return dsdb_dn_construct_internal(mem_ctx, dn, extra_part, dn_format, oid);
}
-struct dsdb_dn *dsdb_dn_parse(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
- const struct ldb_val *dn_blob, const char *dn_oid)
+struct dsdb_dn *dsdb_dn_parse_trusted(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
+ const struct ldb_val *dn_blob, const char *dn_oid)
{
struct dsdb_dn *dsdb_dn;
struct ldb_dn *dn;
case DSDB_NORMAL_DN:
{
dn = ldb_dn_from_ldb_val(mem_ctx, ldb, dn_blob);
- if (!dn || !ldb_dn_validate(dn)) {
+ if (!dn) {
talloc_free(dn);
return NULL;
}
dval.length = strlen(dn_str);
dn = ldb_dn_from_ldb_val(tmp_ctx, ldb, &dval);
- if (!dn || !ldb_dn_validate(dn)) {
+ if (!dn) {
DEBUG(10, (__location__ ": err\n"));
goto failed;
}
return NULL;
}
+struct dsdb_dn *dsdb_dn_parse(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
+ const struct ldb_val *dn_blob, const char *dn_oid)
+{
+ struct dsdb_dn *dsdb_dn = dsdb_dn_parse_trusted(mem_ctx, ldb,
+ dn_blob, dn_oid);
+ if (dsdb_dn == NULL) {
+ return NULL;
+ }
+ if (ldb_dn_validate(dsdb_dn->dn) == false) {
+ DEBUG(10, ("could not parse %.*s as a %s DN",
+ (int)dn_blob->length, dn_blob->data,
+ dn_oid));
+ return NULL;
+ }
+ return dsdb_dn;
+}
static char *dsdb_dn_get_with_postfix(TALLOC_CTX *mem_ctx,
struct dsdb_dn *dsdb_dn,
}
- dsdb_dn = dsdb_dn_parse(msg, ldb, plain_dn, attribute->syntax->ldap_oid);
+ dsdb_dn = dsdb_dn_parse_trusted(msg, ldb, plain_dn, attribute->syntax->ldap_oid);
- if (!dsdb_dn || !ldb_dn_validate(dsdb_dn->dn)) {
+ if (!dsdb_dn) {
ldb_asprintf_errstring(ldb,
"could not parse %.*s in %s on %s as a %s DN",
(int)plain_dn->length, plain_dn->data,
talloc_free(hex_string);
}
- /* don't let users see the internal extended
- GUID components */
- if (!have_reveal_control) {
- const char *accept[] = { "GUID", "SID", NULL };
- ldb_dn_extended_filter(dn, accept);
- }
-
if (p->normalise) {
ret = dsdb_fix_dn_rdncase(ldb, dn);
if (ret != LDB_SUCCESS) {
}
if (make_extended_dn) {
+ if (!ldb_dn_validate(dsdb_dn->dn)) {
+ ldb_asprintf_errstring(ldb,
+ "could not parse %.*s in %s on %s as a %s DN",
+ (int)plain_dn->length, plain_dn->data,
+ msg->elements[i].name, ldb_dn_get_linearized(msg->dn),
+ attribute->syntax->ldap_oid);
+ talloc_free(dsdb_dn);
+ return ldb_module_done(ac->req, NULL, NULL, LDB_ERR_INVALID_DN_SYNTAX);
+ }
+ /* don't let users see the internal extended
+ GUID components */
+ if (!have_reveal_control) {
+ const char *accept[] = { "GUID", "SID", NULL };
+ ldb_dn_extended_filter(dn, accept);
+ }
dn_str = dsdb_dn_get_extended_linearized(msg->elements[i].values,
dsdb_dn, ac->extended_type);
} else {