From 737f21bd9d2032b80d46b6e4a7d896dc9e1cdb32 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 25 Sep 2009 08:06:37 -0700 Subject: s4:ldap_server Ensure we don't segfault when sent a NULL new RDN The Microsoft testsuite tried to rename cn=administrator,cn=users,... into "",cn=users... which didn't go so well. Andrew Bartlett --- source4/ldap_server/ldap_backend.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'source4/ldap_server/ldap_backend.c') diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c index 27b9c879bba..7bbc6795d3f 100644 --- a/source4/ldap_server/ldap_backend.c +++ b/source4/ldap_server/ldap_backend.c @@ -750,6 +750,12 @@ static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call) DEBUG(10, ("ModifyDNRequest: olddn: [%s]\n", req->dn)); DEBUG(10, ("ModifyDNRequest: newrdn: [%s]\n", req->newrdn)); + if (ldb_dn_get_comp_num(req->newrdn) != 1) { + result = LDAP_INVALID_DN_SYNTAX; + map_ldb_error(local_ctx, LDB_ERR_INVALID_DN_SYNTAX, &errstr); + goto reply; + } + /* we can't handle the rename if we should not remove the old dn */ if (!req->deleteolddn) { result = LDAP_UNWILLING_TO_PERFORM; @@ -779,10 +785,7 @@ static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call) NT_STATUS_HAVE_NO_MEMORY(parentdn); } - if ( ! ldb_dn_add_child_fmt(parentdn, - "%s=%s", - ldb_dn_get_rdn_name(newrdn), - (char *)ldb_dn_get_rdn_val(newrdn)->data)) { + if ( ! ldb_dn_add_child(parentdn, newrdn)) { result = LDAP_OTHER; goto reply; } -- cgit From 767fce6fccf484b547219abd5e6abc941eacaf92 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Fri, 2 Oct 2009 21:23:23 +0200 Subject: s4:LDB/LDAP - Re-allow renames The main problem is that the "rdn_name" module launches on a rename request also a modification one with the "special attributes" which can't be changed directly. An introduced flag helps to bypass the restriction. --- source4/ldap_server/ldap_backend.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_backend.c') diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c index 7bbc6795d3f..5f9b8221374 100644 --- a/source4/ldap_server/ldap_backend.c +++ b/source4/ldap_server/ldap_backend.c @@ -750,7 +750,7 @@ static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call) DEBUG(10, ("ModifyDNRequest: olddn: [%s]\n", req->dn)); DEBUG(10, ("ModifyDNRequest: newrdn: [%s]\n", req->newrdn)); - if (ldb_dn_get_comp_num(req->newrdn) != 1) { + if (ldb_dn_get_comp_num(newrdn) != 1) { result = LDAP_INVALID_DN_SYNTAX; map_ldb_error(local_ctx, LDB_ERR_INVALID_DN_SYNTAX, &errstr); goto reply; -- cgit From ee0204cfccbd73050b2ec806f392bf5c4a549430 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Tue, 6 Oct 2009 21:53:05 +0200 Subject: s4:ldap server - remove unused error handlings Those error cases should be handled by LDB itself to be available on all connection methods and not only over LDAP. --- source4/ldap_server/ldap_backend.c | 35 ----------------------------------- 1 file changed, 35 deletions(-) (limited to 'source4/ldap_server/ldap_backend.c') diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c index 5f9b8221374..f3d82a7bc4b 100644 --- a/source4/ldap_server/ldap_backend.c +++ b/source4/ldap_server/ldap_backend.c @@ -534,26 +534,11 @@ static NTSTATUS ldapsrv_ModifyRequest(struct ldapsrv_call *call) NT_STATUS_HAVE_NO_MEMORY(msg->elements[i].values); for (j=0; j < msg->elements[i].num_values; j++) { - if (!(req->mods[i].attrib.values[j].length > 0)) { - result = LDAP_OTHER; - - map_ldb_error(local_ctx, - LDB_ERR_OTHER, &errstr); - errstr = talloc_asprintf(local_ctx, - "%s. Empty attribute values not allowed", errstr); - goto reply; - } msg->elements[i].values[j].length = req->mods[i].attrib.values[j].length; msg->elements[i].values[j].data = req->mods[i].attrib.values[j].data; } } } - } else { - result = LDAP_OTHER; - map_ldb_error(local_ctx, LDB_ERR_OTHER, &errstr); - errstr = talloc_asprintf(local_ctx, - "%s. No mods are not allowed", errstr); - goto reply; } reply: @@ -628,31 +613,11 @@ static NTSTATUS ldapsrv_AddRequest(struct ldapsrv_call *call) NT_STATUS_HAVE_NO_MEMORY(msg->elements[i].values); for (j=0; j < msg->elements[i].num_values; j++) { - if (!(req->attributes[i].values[j].length > 0)) { - result = LDAP_OTHER; - map_ldb_error(local_ctx, - LDB_ERR_OTHER, &errstr); - errstr = talloc_asprintf(local_ctx, - "%s. Empty attribute values not allowed", errstr); - goto reply; - } msg->elements[i].values[j].length = req->attributes[i].values[j].length; msg->elements[i].values[j].data = req->attributes[i].values[j].data; } - } else { - result = LDAP_OTHER; - map_ldb_error(local_ctx, LDB_ERR_OTHER, &errstr); - errstr = talloc_asprintf(local_ctx, - "%s. No attribute values are not allowed", errstr); - goto reply; } } - } else { - result = LDAP_OTHER; - map_ldb_error(local_ctx, LDB_ERR_OTHER, &errstr); - errstr = talloc_asprintf(local_ctx, - "%s. No attributes are not allowed", errstr); - goto reply; } reply: -- cgit