Disallow inappropriate operations upon the root dse.

2025-12-28 10:39:34 -05:00 · 2000-09-08 05:20:46 +00:00 · 2000-09-08 05:20:46 +00:00 · 1e26e165fe
commit 1e26e165fe
parent a20800a964
3 changed files with 25 additions and 0 deletions
--- a/servers/slapd/add.c
+++ b/servers/slapd/add.c
@ -142,6 +142,13 @@ do_add( Connection *conn, Operation *op )
 	Statslog( LDAP_DEBUG_STATS, "conn=%ld op=%d ADD dn=\"%s\"\n",
 	    op->o_connid, op->o_opid, e->e_ndn, 0, 0 );

+	if( e->e_ndn == NULL || *e->e_ndn == '\0' ) {
+		/* protocolError may be a more appropriate error */
+		send_ldap_result( conn, op, rc = LDAP_ALREADY_EXISTS,
+			NULL, "root DSE exists", NULL, NULL );
+		goto done;
+	}
+
 	/*
 	 * We could be serving multiple database backends.  Select the
 	 * appropriate one, or send a referral to our "referral server"
--- a/servers/slapd/delete.c
+++ b/servers/slapd/delete.c
@ -65,6 +65,14 @@ do_delete(
 		goto cleanup;
 	}

+	if( ndn == '\0' ) {
+		Debug( LDAP_DEBUG_ANY, "do_delete: root dse!\n", 0, 0, 0 );
+		/* protocolError would likely be a more appropriate error */
+		send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
+			NULL, "cannot delete the root DSE", NULL, NULL );
+		goto cleanup;
+	}
+
 	Statslog( LDAP_DEBUG_STATS, "conn=%ld op=%d DEL dn=\"%s\"\n",
 		op->o_connid, op->o_opid, dn, 0, 0 );

--- a/servers/slapd/tools/slapadd.c
+++ b/servers/slapd/tools/slapadd.c
@ -67,6 +67,16 @@ main( int argc, char **argv )
 			break;
 		}

+		/* make sure the DN is valid */
+		if( e->e_ndn == '\0' ) {
+			fprintf( stderr, "%s: empty dn=\"%s\" (line=%d)\n",
+				progname, e->e_dn, lineno );
+			rc = EXIT_FAILURE;
+			entry_free( e );
+			if( continuemode ) continue;
+			break;
+		}
+
 		if( !noschemacheck ) {
 			/* check schema */
 			const char *text;