From: Kurt Zeilenga Date: Fri, 8 Sep 2000 05:20:46 +0000 (+0000) Subject: Disallow inappropriate operations upon the root dse. X-Git-Tag: LDBM_PRE_GIANT_RWLOCK~2069 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=1e26e165fe855bbf0eb5a15070046913d749a43b;p=openldap Disallow inappropriate operations upon the root dse. --- diff --git a/servers/slapd/add.c b/servers/slapd/add.c index de88b57f86..e2aad2ef70 100644 --- a/servers/slapd/add.c +++ b/servers/slapd/add.c @@ -142,6 +142,13 @@ do_add( Connection *conn, Operation *op ) Statslog( LDAP_DEBUG_STATS, "conn=%ld op=%d ADD dn=\"%s\"\n", op->o_connid, op->o_opid, e->e_ndn, 0, 0 ); + if( e->e_ndn == NULL || *e->e_ndn == '\0' ) { + /* protocolError may be a more appropriate error */ + send_ldap_result( conn, op, rc = LDAP_ALREADY_EXISTS, + NULL, "root DSE exists", NULL, NULL ); + goto done; + } + /* * We could be serving multiple database backends. Select the * appropriate one, or send a referral to our "referral server" diff --git a/servers/slapd/delete.c b/servers/slapd/delete.c index d3bb5d96fa..140e825152 100644 --- a/servers/slapd/delete.c +++ b/servers/slapd/delete.c @@ -65,6 +65,14 @@ do_delete( goto cleanup; } + if( ndn == '\0' ) { + Debug( LDAP_DEBUG_ANY, "do_delete: root dse!\n", 0, 0, 0 ); + /* protocolError would likely be a more appropriate error */ + send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM, + NULL, "cannot delete the root DSE", NULL, NULL ); + goto cleanup; + } + Statslog( LDAP_DEBUG_STATS, "conn=%ld op=%d DEL dn=\"%s\"\n", op->o_connid, op->o_opid, dn, 0, 0 ); diff --git a/servers/slapd/tools/slapadd.c b/servers/slapd/tools/slapadd.c index 55cf92408c..4cf22f2457 100644 --- a/servers/slapd/tools/slapadd.c +++ b/servers/slapd/tools/slapadd.c @@ -67,6 +67,16 @@ main( int argc, char **argv ) break; } + /* make sure the DN is valid */ + if( e->e_ndn == '\0' ) { + fprintf( stderr, "%s: empty dn=\"%s\" (line=%d)\n", + progname, e->e_dn, lineno ); + rc = EXIT_FAILURE; + entry_free( e ); + if( continuemode ) continue; + break; + } + if( !noschemacheck ) { /* check schema */ const char *text;