Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv20204/ldap/servers/slapd
Modified Files:
add.c modrdn.c
Log Message:
Resolves: 474621
Summary: Don't allow auto-generated attributes to be used in RDN.
Index: add.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/add.c,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- add.c 19 Dec 2008 17:07:26 -0000 1.17
+++ add.c 5 Jan 2009 16:57:03 -0000 1.18
@@ -68,6 +68,7 @@
static int add_internal_pb (Slapi_PBlock *pb);
static void op_shared_add (Slapi_PBlock *pb);
static void add_created_attrs(Operation *op, Slapi_Entry *e);
+static int check_rdn_for_created_attrs(Slapi_Entry *e);
static void handle_fast_add(Slapi_PBlock *pb, Slapi_Entry *entry);
static void add_uniqueid (Slapi_Entry *e);
static PRBool check_oc_subentry(Slapi_Entry *e, struct berval **vals, char *normtype);
@@ -176,17 +177,25 @@
goto free_and_return;
}
- /* if this is uniqueid attribute, set uniqueid field of the entry */
- if (strcasecmp (normtype, SLAPI_ATTR_UNIQUEID) == 0)
- {
- e->e_uniqueid = slapi_ch_strdup (vals[0]->bv_val);
- }
- if(searchsubentry) searchsubentry=check_oc_subentry(e,vals,normtype);
+ /* if this is uniqueid attribute, set uniqueid field of the entry */
+ if (strcasecmp (normtype, SLAPI_ATTR_UNIQUEID) == 0)
+ {
+ e->e_uniqueid = slapi_ch_strdup (vals[0]->bv_val);
+ }
+ if(searchsubentry) searchsubentry=check_oc_subentry(e,vals,normtype);
}
+
slapi_ch_free( (void**)&normtype );
ber_bvecfree( vals );
}
+ /* Ensure that created attributes are not used in the RDN. */
+ if (check_rdn_for_created_attrs(e)) {
+ op_shared_log_error_access (pb, "ADD",
slapi_sdn_get_dn(slapi_entry_get_sdn_const(e)), "invalid DN");
+ send_ldap_result( pb, LDAP_INVALID_DN_SYNTAX, NULL, "illegal attribute in
RDN", 0, NULL );
+ goto free_and_return;
+ }
+
if ( tag == LBER_DEFAULT ) {
op_shared_log_error_access (pb, "ADD", slapi_sdn_get_dn
(slapi_entry_get_sdn_const(e)), "decoding error");
send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL,
@@ -723,6 +732,40 @@
}
+/* Checks if created attributes are used in the RDN.
+ * Returns 1 if created attrs are in the RDN, and
+ * 0 if created attrs are not in the RDN. Returns
+ * -1 if an error occurred.
+ */
+static int check_rdn_for_created_attrs(Slapi_Entry *e)
+{
+ int i, rc = 0;
+ Slapi_RDN *rdn = NULL;
+ char *value = NULL;
+ char *type[] = {SLAPI_ATTR_UNIQUEID, "modifytimestamp",
"createtimestamp",
+ "creatorsname", "modifiersname", 0};
+
+ if (rdn = slapi_rdn_new()) {
+ slapi_rdn_init_dn(rdn, slapi_entry_get_dn_const(e));
+
+ for (i = 0; type[i] != NULL; i++) {
+ if (slapi_rdn_contains_attr(rdn, type[i], &value)) {
+ LDAPDebug(LDAP_DEBUG_TRACE, "Invalid DN. RDN contains %s
attribute\n", type[i], 0, 0);
+ rc = 1;
+ break;
+ }
+ }
+
+ slapi_rdn_free(&rdn);
+ } else {
+ LDAPDebug(LDAP_DEBUG_TRACE, "check_rdn_for_created_attrs: Error allocating
RDN\n", 0, 0, 0);
+ rc = -1;
+ }
+
+ return rc;
+}
+
+
static void handle_fast_add(Slapi_PBlock *pb, Slapi_Entry *entry)
{
Slapi_Backend *be;
Index: modrdn.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/modrdn.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- modrdn.c 5 Dec 2008 22:41:52 -0000 1.12
+++ modrdn.c 5 Jan 2009 16:57:03 -0000 1.13
@@ -64,6 +64,7 @@
/* Forward declarations */
static int rename_internal_pb (Slapi_PBlock *pb);
static void op_shared_rename (Slapi_PBlock *pb, int passin_args );
+static int check_rdn_for_created_attrs(const char *newrdn);
/* This function is called to process operation that come over external connections */
void
@@ -151,10 +152,11 @@
op_shared_rename(pb, 1 /* pass in ownership of string arguments */ );
return;
-free_and_return:;
+free_and_return:
slapi_ch_free((void **) &dn );
slapi_ch_free((void **) &newrdn );
slapi_ch_free((void **) &newsuperior );
+ return;
}
/* This function is used to issue internal modrdn operation
@@ -386,6 +388,12 @@
ldap_value_free(rdns);
}
+ /* check if created attributes are used in the new RDN */
+ if (check_rdn_for_created_attrs((const char *)newrdn)) {
+ send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX, NULL, "invalid attribute in
RDN", 0, NULL);
+ goto free_and_return_nolock;
+ }
+
/* check that the dn is formatted correctly */
if ((rdns = ldap_explode_dn(newsuperior, 0)) == NULL)
{
@@ -536,3 +544,35 @@
slapi_ch_free((void **)&s);
}
}
+
+
+/* Checks if created attributes are used in the RDN.
+ * Returns 1 if created attrs are in the RDN, and
+ * 0 if created attrs are not in the RDN. Returns
+ * -1 if an error occurs.
+ */
+static int check_rdn_for_created_attrs(const char *newrdn)
+{
+ int i, rc = 0;
+ Slapi_RDN *rdn = NULL;
+ char *value = NULL;
+ char *type[] = {"modifytimestamp", "createtimestamp",
+ "creatorsname", "modifiersname", 0};
+
+ if (newrdn && *newrdn && (rdn = slapi_rdn_new())) {
+ slapi_rdn_init_dn(rdn, newrdn);
+ for (i = 0; type[i] != NULL; i++) {
+ if (slapi_rdn_contains_attr(rdn, type[i], &value)) {
+ LDAPDebug(LDAP_DEBUG_TRACE, "Invalid DN. RDN contains %s attribute\n",
type[i], 0, 0);
+ rc = 1;
+ break;
+ }
+ }
+ slapi_rdn_free(&rdn);
+ } else {
+ LDAPDebug(LDAP_DEBUG_TRACE, "check_rdn_for_created_attrs: Error allocating
RDN\n", 0, 0, 0);
+ rc = -1;
+ }
+
+ return rc;
+}