_FIXUP); diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modify.c b/ldap/servers/slapd/back-ldbm/ldbm_modify.c index 9a0bea07..165e6555 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_modify.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_modify.c @@ -224,12 +224,15 @@ ldbm_back_modify( Slapi_PBlock *pb ) { goto error_return; } - ldap_result_code = slapi_dn_syntax_check(pb, addr->dn, 1); - if (ldap_result_code) + if (config_get_dn_validate_strict()) { - ldap_result_code = LDAP_INVALID_DN_SYNTAX; - slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &ldap_result_message); - goto error_return; + ldap_result_code = slapi_dn_syntax_check(pb, addr->dn, 1); + if (ldap_result_code) + { + ldap_result_code = LDAP_INVALID_DN_SYNTAX; + slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &ldap_result_message); + goto error_return; + } } dblayer_txn_init(li,&txn); diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c index d713a815..40a5888b 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c @@ -204,12 +204,15 @@ ldbm_back_modrdn( Slapi_PBlock *pb ) slapi_sdn_set_dn_passin(&dn_newdn,newdn); new_addr.dn = (char*)slapi_sdn_get_ndn (&dn_newdn); /* check dn syntax on newdn */ - ldap_result_code = slapi_dn_syntax_check(pb, new_addr.dn, 1); - if (ldap_result_code) + if (config_get_dn_validate_strict()) { - ldap_result_code = LDAP_INVALID_DN_SYNTAX; - slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &ldap_result_message); - goto error_return; + ldap_result_code = slapi_dn_syntax_check(pb, new_addr.dn, 1); + if (ldap_result_code) + { + ldap_result_code = LDAP_INVALID_DN_SYNTAX; + slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &ldap_result_message); + goto error_return; + } } new_addr.uniqueid = NULL; ldap_result_code= get_copy_of_entry(pb, &new_addr, &txn, SLAPI_MODRDN_EXISTING_ENTRY, 0); @@ -269,12 +272,15 @@ ldbm_back_modrdn( Slapi_PBlock *pb ) /* find and lock the entry we are about to modify */ done_with_pblock_entry(pb,SLAPI_MODRDN_TARGET_ENTRY); /* Could be through this multiple times */ slapi_pblock_get (pb, SLAPI_TARGET_ADDRESS, &old_addr); - ldap_result_code = slapi_dn_syntax_check(pb, old_addr->dn, 1); - if (ldap_result_code) + if (config_get_dn_validate_strict()) { - ldap_result_code = LDAP_INVALID_DN_SYNTAX; - slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &ldap_result_message); - goto error_return; + ldap_result_code = slapi_dn_syntax_check(pb, old_addr->dn, 1); + if (ldap_result_code) + { + ldap_result_code = LDAP_INVALID_DN_SYNTAX; + slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &ldap_result_message); + goto error_return; + } } ldap_result_code= get_copy_of_entry(pb, old_addr, &txn, SLAPI_MODRDN_TARGET_ENTRY, !is_replicated_operation); if(ldap_result_code==LDAP_OPERATIONS_ERROR || |