diff options
author | Nathan Kinder <nkinder@redhat.com> | 2009-01-05 16:57:03 +0000 |
---|---|---|
committer | Nathan Kinder <nkinder@redhat.com> | 2009-01-05 16:57:03 +0000 |
commit | b549731422b37541cfd007d7ec09e9b1482413cf (patch) | |
tree | 5ac062095484cb2334125d5f20ecf547207312a0 /ldap/servers/slapd/modrdn.c | |
parent | 59c1881e7324259c407619815222c2b25aea8b74 (diff) | |
download | ds-b549731422b37541cfd007d7ec09e9b1482413cf.tar.gz ds-b549731422b37541cfd007d7ec09e9b1482413cf.tar.xz ds-b549731422b37541cfd007d7ec09e9b1482413cf.zip |
Resolves: 474621
Summary: Don't allow auto-generated attributes to be used in RDN.
Diffstat (limited to 'ldap/servers/slapd/modrdn.c')
-rw-r--r-- | ldap/servers/slapd/modrdn.c | 42 |
1 files changed, 41 insertions, 1 deletions
diff --git a/ldap/servers/slapd/modrdn.c b/ldap/servers/slapd/modrdn.c index 68949696..b8ca7fe7 100644 --- a/ldap/servers/slapd/modrdn.c +++ b/ldap/servers/slapd/modrdn.c @@ -64,6 +64,7 @@ /* Forward declarations */ static int rename_internal_pb (Slapi_PBlock *pb); static void op_shared_rename (Slapi_PBlock *pb, int passin_args ); +static int check_rdn_for_created_attrs(const char *newrdn); /* This function is called to process operation that come over external connections */ void @@ -151,10 +152,11 @@ do_modrdn( Slapi_PBlock *pb ) op_shared_rename(pb, 1 /* pass in ownership of string arguments */ ); return; -free_and_return:; +free_and_return: slapi_ch_free((void **) &dn ); slapi_ch_free((void **) &newrdn ); slapi_ch_free((void **) &newsuperior ); + return; } /* This function is used to issue internal modrdn operation @@ -386,6 +388,12 @@ op_shared_rename(Slapi_PBlock *pb, int passin_args) ldap_value_free(rdns); } + /* check if created attributes are used in the new RDN */ + if (check_rdn_for_created_attrs((const char *)newrdn)) { + send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX, NULL, "invalid attribute in RDN", 0, NULL); + goto free_and_return_nolock; + } + /* check that the dn is formatted correctly */ if ((rdns = ldap_explode_dn(newsuperior, 0)) == NULL) { @@ -536,3 +544,35 @@ free_and_return_nolock: slapi_ch_free((void **)&s); } } + + +/* Checks if created attributes are used in the RDN. + * Returns 1 if created attrs are in the RDN, and + * 0 if created attrs are not in the RDN. Returns + * -1 if an error occurs. + */ +static int check_rdn_for_created_attrs(const char *newrdn) +{ + int i, rc = 0; + Slapi_RDN *rdn = NULL; + char *value = NULL; + char *type[] = {"modifytimestamp", "createtimestamp", + "creatorsname", "modifiersname", 0}; + + if (newrdn && *newrdn && (rdn = slapi_rdn_new())) { + slapi_rdn_init_dn(rdn, newrdn); + for (i = 0; type[i] != NULL; i++) { + if (slapi_rdn_contains_attr(rdn, type[i], &value)) { + LDAPDebug(LDAP_DEBUG_TRACE, "Invalid DN. RDN contains %s attribute\n", type[i], 0, 0); + rc = 1; + break; + } + } + slapi_rdn_free(&rdn); + } else { + LDAPDebug(LDAP_DEBUG_TRACE, "check_rdn_for_created_attrs: Error allocating RDN\n", 0, 0, 0); + rc = -1; + } + + return rc; +} |