diff options
| author | Noriko Hosoi <nhosoi@redhat.com> | 2010-04-26 11:03:52 -0700 |
|---|---|---|
| committer | Noriko Hosoi <nhosoi@redhat.com> | 2010-04-26 11:03:52 -0700 |
| commit | 78c50664d6421cc5d0836bb03820680dc2cb7acf (patch) | |
| tree | 20fcfadad9057617daa0b159216f0a92006969f5 /ldap/servers/slapd/modify.c | |
| parent | 4754291972668c37559a8f68d75ac6f8c477efb8 (diff) | |
| download | ds-78c50664d6421cc5d0836bb03820680dc2cb7acf.tar.gz ds-78c50664d6421cc5d0836bb03820680dc2cb7acf.tar.xz ds-78c50664d6421cc5d0836bb03820680dc2cb7acf.zip | |
Update to New DN Format
Fix Description:
. adding slapi_dn_normalize_ext and its siblings to normalize/validate
invalid DNs; deprecating slapi_dn_normalize and its siblings. (dn.c)
. replacing slapi_dn_normalize with new corresponding functions.
. normalizing hardcoded DNs (e.g., removing spaces around ',')
. setting correct DN syntax to nsslapd-suffix, nsslapd-ldapiautodnsuffix,
costemplatedn, nsslapd-changelogsuffix, nsBaseDN, nsBindDN
. if nsslapd-dn-validate-strict is enabled, incoming DN is examined and
rejected if it is invalid. Once approved, the DN is normalized.
. fixing compiler warnings and typos.
See also:
http://directory.fedoraproject.org/wiki/Upgrade_to_New_DN_Format
Related bugs:
Bug 199923 - subtree search fails to find items under a db containing special
characters
Bug 567968 - subtree/user level password policy created using 389-ds-console
doesn't work.
Bug 570107 - The import of LDIFs with base-64 encoded DNs fails, modrdn with
non-ASCII new rdn incorrect
Bug 570962 - ns-inactivate.pl does not work
Bug 572785 - DN syntax: old style of DN <type>="<DN>",<the_rest> is not
correctly normalized
Bug 573060 - DN normalizer: ESC HEX HEX is not normalized
Bug 574167 - An escaped space at the end of the RDN value is not handled
correctly
Diffstat (limited to 'ldap/servers/slapd/modify.c')
| -rw-r--r-- | ldap/servers/slapd/modify.c | 35 |
1 files changed, 31 insertions, 4 deletions
diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c index 40646b2b..027bbefb 100644 --- a/ldap/servers/slapd/modify.c +++ b/ldap/servers/slapd/modify.c @@ -166,16 +166,43 @@ do_modify( Slapi_PBlock *pb ) */ { - if ( ber_scanf( ber, "{a", &dn ) == LBER_ERROR ) + char *rawdn = NULL; + size_t dnlen = 0; + int rc = 0; + if ( ber_scanf( ber, "{a", &rawdn ) == LBER_ERROR ) { LDAPDebug( LDAP_DEBUG_ANY, "ber_scanf failed (op=Modify; params=DN)\n", 0, 0, 0 ); op_shared_log_error_access (pb, "MOD", "???", "decoding error"); - send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, NULL, 0, - NULL ); - slapi_ch_free_string(&dn); + send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, NULL, 0, NULL ); + slapi_ch_free_string(&rawdn); return; } + /* Check if we should be performing strict validation. */ + if (config_get_dn_validate_strict()) { + /* check that the dn is formatted correctly */ + rc = slapi_dn_syntax_check(pb, rawdn, 1); + if (rc) { /* syntax check failed */ + op_shared_log_error_access(pb, "MOD", rawdn?rawdn:"", + "strict: invalid dn"); + send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX, + NULL, "invalid dn", 0, NULL); + slapi_ch_free((void **) &rawdn); + return; + } + } + rc = slapi_dn_normalize_ext(rawdn, 0, &dn, &dnlen); + if (rc < 0) { + op_shared_log_error_access(pb, "MOD", "???", "invalid dn"); + send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX, + NULL, "invalid dn", 0, NULL); + slapi_ch_free((void **) &rawdn); + return; + } else if (rc > 0) { /* if rc == 0, rawdn is passed in */ + slapi_ch_free_string(&rawdn); + } else { /* rc == 0; rawdn is passed in; not null terminated */ + *(dn + dnlen) = '\0'; + } } LDAPDebug( LDAP_DEBUG_ARGS, "do_modify: dn (%s)\n", dn, 0, 0 ); |