From 0c801e02d5b9804c5444d4e923babc34ee05b61c Mon Sep 17 00:00:00 2001
From: Alex Auvolat <alex@adnab.me>
Date: Sun, 2 Feb 2020 13:51:47 +0100
Subject: Remove spaces between dn components, use warnings when necessary

---
 write.go | 49 ++++++++++++++++++++++++-------------------------
 1 file changed, 24 insertions(+), 25 deletions(-)

(limited to 'write.go')

diff --git a/write.go b/write.go
index 4da1a53..4874775 100644
--- a/write.go
+++ b/write.go
@@ -29,9 +29,7 @@ func (server *Server) handleAdd(s ldap.UserState, w ldap.ResponseWriter, m *ldap
 }
 
 func (server *Server) handleAddInternal(state *State, r *message.AddRequest) (int, error) {
-	dn := string(r.Entry())
-
-	_, err := server.checkSuffix(dn, false)
+	dn, err := server.checkDN(string(r.Entry()), false)
 	if err != nil {
 		return ldap.LDAPResultInvalidDNSyntax, err
 	}
@@ -80,18 +78,18 @@ func (server *Server) handleAddInternal(state *State, r *message.AddRequest) (in
 		if strings.EqualFold(key, ATTR_MEMBER) {
 			members = vals_str
 			for _, member := range members {
-				_, err := server.checkSuffix(member, false)
+				member_canonical, err := server.checkDN(member, false)
 				if err != nil {
 					return ldap.LDAPResultInvalidDNSyntax, err
 				}
-				exists, err = server.objectExists(member)
+				exists, err = server.objectExists(member_canonical)
 				if err != nil {
 					return ldap.LDAPResultOperationsError, err
 				}
 				if !exists {
 					return ldap.LDAPResultNoSuchObject, fmt.Errorf(
 						"Cannot add %s to members, it does not exist!",
-						member)
+						member_canonical)
 				}
 			}
 		}
@@ -103,7 +101,7 @@ func (server *Server) handleAddInternal(state *State, r *message.AddRequest) (in
 	entry[ATTR_ENTRYUUID] = []string{genUuid()}
 	entry[dnSplit[0].Type] = []string{dnSplit[0].Value}
 
-	// Add our intem in the DB
+	// Add our item in the DB
 	err = server.addElements(dn, entry)
 	if err != nil {
 		return ldap.LDAPResultOperationsError, err
@@ -116,7 +114,7 @@ func (server *Server) handleAddInternal(state *State, r *message.AddRequest) (in
 		for _, member := range members {
 			memberGroups, err := server.getAttribute(member, ATTR_MEMBEROF)
 			if err != nil {
-				server.logger.Printf("Could not add %s to memberOf of %s: %s", dn, member, err)
+				server.logger.Warnf("Could not add %s to memberOf of %s: %s", dn, member, err)
 				continue
 			}
 			if memberGroups == nil {
@@ -127,7 +125,7 @@ func (server *Server) handleAddInternal(state *State, r *message.AddRequest) (in
 			for _, mb := range memberGroups {
 				if mb == dn {
 					alreadyMember = true
-					server.logger.Printf("Warning: inconsistency detected, %s was memberOf %s at a time when it didn't exist!",
+					server.logger.Warnf("Warning: inconsistency detected, %s was memberOf %s at a time when it didn't exist!",
 						member, dn)
 					break
 				}
@@ -139,7 +137,7 @@ func (server *Server) handleAddInternal(state *State, r *message.AddRequest) (in
 					ATTR_MEMBEROF: memberGroups,
 				})
 				if err != nil {
-					server.logger.Printf("Could not add %s to memberOf of %s: %s", dn, member, err)
+					server.logger.Warnf("Could not add %s to memberOf of %s: %s", dn, member, err)
 				}
 			}
 		}
@@ -169,9 +167,7 @@ func (server *Server) handleDelete(s ldap.UserState, w ldap.ResponseWriter, m *l
 }
 
 func (server *Server) handleDeleteInternal(state *State, r *message.DelRequest) (int, error) {
-	dn := string(*r)
-
-	_, err := server.checkSuffix(dn, false)
+	dn, err := server.checkDN(string(*r), false)
 	if err != nil {
 		return ldap.LDAPResultInvalidDNSyntax, err
 	}
@@ -229,7 +225,7 @@ func (server *Server) handleDeleteInternal(state *State, r *message.DelRequest)
 		for _, group := range memberOf {
 			groupMembers, err := server.getAttribute(group, ATTR_MEMBER)
 			if err != nil {
-				server.logger.Printf("Could not remove %s from members of %s: %s", dn, group, err)
+				server.logger.Warnf("Could not remove %s from members of %s: %s", dn, group, err)
 				continue
 			}
 
@@ -244,7 +240,7 @@ func (server *Server) handleDeleteInternal(state *State, r *message.DelRequest)
 				ATTR_MEMBER: newMembers,
 			})
 			if err != nil {
-				server.logger.Printf("Could not remove %s from members of %s: %s", dn, group, err)
+				server.logger.Warnf("Could not remove %s from members of %s: %s", dn, group, err)
 			}
 		}
 	}
@@ -254,7 +250,7 @@ func (server *Server) handleDeleteInternal(state *State, r *message.DelRequest)
 		for _, member := range memberList {
 			memberOf, err := server.getAttribute(member, ATTR_MEMBEROF)
 			if err != nil || memberOf == nil {
-				server.logger.Printf("Could not remove %s from memberOf of %s: %s", dn, member, err)
+				server.logger.Warnf("Could not remove %s from memberOf of %s: %s", dn, member, err)
 				continue
 			}
 
@@ -269,7 +265,7 @@ func (server *Server) handleDeleteInternal(state *State, r *message.DelRequest)
 				ATTR_MEMBEROF: newMemberOf,
 			})
 			if err != nil {
-				server.logger.Printf("Could not remove %s from memberOf of %s: %s", dn, member, err)
+				server.logger.Warnf("Could not remove %s from memberOf of %s: %s", dn, member, err)
 			}
 		}
 	}
@@ -298,9 +294,7 @@ func (server *Server) handleModify(s ldap.UserState, w ldap.ResponseWriter, m *l
 }
 
 func (server *Server) handleModifyInternal(state *State, r *message.ModifyRequest) (int, error) {
-	dn := string(r.Object())
-
-	_, err := server.checkSuffix(dn, false)
+	dn, err := server.checkDN(string(r.Object()), false)
 	if err != nil {
 		return ldap.LDAPResultInvalidDNSyntax, err
 	}
@@ -447,7 +441,11 @@ func (server *Server) handleModifyInternal(state *State, r *message.ModifyReques
 	}
 
 	// Check that added members actually exist
-	for _, addMem := range addMembers {
+	for i := range addMembers {
+		addMem, err := server.checkDN(addMembers[i], false)
+		if err != nil {
+			return ldap.LDAPResultInvalidDNSyntax, err
+		}
 		exists, err := server.objectExists(addMem)
 		if err != nil {
 			return ldap.LDAPResultOperationsError, err
@@ -456,6 +454,7 @@ func (server *Server) handleModifyInternal(state *State, r *message.ModifyReques
 			return ldap.LDAPResultNoSuchObject, fmt.Errorf(
 				"Cannot add member %s, it does not exist", addMem)
 		}
+		addMembers[i] = addMem
 	}
 
 	newEntry[ATTR_MODIFIERSNAME] = []string{state.login.user}
@@ -470,7 +469,7 @@ func (server *Server) handleModifyInternal(state *State, r *message.ModifyReques
 	for _, addMem := range addMembers {
 		memberOf, err := server.getAttribute(addMem, ATTR_MEMBEROF)
 		if err != nil {
-			server.logger.Printf("Could not add %s to memberOf of %s: %s", dn, addMem, err)
+			server.logger.Warnf("Could not add %s to memberOf of %s: %s", dn, addMem, err)
 			continue
 		}
 		if memberOf == nil {
@@ -490,7 +489,7 @@ func (server *Server) handleModifyInternal(state *State, r *message.ModifyReques
 				ATTR_MEMBEROF: memberOf,
 			})
 			if err != nil {
-				server.logger.Printf("Could not add %s to memberOf of %s: %s", dn, addMem, err)
+				server.logger.Warnf("Could not add %s to memberOf of %s: %s", dn, addMem, err)
 			}
 		}
 	}
@@ -498,7 +497,7 @@ func (server *Server) handleModifyInternal(state *State, r *message.ModifyReques
 	for _, delMem := range delMembers {
 		memberOf, err := server.getAttribute(delMem, ATTR_MEMBEROF)
 		if err != nil {
-			server.logger.Printf("Could not remove %s from memberOf of %s: %s", dn, delMem, err)
+			server.logger.Warnf("Could not remove %s from memberOf of %s: %s", dn, delMem, err)
 			continue
 		}
 		if memberOf == nil {
@@ -513,7 +512,7 @@ func (server *Server) handleModifyInternal(state *State, r *message.ModifyReques
 
 		err = server.addElements(delMem, Entry{ATTR_MEMBEROF: newMemberOf})
 		if err != nil {
-			server.logger.Printf("Could not remove %s from memberOf of %s: %s", dn, delMem, err)
+			server.logger.Warnf("Could not remove %s from memberOf of %s: %s", dn, delMem, err)
 		}
 	}
 
-- 
cgit v1.2.3