diff options
Diffstat (limited to 'ldap/servers/slapd/delete.c')
-rw-r--r-- | ldap/servers/slapd/delete.c | 31 |
1 files changed, 29 insertions, 2 deletions
diff --git a/ldap/servers/slapd/delete.c b/ldap/servers/slapd/delete.c index c17b669a..3a80eeba 100644 --- a/ldap/servers/slapd/delete.c +++ b/ldap/servers/slapd/delete.c @@ -71,8 +71,10 @@ do_delete( Slapi_PBlock *pb ) { Slapi_Operation *operation; BerElement *ber; + char *rawdn = NULL; char *dn = NULL; - int err; + size_t dnlen = 0; + int err = 0; LDAPDebug( LDAP_DEBUG_TRACE, "do_delete\n", 0, 0, 0 ); @@ -88,7 +90,7 @@ do_delete( Slapi_PBlock *pb ) * DelRequest := DistinguishedName */ - if ( ber_scanf( pb->pb_op->o_ber, "a", &dn ) == LBER_ERROR ) { + if ( ber_scanf( pb->pb_op->o_ber, "a", &rawdn ) == LBER_ERROR ) { LDAPDebug( LDAP_DEBUG_ANY, "ber_scanf failed (op=Delete; params=DN)\n", 0, 0, 0 ); op_shared_log_error_access (pb, "DEL", "???", "decoding error"); @@ -96,6 +98,31 @@ do_delete( Slapi_PBlock *pb ) NULL ); goto free_and_return; } + /* Check if we should be performing strict validation. */ + if (config_get_dn_validate_strict()) { + /* check that the dn is formatted correctly */ + err = slapi_dn_syntax_check(pb, rawdn, 1); + if (err) { /* syntax check failed */ + op_shared_log_error_access(pb, "DEL", rawdn?rawdn:"", + "strict: invalid dn"); + send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX, + NULL, "invalid dn", 0, NULL); + slapi_ch_free_string(&rawdn); + goto free_and_return; + } + } + err = slapi_dn_normalize_ext(rawdn, 0, &dn, &dnlen); + if (err < 0) { + op_shared_log_error_access(pb, "DEL", "???", "invalid dn"); + send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX, + NULL, "invalid dn", 0, NULL); + slapi_ch_free_string(&rawdn); + goto free_and_return; + } else if (err > 0) { /* if err == 0, rawdn is passed in */ + slapi_ch_free_string(&rawdn); + } else { /* err == 0; rawdn is passed in; not null terminated */ + *(dn + dnlen) = '\0'; + } /* * in LDAPv3 there can be optional control extensions on |