mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
parent: d2a491b7 | patch | commit | show whitespace
matthew_swift
08.53.2009 eb8bbf8b219c332bced19aab36a6e4f7616228a8 
Fix issue 4042:  LDAP assertion control access control evaluation results in protocol error

This change ensures that we get the correct LDAP result code back when LDAP assertion control evaluation fails.
6 files modified
142 ■■■■ changed files
opendj-sdk/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendAddOperation.java 26 ●●●● patch | view | raw | blame | history
opendj-sdk/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendCompareOperation.java 24 ●●●● patch | view | raw | blame | history
opendj-sdk/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendDeleteOperation.java 24 ●●●● patch | view | raw | blame | history
opendj-sdk/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyDNOperation.java 24 ●●●● patch | view | raw | blame | history
opendj-sdk/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java 24 ●●●● patch | view | raw | blame | history
opendj-sdk/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendSearchOperation.java 20 ●●●●● patch | view | raw | blame | history 
 opendj-sdk/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendAddOperation.java


@@ -1465,14 +1465,28 @@


        if (oid.equals(OID_LDAP_ASSERTION))


        {


          // RFC 4528 mandates support for Add operation basically


          // suggesting an asertion on self. As daft as it may be


          // suggesting an assertion on self. As daft as it may be


          // we gonna have to support this for RFC compliance.


          LDAPAssertionRequestControl assertControl =


            getRequestControl(LDAPAssertionRequestControl.DECODER);




          SearchFilter filter;


          try


          {


            SearchFilter filter = assertControl.getSearchFilter();


            filter = assertControl.getSearchFilter();


          }


          catch (DirectoryException de)


          {


            if (debugEnabled())


            {


              TRACER.debugCaught(DebugLogLevel.ERROR, de);


            }




            throw new DirectoryException(de.getResultCode(),


                ERR_ADD_CANNOT_PROCESS_ASSERTION_FILTER.get(


                    String.valueOf(entryDN),


                    de.getMessageObject()));


          }




            // Check if the current user has permission to make


            // this determination.


@@ -1484,11 +1498,13 @@


                ERR_CONTROL_INSUFFICIENT_ACCESS_RIGHTS.get(oid));


            }




          try


          {


            if (! filter.matchesEntry(entry))


            {


              throw new DirectoryException(ResultCode.ASSERTION_FAILED,


                                           ERR_ADD_ASSERTION_FAILED.get(


                                                String.valueOf(entryDN)));


                  ERR_ADD_ASSERTION_FAILED.get(String


                      .valueOf(entryDN)));


            }


          }


          catch (DirectoryException de)


@@ -1503,7 +1519,7 @@


              TRACER.debugCaught(DebugLogLevel.ERROR, de);


            }




            throw new DirectoryException(ResultCode.PROTOCOL_ERROR,


            throw new DirectoryException(de.getResultCode(),


                           ERR_ADD_CANNOT_PROCESS_ASSERTION_FILTER.get(


                                String.valueOf(entryDN),


                                de.getMessageObject()));




 opendj-sdk/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendCompareOperation.java


@@ -446,9 +446,23 @@


          LDAPAssertionRequestControl assertControl =


                getRequestControl(LDAPAssertionRequestControl.DECODER);




          SearchFilter filter;


          try


          {


            SearchFilter filter = assertControl.getSearchFilter();


            filter = assertControl.getSearchFilter();


          }


          catch (DirectoryException de)


          {


            if (debugEnabled())


            {


              TRACER.debugCaught(DebugLogLevel.ERROR, de);


            }




            throw new DirectoryException(de.getResultCode(),


                           ERR_COMPARE_CANNOT_PROCESS_ASSERTION_FILTER.get(


                                String.valueOf(entryDN),


                                de.getMessageObject()));


          }




            // Check if the current user has permission to make


            // this determination.


@@ -460,11 +474,13 @@


                ERR_CONTROL_INSUFFICIENT_ACCESS_RIGHTS.get(oid));


            }




          try


          {


            if (! filter.matchesEntry(entry))


            {


              throw new DirectoryException(ResultCode.ASSERTION_FAILED,


                                           ERR_COMPARE_ASSERTION_FAILED.get(


                                                String.valueOf(entryDN)));


                  ERR_COMPARE_ASSERTION_FAILED.get(String


                      .valueOf(entryDN)));


            }


          }


          catch (DirectoryException de)


@@ -479,7 +495,7 @@


              TRACER.debugCaught(DebugLogLevel.ERROR, de);


            }




            throw new DirectoryException(ResultCode.PROTOCOL_ERROR,


            throw new DirectoryException(de.getResultCode(),


                           ERR_COMPARE_CANNOT_PROCESS_ASSERTION_FILTER.get(


                                String.valueOf(entryDN),


                                de.getMessageObject()));




 opendj-sdk/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendDeleteOperation.java


@@ -530,9 +530,23 @@


          LDAPAssertionRequestControl assertControl =


                getRequestControl(LDAPAssertionRequestControl.DECODER);




          SearchFilter filter;


          try


          {


            SearchFilter filter = assertControl.getSearchFilter();


            filter = assertControl.getSearchFilter();


          }


          catch (DirectoryException de)


          {


            if (debugEnabled())


            {


              TRACER.debugCaught(DebugLogLevel.ERROR, de);


            }




            throw new DirectoryException(de.getResultCode(),


                           ERR_DELETE_CANNOT_PROCESS_ASSERTION_FILTER.get(


                                String.valueOf(entryDN),


                                de.getMessageObject()));


          }




            // Check if the current user has permission to make


            // this determination.


@@ -544,11 +558,13 @@


                ERR_CONTROL_INSUFFICIENT_ACCESS_RIGHTS.get(oid));


            }




          try


          {


            if (! filter.matchesEntry(entry))


            {


              throw new DirectoryException(ResultCode.ASSERTION_FAILED,


                                           ERR_DELETE_ASSERTION_FAILED.get(


                                                String.valueOf(entryDN)));


                  ERR_DELETE_ASSERTION_FAILED.get(String


                      .valueOf(entryDN)));


            }


          }


          catch (DirectoryException de)


@@ -563,7 +579,7 @@


              TRACER.debugCaught(DebugLogLevel.ERROR, de);


            }




            throw new DirectoryException(ResultCode.PROTOCOL_ERROR,


            throw new DirectoryException(de.getResultCode(),


                           ERR_DELETE_CANNOT_PROCESS_ASSERTION_FILTER.get(


                                String.valueOf(entryDN),


                                de.getMessageObject()));




 opendj-sdk/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyDNOperation.java


@@ -754,9 +754,23 @@


          LDAPAssertionRequestControl assertControl =


                getRequestControl(LDAPAssertionRequestControl.DECODER);




          SearchFilter filter;


          try


          {


            SearchFilter filter = assertControl.getSearchFilter();


            filter = assertControl.getSearchFilter();


          }


          catch (DirectoryException de)


          {


            if (debugEnabled())


            {


              TRACER.debugCaught(DebugLogLevel.ERROR, de);


            }




            throw new DirectoryException(de.getResultCode(),


                           ERR_MODDN_CANNOT_PROCESS_ASSERTION_FILTER.get(


                                String.valueOf(entryDN),


                                de.getMessageObject()));


          }




            // Check if the current user has permission to make


            // this determination.


@@ -768,11 +782,13 @@


                ERR_CONTROL_INSUFFICIENT_ACCESS_RIGHTS.get(oid));


            }




          try


          {


            if (! filter.matchesEntry(currentEntry))


            {


              throw new DirectoryException(ResultCode.ASSERTION_FAILED,


                                           ERR_MODDN_ASSERTION_FAILED.get(


                                                String.valueOf(entryDN)));


                  ERR_MODDN_ASSERTION_FAILED.get(String


                      .valueOf(entryDN)));


            }


          }


          catch (DirectoryException de)


@@ -787,7 +803,7 @@


              TRACER.debugCaught(DebugLogLevel.ERROR, de);


            }




            throw new DirectoryException(ResultCode.PROTOCOL_ERROR,


            throw new DirectoryException(de.getResultCode(),


                           ERR_MODDN_CANNOT_PROCESS_ASSERTION_FILTER.get(


                                String.valueOf(entryDN),


                                de.getMessageObject()));




 opendj-sdk/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java


@@ -780,9 +780,23 @@


          LDAPAssertionRequestControl assertControl =


                getRequestControl(LDAPAssertionRequestControl.DECODER);




          SearchFilter filter;


          try


          {


            SearchFilter filter = assertControl.getSearchFilter();


            filter = assertControl.getSearchFilter();


          }


          catch (DirectoryException de)


          {


            if (debugEnabled())


            {


              TRACER.debugCaught(DebugLogLevel.ERROR, de);


            }




            throw new DirectoryException(de.getResultCode(),


                           ERR_MODIFY_CANNOT_PROCESS_ASSERTION_FILTER.get(


                                String.valueOf(entryDN),


                                de.getMessageObject()));


          }




            // Check if the current user has permission to make


            // this determination.


@@ -794,11 +808,13 @@


                ERR_CONTROL_INSUFFICIENT_ACCESS_RIGHTS.get(oid));


            }




          try


          {


            if (! filter.matchesEntry(currentEntry))


            {


              throw new DirectoryException(ResultCode.ASSERTION_FAILED,


                                           ERR_MODIFY_ASSERTION_FAILED.get(


                                                String.valueOf(entryDN)));


                  ERR_MODIFY_ASSERTION_FAILED.get(String


                      .valueOf(entryDN)));


            }


          }


          catch (DirectoryException de)


@@ -813,7 +829,7 @@


              TRACER.debugCaught(DebugLogLevel.ERROR, de);


            }




            throw new DirectoryException(ResultCode.PROTOCOL_ERROR,


            throw new DirectoryException(de.getResultCode(),


                           ERR_MODIFY_CANNOT_PROCESS_ASSERTION_FILTER.get(


                                String.valueOf(entryDN),


                                de.getMessageObject()));




 opendj-sdk/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendSearchOperation.java


@@ -359,9 +359,24 @@


          LDAPAssertionRequestControl assertControl =


                getRequestControl(LDAPAssertionRequestControl.DECODER);




          SearchFilter assertionFilter;




          try


          {


            SearchFilter assertionFilter = assertControl.getSearchFilter();


            assertionFilter = assertControl.getSearchFilter();


          }


          catch (DirectoryException de)


          {


            if (debugEnabled())


            {


              TRACER.debugCaught(DebugLogLevel.ERROR, de);


            }




            throw new DirectoryException(de.getResultCode(),


                           ERR_SEARCH_CANNOT_PROCESS_ASSERTION_FILTER.get(


                                de.getMessageObject()), de);


          }




            Entry entry;


            try


            {


@@ -395,6 +410,7 @@


                ERR_CONTROL_INSUFFICIENT_ACCESS_RIGHTS.get(oid));


            }




          try {


            if (! assertionFilter.matchesEntry(entry))


            {


              throw new DirectoryException(ResultCode.ASSERTION_FAILED,


@@ -413,7 +429,7 @@


              TRACER.debugCaught(DebugLogLevel.ERROR, de);


            }




            throw new DirectoryException(ResultCode.PROTOCOL_ERROR,


            throw new DirectoryException(de.getResultCode(),


                           ERR_SEARCH_CANNOT_PROCESS_ASSERTION_FILTER.get(


                                de.getMessageObject()), de);


          }