diff options
author | Matthias Dieter Wallnöfer <mdw@samba.org> | 2011-03-04 10:14:14 +0100 |
---|---|---|
committer | Matthias Dieter Wallnöfer <mdw@samba.org> | 2011-03-04 22:07:24 +0100 |
commit | 76fb23064e6346346b5a9908b7908695456b5748 (patch) | |
tree | d1cf07e072ba27e4e42e348f5694e90d7a089422 | |
parent | 86707c7cc49395453e9fa3fda14da159f0271961 (diff) | |
download | samba-76fb23064e6346346b5a9908b7908695456b5748.tar.gz samba-76fb23064e6346346b5a9908b7908695456b5748.tar.bz2 samba-76fb23064e6346346b5a9908b7908695456b5748.zip |
ldb:ldb_request - handle here the DN checks
This is a much better solution than we had before - so all important DN
checks are enforced for each type of LDB database (and not limited to DSDB).
Many "ldb_dn_validate" checks will now become obsolete.
Reviewed by: Tridge
-rw-r--r-- | source4/lib/ldb/common/ldb.c | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/source4/lib/ldb/common/ldb.c b/source4/lib/ldb/common/ldb.c index f644855753..d902482de0 100644 --- a/source4/lib/ldb/common/ldb.c +++ b/source4/lib/ldb/common/ldb.c @@ -823,10 +823,21 @@ int ldb_request(struct ldb_context *ldb, struct ldb_request *req) /* call the first module in the chain */ switch (req->operation) { case LDB_SEARCH: + /* due to "ldb_build_search_req" base DN always != NULL */ + if (!ldb_dn_validate(req->op.search.base)) { + ldb_asprintf_errstring(ldb, "ldb_search: invalid basedn '%s'", + ldb_dn_get_linearized(req->op.search.base)); + return LDB_ERR_INVALID_DN_SYNTAX; + } FIRST_OP(ldb, search); ret = module->ops->search(module, req); break; case LDB_ADD: + if (!ldb_dn_validate(req->op.add.message->dn)) { + ldb_asprintf_errstring(ldb, "ldb_add: invalid dn '%s'", + ldb_dn_get_linearized(req->op.add.message->dn)); + return LDB_ERR_INVALID_DN_SYNTAX; + } /* * we have to normalize here, as so many places * in modules and backends assume we don't have two @@ -838,14 +849,19 @@ int ldb_request(struct ldb_context *ldb, struct ldb_request *req) ldb_oom(ldb); return LDB_ERR_OPERATIONS_ERROR; } + FIRST_OP(ldb, add); ret = ldb_msg_check_element_flags(ldb, req->op.add.message); if (ret != LDB_SUCCESS) { return ret; } - FIRST_OP(ldb, add); ret = module->ops->add(module, req); break; case LDB_MODIFY: + if (!ldb_dn_validate(req->op.mod.message->dn)) { + ldb_asprintf_errstring(ldb, "ldb_modify: invalid dn '%s'", + ldb_dn_get_linearized(req->op.mod.message->dn)); + return LDB_ERR_INVALID_DN_SYNTAX; + } FIRST_OP(ldb, modify); ret = ldb_msg_check_element_flags(ldb, req->op.mod.message); if (ret != LDB_SUCCESS) { @@ -854,6 +870,11 @@ int ldb_request(struct ldb_context *ldb, struct ldb_request *req) ret = module->ops->modify(module, req); break; case LDB_DELETE: + if (!ldb_dn_validate(req->op.del.dn)) { + ldb_asprintf_errstring(ldb, "ldb_delete: invalid dn '%s'", + ldb_dn_get_linearized(req->op.del.dn)); + return LDB_ERR_INVALID_DN_SYNTAX; + } FIRST_OP(ldb, del); ret = module->ops->del(module, req); break; |