diff options
| author | Stefan Metzmacher <metze@samba.org> | 2016-02-01 23:04:04 +0100 |
|---|---|---|
| committer | Garming Sam <garming@samba.org> | 2016-02-17 03:43:23 +0100 |
| commit | 3f0fbfa7b2eac8e54ce165564cf6f33dd1821644 (patch) | |
| tree | 6a518ae66bf5130391e60fb6676378f578b21771 /source4/dsdb | |
| parent | ab16d11e322d3183d7f43fd0cef6f36440ce8639 (diff) | |
| download | samba-3f0fbfa7b2eac8e54ce165564cf6f33dd1821644.tar.gz | |
s4:dsdb/samldb: check for valid lDAPDisplayName vaues on add()
This still leaves modifies(), but that's a task for another day.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/dsdb')
| -rw-r--r-- | source4/dsdb/samdb/ldb_modules/samldb.c | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 2394bd9851e..479f89ad9a4 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -683,6 +683,7 @@ static int samldb_fill_object(struct samldb_ctx *ac) } case SAMLDB_TYPE_CLASS: { + const char *lDAPDisplayName = NULL; const struct ldb_val *rdn_value, *def_obj_cat_val; unsigned int v = ldb_msg_find_attr_as_uint(ac->msg, "objectClassCategory", -2); @@ -719,6 +720,20 @@ static int samldb_fill_object(struct samldb_ctx *ac) } } + lDAPDisplayName = ldb_msg_find_attr_as_string(ac->msg, + "lDAPDisplayName", + NULL); + ret = ldb_valid_attr_name(lDAPDisplayName); + if (ret != 1 || + lDAPDisplayName[0] == '*' || + lDAPDisplayName[0] == '@') + { + return dsdb_module_werror(ac->module, + LDB_ERR_UNWILLING_TO_PERFORM, + WERR_DS_INVALID_LDAP_DISPLAY_NAME, + "lDAPDisplayName is invalid"); + } + if (!ldb_msg_find_element(ac->msg, "schemaIDGUID")) { struct GUID guid; /* a new GUID */ @@ -780,6 +795,7 @@ static int samldb_fill_object(struct samldb_ctx *ac) } case SAMLDB_TYPE_ATTRIBUTE: { + const char *lDAPDisplayName = NULL; const struct ldb_val *rdn_value; struct ldb_message_element *el; rdn_value = ldb_dn_get_rdn_val(ac->msg->dn); @@ -797,6 +813,20 @@ static int samldb_fill_object(struct samldb_ctx *ac) } } + lDAPDisplayName = ldb_msg_find_attr_as_string(ac->msg, + "lDAPDisplayName", + NULL); + ret = ldb_valid_attr_name(lDAPDisplayName); + if (ret != 1 || + lDAPDisplayName[0] == '*' || + lDAPDisplayName[0] == '@') + { + return dsdb_module_werror(ac->module, + LDB_ERR_UNWILLING_TO_PERFORM, + WERR_DS_INVALID_LDAP_DISPLAY_NAME, + "lDAPDisplayName is invalid"); + } + /* do not allow one to mark an attributeSchema as RODC filtered if it * is system-critical */ if (check_rodc_critical_attribute(ac->msg)) { |