diff options
Diffstat (limited to 'source4/ldap_server')
-rw-r--r-- | source4/ldap_server/ldap_backend.c | 38 | ||||
-rw-r--r-- | source4/ldap_server/ldap_server.c | 9 |
2 files changed, 24 insertions, 23 deletions
diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c index 1a2206b831..de99280ded 100644 --- a/source4/ldap_server/ldap_backend.c +++ b/source4/ldap_server/ldap_backend.c @@ -31,6 +31,10 @@ #define VALID_DN_SYNTAX(dn,i) do {\ if (!(dn)) {\ return NT_STATUS_NO_MEMORY;\ + } else if ( ! ldb_dn_validate(dn)) {\ + result = LDAP_INVALID_DN_SYNTAX;\ + errstr = "Invalid DN format";\ + goto reply;\ } else if (ldb_dn_get_comp_num(dn) < (i)) {\ result = LDAP_INVALID_DN_SYNTAX;\ errstr = "Invalid DN (" #i " components needed for '" #dn "')";\ @@ -169,7 +173,7 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call) local_ctx = talloc_new(call); NT_STATUS_HAVE_NO_MEMORY(local_ctx); - basedn = ldb_dn_explode(local_ctx, req->basedn); + basedn = ldb_dn_new(local_ctx, samdb, req->basedn); VALID_DN_SYNTAX(basedn, 0); DEBUG(10, ("SearchRequest: basedn: [%s]\n", req->basedn)); @@ -327,7 +331,7 @@ static NTSTATUS ldapsrv_ModifyRequest(struct ldapsrv_call *call) local_ctx = talloc_named(call, 0, "ModifyRequest local memory context"); NT_STATUS_HAVE_NO_MEMORY(local_ctx); - dn = ldb_dn_explode(local_ctx, req->dn); + dn = ldb_dn_new(local_ctx, samdb, req->dn); VALID_DN_SYNTAX(dn, 1); DEBUG(10, ("ModifyRequest: dn: [%s]\n", req->dn)); @@ -431,7 +435,7 @@ static NTSTATUS ldapsrv_AddRequest(struct ldapsrv_call *call) local_ctx = talloc_named(call, 0, "AddRequest local memory context"); NT_STATUS_HAVE_NO_MEMORY(local_ctx); - dn = ldb_dn_explode(local_ctx, req->dn); + dn = ldb_dn_new(local_ctx, samdb, req->dn); VALID_DN_SYNTAX(dn,1); DEBUG(10, ("AddRequest: dn: [%s]\n", req->dn)); @@ -522,7 +526,7 @@ static NTSTATUS ldapsrv_DelRequest(struct ldapsrv_call *call) local_ctx = talloc_named(call, 0, "DelRequest local memory context"); NT_STATUS_HAVE_NO_MEMORY(local_ctx); - dn = ldb_dn_explode(local_ctx, req->dn); + dn = ldb_dn_new(local_ctx, samdb, req->dn); VALID_DN_SYNTAX(dn,1); DEBUG(10, ("DelRequest: dn: [%s]\n", req->dn)); @@ -568,10 +572,10 @@ static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call) local_ctx = talloc_named(call, 0, "ModifyDNRequest local memory context"); NT_STATUS_HAVE_NO_MEMORY(local_ctx); - olddn = ldb_dn_explode(local_ctx, req->dn); + olddn = ldb_dn_new(local_ctx, samdb, req->dn); VALID_DN_SYNTAX(olddn, 2); - newrdn = ldb_dn_explode(local_ctx, req->newrdn); + newrdn = ldb_dn_new(local_ctx, samdb, req->newrdn); VALID_DN_SYNTAX(newrdn, 1); DEBUG(10, ("ModifyDNRequest: olddn: [%s]\n", req->dn)); @@ -584,14 +588,8 @@ static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call) goto reply; } - if (ldb_dn_get_comp_num(newrdn) > 1) { - result = LDAP_NAMING_VIOLATION; - errstr = "Error new RDN invalid"; - goto reply; - } - if (req->newsuperior) { - parentdn = ldb_dn_explode(local_ctx, req->newsuperior); + parentdn = ldb_dn_new(local_ctx, samdb, req->newsuperior); VALID_DN_SYNTAX(parentdn, 0); DEBUG(10, ("ModifyDNRequest: newsuperior: [%s]\n", req->newsuperior)); @@ -607,11 +605,13 @@ static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call) NT_STATUS_HAVE_NO_MEMORY(parentdn); } - newdn = ldb_dn_build_child(local_ctx, - ldb_dn_get_rdn_name(newrdn), - (char *)ldb_dn_get_rdn_val(newrdn)->data, - parentdn); - NT_STATUS_HAVE_NO_MEMORY(newdn); + if ( ! ldb_dn_add_child_fmt(parentdn, + "%s=%s", + ldb_dn_get_rdn_name(newrdn), + (char *)ldb_dn_get_rdn_val(newrdn)->data)) { + result = LDAP_OTHER; + goto reply; + } reply: modifydn_r = ldapsrv_init_reply(call, LDAP_TAG_ModifyDNResponse); @@ -655,7 +655,7 @@ static NTSTATUS ldapsrv_CompareRequest(struct ldapsrv_call *call) local_ctx = talloc_named(call, 0, "CompareRequest local_memory_context"); NT_STATUS_HAVE_NO_MEMORY(local_ctx); - dn = ldb_dn_explode(local_ctx, req->dn); + dn = ldb_dn_new(local_ctx, samdb, req->dn); VALID_DN_SYNTAX(dn, 1); DEBUG(10, ("CompareRequest: dn: [%s]\n", req->dn)); diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 29555b14e1..82fc1d9660 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -239,8 +239,8 @@ static int ldapsrv_load_limits(struct ldapsrv_connection *conn) return -1; } - basedn = ldb_dn_new(tmp_ctx); - if (basedn == NULL) { + basedn = ldb_dn_new(tmp_ctx, conn->ldb, NULL); + if ( ! ldb_dn_validate(basedn)) { goto failed; } @@ -250,12 +250,13 @@ static int ldapsrv_load_limits(struct ldapsrv_connection *conn) goto failed; } - conf_dn = ldb_msg_find_attr_as_dn(tmp_ctx, res->msgs[0], "configurationNamingContext"); + conf_dn = ldb_msg_find_attr_as_dn(conn->ldb, tmp_ctx, res->msgs[0], "configurationNamingContext"); if (conf_dn == NULL) { goto failed; } - policy_dn = ldb_dn_string_compose(tmp_ctx, conf_dn, "CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services"); + policy_dn = ldb_dn_copy(tmp_ctx, conf_dn); + ldb_dn_add_child_fmt(policy_dn, "CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services"); if (policy_dn == NULL) { goto failed; } |