Fix strict DN parsing in server

lib/server.js

@@ -124,45 +124,6 @@ function getResponse(req) {
 }
 
 
-function decodeDN(req, strict) {
-  assert.ok(req);
-  var parse;
-  if (strict) {
-    parse = dn.parse;
-  } else {
-    parse = function (input) {
-      try {
-        return dn.parse(input);
-      } catch (e) {
-        return input;
-      }
-    };
-  }
-  switch (req.protocolOp) {
-  case Protocol.LDAP_REQ_BIND:
-    req.name = parse(req.name);
-    break;
-  case Protocol.LDAP_REQ_ADD:
-  case Protocol.LDAP_REQ_COMPARE:
-  case Protocol.LDAP_REQ_DELETE:
-    req.entry = parse(req.entry);
-    break;
-  case Protocol.LDAP_REQ_MODIFY:
-    req.object = parse(req.object);
-    break;
-  case Protocol.LDAP_REQ_MODRDN:
-    req.entry = parse(req.entry);
-    // TODO: handle newRdn/Superior
-    break;
-  case Protocol.LDAP_REQ_SEARCH:
-    req.baseObject = parse(req.baseObject);
-    break;
-  default:
-    break;
-  }
-}
-
-
 function defaultHandler(req, res, next) {
   assert.ok(req);
   assert.ok(res);
@@ -396,7 +357,34 @@ function Server(options) {
       }
 
       // parse string DNs for routing/etc
-      decodeDN(req, this.strictDN);
+      try {
+        switch (req.protocolOp) {
+        case Protocol.LDAP_REQ_BIND:
+          req.name = dn.parse(req.name);
+          break;
+        case Protocol.LDAP_REQ_ADD:
+        case Protocol.LDAP_REQ_COMPARE:
+        case Protocol.LDAP_REQ_DELETE:
+          req.entry = dn.parse(req.entry);
+          break;
+        case Protocol.LDAP_REQ_MODIFY:
+          req.object = dn.parse(req.object);
+          break;
+        case Protocol.LDAP_REQ_MODRDN:
+          req.entry = dn.parse(req.entry);
+          // TODO: handle newRdn/Superior
+          break;
+        case Protocol.LDAP_REQ_SEARCH:
+          req.baseObject = dn.parse(req.baseObject);
+          break;
+        default:
+          break;
+        }
+      } catch (e) {
+        if (self.strictDN) {
+          return res.end(errors.LDAP_INVALID_DN_SYNTAX);
+        }
+      }
 
       res.connection = c;
       res.logId = req.logId;

test/server.test.js

@@ -215,7 +215,71 @@ test('route unbind', function (t) {
   });
 });
 
-test('non-strict route', function (t) {
+test('strict routing', function (t) {
+  var testDN = 'cn=valid';
+  var clt;
+  vasync.pipeline({
+    funcs: [
+      function setup(_, cb) {
+        server = ldap.createServer({
+          // strictDN: true - on by default
+        });
+        sock = getSock();
+        // invalid DNs would go to default handler
+        server.search('', function (req, res, next) {
+          t.ok(req.dn);
+          t.equal(typeof (req.dn), 'object');
+          t.equal(req.dn.toString(), testDN);
+          res.end();
+          next();
+        });
+        server.listen(sock, function () {
+          t.ok(true, 'server startup');
+          clt = ldap.createClient({
+            socketPath: sock,
+            strictDN: false
+          });
+          cb();
+        });
+      },
+      function testBad(_, cb) {
+        clt.search('not a dn', {scope: 'base'}, function (err, res) {
+          t.ifError(err);
+          res.once('error', function (err2) {
+            t.ok(err2);
+            t.equal(err2.code, ldap.LDAP_INVALID_DN_SYNTAX);
+            cb();
+          });
+          res.once('end', function () {
+            t.fail('accepted invalid dn');
+            cb('bogus');
+          });
+        });
+      },
+      function testGood(_, cb) {
+        clt.search(testDN, {scope: 'base'}, function (err, res) {
+          t.ifError(err);
+          res.once('error', function (err2) {
+            t.ifError(err2);
+            cb(err2);
+          });
+          res.once('end', function (result) {
+            t.ok(result, 'accepted invalid dn');
+            cb();
+          });
+        });
+      }
+    ]
+  }, function (err, res) {
+    if (clt) {
+      clt.destroy();
+    }
+    server.close();
+    t.end();
+  });
+});
+
+test('non-strict routing', function (t) {
   server = ldap.createServer({
     strictDN: false
   });