diff options
| -rwxr-xr-x | source4/dsdb/tests/python/ldap.py | 52 | ||||
| -rw-r--r-- | source4/lib/ldb/modules/rdn_name.c | 22 |
2 files changed, 69 insertions, 5 deletions
diff --git a/source4/dsdb/tests/python/ldap.py b/source4/dsdb/tests/python/ldap.py index d9a4f2a6b1..e148e99de6 100755 --- a/source4/dsdb/tests/python/ldap.py +++ b/source4/dsdb/tests/python/ldap.py @@ -887,6 +887,34 @@ objectClass: bootableDevice """Tests the RDN""" print "Tests the RDN""" + # empty RDN + try: + self.ldb.add({ + "dn": "=,cn=users," + self.base_dn, + "objectclass": "group"}) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_INVALID_DN_SYNTAX) + + # empty RDN name + try: + self.ldb.add({ + "dn": "=ldaptestgroup,cn=users," + self.base_dn, + "objectclass": "group"}) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_INVALID_DN_SYNTAX) + + # empty RDN value + try: + self.ldb.add({ + "dn": "cn=,cn=users," + self.base_dn, + "objectclass": "group"}) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_INVALID_DN_SYNTAX) + + # a wrong RDN candidate try: self.ldb.add({ "dn": "description=xyz,cn=users," + self.base_dn, @@ -910,6 +938,30 @@ objectClass: bootableDevice self.assertTrue("name" in res[0]) self.assertTrue(res[0]["name"][0] == "ldaptestgroup") + # new empty RDN + try: + self.ldb.rename("cn=ldaptestgroup,cn=users," + self.base_dn, + "=,cn=users," + self.base_dn) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_INVALID_DN_SYNTAX) + + # new empty RDN name + try: + self.ldb.rename("cn=ldaptestgroup,cn=users," + self.base_dn, + "=ldaptestgroup,cn=users," + self.base_dn) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_INVALID_DN_SYNTAX) + + # new empty RDN value + try: + self.ldb.rename("cn=ldaptestgroup,cn=users," + self.base_dn, + "cn=,cn=users," + self.base_dn) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_NAMING_VIOLATION) + m = Message() m.dn = Dn(ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) m["name"] = MessageElement("cn=ldaptestuser", FLAG_MOD_REPLACE, diff --git a/source4/lib/ldb/modules/rdn_name.c b/source4/lib/ldb/modules/rdn_name.c index 38d87b0712..313d9998e3 100644 --- a/source4/lib/ldb/modules/rdn_name.c +++ b/source4/lib/ldb/modules/rdn_name.c @@ -121,8 +121,13 @@ static int rdn_name_add(struct ldb_module *module, struct ldb_request *req) if (rdn_val_p == NULL) { return LDB_ERR_OPERATIONS_ERROR; } + if (rdn_val_p->length == 0) { + ldb_asprintf_errstring(ldb, "Empty RDN value on %s not permitted!", + ldb_dn_get_linearized(req->op.add.message->dn)); + return LDB_ERR_INVALID_DN_SYNTAX; + } rdn_val = ldb_val_dup(msg, rdn_val_p); - + /* Perhaps someone above us tried to set this? Then ignore it */ ldb_msg_remove_attr(msg, "name"); @@ -275,16 +280,24 @@ static int rdn_rename_callback(struct ldb_request *req, struct ldb_reply *ares) if (msg->dn == NULL) { goto error; } + rdn_name = ldb_dn_get_rdn_name(ac->req->op.rename.newdn); if (rdn_name == NULL) { goto error; } + rdn_val_p = ldb_dn_get_rdn_val(msg->dn); if (rdn_val_p == NULL) { - return LDB_ERR_OPERATIONS_ERROR; + goto error; + } + if (rdn_val_p->length == 0) { + ldb_asprintf_errstring(ldb, "Empty RDN value on %s not permitted!", + ldb_dn_get_linearized(req->op.rename.olddn)); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_NAMING_VIOLATION); } rdn_val = ldb_val_dup(msg, rdn_val_p); - + if (ldb_msg_add_empty(msg, rdn_name, LDB_FLAG_MOD_REPLACE, NULL) != 0) { goto error; } @@ -311,8 +324,7 @@ static int rdn_rename_callback(struct ldb_request *req, struct ldb_reply *ares) return ldb_next_request(ac->module, mod_req); error: - return ldb_module_done(ac->req, NULL, NULL, - LDB_ERR_OPERATIONS_ERROR); + return ldb_module_done(ac->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } static int rdn_name_rename(struct ldb_module *module, struct ldb_request *req) |