diff options
Diffstat (limited to 'ldap/servers/slapd/add.c')
-rw-r--r-- | ldap/servers/slapd/add.c | 53 |
1 files changed, 40 insertions, 13 deletions
diff --git a/ldap/servers/slapd/add.c b/ldap/servers/slapd/add.c index 1a1f8673..0e7d5c83 100644 --- a/ldap/servers/slapd/add.c +++ b/ldap/servers/slapd/add.c @@ -115,20 +115,47 @@ do_add( Slapi_PBlock *pb ) */ /* get the name */ { - char *dn = NULL; - if ( ber_scanf( ber, "{a", &dn ) == LBER_ERROR ) { - slapi_ch_free_string(&dn); - LDAPDebug( LDAP_DEBUG_ANY, - "ber_scanf failed (op=Add; params=DN)\n", 0, 0, 0 ); + char *rawdn = NULL; + char *dn = NULL; + size_t dnlen = 0; + if ( ber_scanf( ber, "{a", &rawdn ) == LBER_ERROR ) { + slapi_ch_free_string(&rawdn); + LDAPDebug( LDAP_DEBUG_ANY, + "ber_scanf failed (op=Add; params=DN)\n", 0, 0, 0 ); op_shared_log_error_access (pb, "ADD", "???", "decoding error"); - send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, - "decoding error", 0, NULL ); - return; - } - e = slapi_entry_alloc(); - slapi_entry_init(e,dn,NULL); /* Responsibility for DN is passed to the Entry. */ - } - LDAPDebug( LDAP_DEBUG_ARGS, " do_add: dn (%s)\n", slapi_entry_get_dn_const(e), 0, 0 ); + send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, + "decoding error", 0, NULL ); + return; + } + /* Check if we should be performing strict validation. */ + if (config_get_dn_validate_strict()) { + /* check that the dn is formatted correctly */ + rc = slapi_dn_syntax_check(pb, rawdn, 1); + if (rc) { /* syntax check failed */ + op_shared_log_error_access(pb, "ADD", rawdn?rawdn:"", + "strict: invalid dn"); + send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX, + NULL, "invalid dn", 0, NULL); + slapi_ch_free_string(&rawdn); + return; + } + } + rc = slapi_dn_normalize_ext(rawdn, 0, &dn, &dnlen); + if (rc < 0) { + op_shared_log_error_access(pb, "ADD", rawdn?rawdn:"", "invalid dn"); + send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX, + NULL, "invalid dn", 0, NULL); + slapi_ch_free_string(&rawdn); + return; + } else if (rc > 0) { + slapi_ch_free_string(&rawdn); + } else { /* rc == 0; rawdn is passed in; not null terminated */ + *(dn + dnlen) = '\0'; + } + e = slapi_entry_alloc(); + slapi_entry_init(e,dn,NULL); /* Responsibility for DN is passed to the Entry. */ + } + LDAPDebug( LDAP_DEBUG_ARGS, " do_add: dn (%s)\n", slapi_entry_get_dn_const(e), 0, 0 ); /* get the attrs */ for ( tag = ber_first_element( ber, &len, &last ); |