Home Explore Help
Register Sign In
Apq
/
389-ds-base
mirror of https://github.com/389ds/389-ds-base.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Resolves: 474621
Summary: Don't allow auto-generated attributes to be used in RDN.

Nathan Kinder 17 years ago
parent
59c1881e73
commit
b549731422
2 changed files with 90 additions and 7 deletions
Split View Show Diff Stats
  1. 49 6
      ldap/servers/slapd/add.c
  2. 41 1
      ldap/servers/slapd/modrdn.c

+ 49 - 6
ldap/servers/slapd/add.c
View File 

@@ -68,6 +68,7 @@
 
 static int add_internal_pb (Slapi_PBlock *pb);
 
 static void op_shared_add (Slapi_PBlock *pb);
 
 static void add_created_attrs(Operation *op, Slapi_Entry *e);
 
+static int check_rdn_for_created_attrs(Slapi_Entry *e);
 
 static void handle_fast_add(Slapi_PBlock *pb, Slapi_Entry *entry);
 
 static void add_uniqueid (Slapi_Entry *e);
 
 static PRBool check_oc_subentry(Slapi_Entry *e, struct berval	**vals, char *normtype);
 
@@ -176,17 +177,25 @@ do_add( Slapi_PBlock *pb )
 
 				goto free_and_return;
 
 			}
 
 
-            /* if this is uniqueid attribute, set uniqueid field of the entry */
 
-            if (strcasecmp (normtype, SLAPI_ATTR_UNIQUEID) == 0)
 
-            {
 
-                e->e_uniqueid = slapi_ch_strdup (vals[0]->bv_val);
 
-            }
 
-	    if(searchsubentry) searchsubentry=check_oc_subentry(e,vals,normtype);
 
+			/* if this is uniqueid attribute, set uniqueid field of the entry */
 
+			if (strcasecmp (normtype, SLAPI_ATTR_UNIQUEID) == 0)
 
+			{
 
+				e->e_uniqueid = slapi_ch_strdup (vals[0]->bv_val);
 
+			}
 
+			if(searchsubentry) searchsubentry=check_oc_subentry(e,vals,normtype);
 
 		}
 
+
 
 		slapi_ch_free( (void**)&normtype );
 
 		ber_bvecfree( vals );
 
 	}
 
 
+	/* Ensure that created attributes are not used in the RDN. */
 
+	if (check_rdn_for_created_attrs(e)) {
 
+		op_shared_log_error_access (pb, "ADD", slapi_sdn_get_dn(slapi_entry_get_sdn_const(e)), "invalid DN");
 
+		send_ldap_result( pb, LDAP_INVALID_DN_SYNTAX, NULL, "illegal attribute in RDN", 0, NULL );
 
+		goto free_and_return;
 
+	}
 
+
 
 	if ( tag == LBER_DEFAULT ) {
 
 		op_shared_log_error_access (pb, "ADD", slapi_sdn_get_dn (slapi_entry_get_sdn_const(e)), "decoding error");
 
 		send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL,
 
@@ -723,6 +732,40 @@ add_created_attrs(Operation *op, Slapi_Entry *e)
 
 }
 
 
 
+/* Checks if created attributes are used in the RDN.
 
+ * Returns 1 if created attrs are in the RDN, and
 
+ * 0 if created attrs are not in the RDN. Returns
 
+ * -1 if an error occurred.
 
+ */
 
+static int check_rdn_for_created_attrs(Slapi_Entry *e)
 
+{
 
+    int i, rc = 0;
 
+    Slapi_RDN *rdn = NULL;
 
+    char *value = NULL;
 
+    char *type[] = {SLAPI_ATTR_UNIQUEID, "modifytimestamp", "createtimestamp",
 
+                   "creatorsname", "modifiersname", 0};
 
+
 
+    if (rdn = slapi_rdn_new()) {
 
+        slapi_rdn_init_dn(rdn, slapi_entry_get_dn_const(e));
 
+
 
+        for (i = 0; type[i] != NULL; i++) {
 
+            if (slapi_rdn_contains_attr(rdn, type[i], &value)) {
 
+                LDAPDebug(LDAP_DEBUG_TRACE, "Invalid DN. RDN contains %s attribute\n", type[i], 0, 0);
 
+                rc = 1;
 
+                break;
 
+            }
 
+        }
 
+
 
+        slapi_rdn_free(&rdn);
 
+    } else {
 
+        LDAPDebug(LDAP_DEBUG_TRACE, "check_rdn_for_created_attrs: Error allocating RDN\n", 0, 0, 0);
 
+        rc = -1;
 
+    }
 
+
 
+    return rc;
 
+}
 
+
 
+
 
 static void handle_fast_add(Slapi_PBlock *pb, Slapi_Entry *entry)
 
 {
 
     Slapi_Backend *be;

+ 41 - 1
ldap/servers/slapd/modrdn.c
View File 

@@ -64,6 +64,7 @@
 
 /* Forward declarations */
 
 static int rename_internal_pb (Slapi_PBlock *pb);
 
 static void op_shared_rename (Slapi_PBlock *pb, int passin_args );
 
+static int check_rdn_for_created_attrs(const char *newrdn);
 
 
 /* This function is called to process operation that come over external connections */
 
 void
 
@@ -151,10 +152,11 @@ do_modrdn( Slapi_PBlock *pb )
 
 	op_shared_rename(pb, 1 /* pass in ownership of string arguments */ );
 
 	return;
 
 
-free_and_return:;
 
+free_and_return:
 
 	slapi_ch_free((void **) &dn );
 
 	slapi_ch_free((void **) &newrdn );
 
 	slapi_ch_free((void **) &newsuperior );
 
+	return;
 
 }
 
 
 /* This function is used to issue internal modrdn operation
 
@@ -386,6 +388,12 @@ op_shared_rename(Slapi_PBlock *pb, int passin_args)
 
 		ldap_value_free(rdns);
 
 	}
 
 
+	/* check if created attributes are used in the new RDN */
 
+	if (check_rdn_for_created_attrs((const char *)newrdn)) {
 
+		send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX, NULL, "invalid attribute in RDN", 0, NULL);
 
+		goto free_and_return_nolock;
 
+	}
 
+
 
 	/* check that the dn is formatted correctly */
 
 	if ((rdns = ldap_explode_dn(newsuperior, 0)) == NULL) 
 	{
 
@@ -536,3 +544,35 @@ free_and_return_nolock:
 
 		slapi_ch_free((void **)&s);
 
 	}
 
 }
 
+
 
+
 
+/* Checks if created attributes are used in the RDN.
 
+ * Returns 1 if created attrs are in the RDN, and
 
+ * 0 if created attrs are not in the RDN. Returns
 
+ * -1 if an error occurs.
 
+ */
 
+static int check_rdn_for_created_attrs(const char *newrdn)
 
+{
 
+	int i, rc = 0;
 
+	Slapi_RDN *rdn = NULL;
 
+	char *value = NULL;
 
+	char *type[] = {"modifytimestamp", "createtimestamp",
 
+			"creatorsname", "modifiersname", 0};
 
+
 
+	if (newrdn && *newrdn && (rdn = slapi_rdn_new())) {
 
+		slapi_rdn_init_dn(rdn, newrdn);
 
+		for (i = 0; type[i] != NULL; i++) {
 
+			if (slapi_rdn_contains_attr(rdn, type[i], &value)) {
 
+				LDAPDebug(LDAP_DEBUG_TRACE, "Invalid DN. RDN contains %s attribute\n", type[i], 0, 0);
 
+				rc = 1;
 
+				break;
 
+			}
 
+		}
 
+		slapi_rdn_free(&rdn);
 
+	} else {
 
+		LDAPDebug(LDAP_DEBUG_TRACE, "check_rdn_for_created_attrs: Error allocating RDN\n", 0, 0, 0);
 
+		rc = -1;
 
+	}
 
+
 
+	return rc;
 
+}