From bdd7fafc56563eba2413d62794bed388a7a2be69 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Thu, 05 Jul 2007 06:44:14 +0000
Subject: [PATCH] Update the LDAPFilter code so that the process for decoding filters from strings will perform more strict checking to ensure that the attribute description in a simple filter contains only valid characters.  This will catch filters that are invalid but were not properly rejected, like "((uid=user.0))", "(&&(uid=user.0))", or "!uid=user.0".

---
 opends/src/server/org/opends/server/messages/ProtocolMessages.java |   30 ++++++++++++++++++++++--------
 1 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/opends/src/server/org/opends/server/messages/ProtocolMessages.java b/opends/src/server/org/opends/server/messages/ProtocolMessages.java
index a305e3c..f96dac6 100644
--- a/opends/src/server/org/opends/server/messages/ProtocolMessages.java
+++ b/opends/src/server/org/opends/server/messages/ProtocolMessages.java
@@ -4609,14 +4609,13 @@
 
   /**
    * The message ID for the message that will be used if an LDAP search filter
-   * is enclosed in apostrophes ("single-quotes").
-   * (FIXME -- This error is a workaround for
-   * https://opends.dev.java.net/issues/show_bug.cgi?id=1024. A correct fix
-   * is to validate the characters used in the attribute type.
+   * is enclosed in apostrophes ("single-quotes").  See issue #1024.
    */
   public static final int MSGID_LDAP_FILTER_ENCLOSED_IN_APOSTROPHES =
        CATEGORY_MASK_PROTOCOL | SEVERITY_MASK_MILD_ERROR | 427;
 
+
+
   /**
    * The message ID for the message that will be used as the description of the
    * configuration attribute specifying whether to enable the LDAPS
@@ -4625,6 +4624,19 @@
   public static final int MSGID_JMX_CONNHANDLER_DESCRIPTION_ENABLE =
        CATEGORY_MASK_PROTOCOL | SEVERITY_MASK_INFORMATIONAL | 428;
 
+
+
+  /**
+   * The message ID for the message that will be used if an LDAP search filter
+   * includes an invalid character in an attribute type.  This takes three
+   * arguments, which are the attribute type, the illegal character, and the
+   * position at which it occurred.
+   */
+  public static final int MSGID_LDAP_FILTER_INVALID_CHAR_IN_ATTR_TYPE =
+       CATEGORY_MASK_PROTOCOL | SEVERITY_MASK_MILD_ERROR | 429;
+
+
+
   /**
    * Associates a set of generic messages with the message IDs defined in this
    * class.
@@ -5410,6 +5422,12 @@
                     "The provided search filter \"%s\" could not be decoded " +
                     "because the NOT filter between positions %d and %d " +
                     "did not contain exactly one filter component");
+    registerMessage(MSGID_LDAP_FILTER_ENCLOSED_IN_APOSTROPHES,
+                    "An LDAP filter enclosed in apostrophes is invalid:  %s");
+    registerMessage(MSGID_LDAP_FILTER_INVALID_CHAR_IN_ATTR_TYPE,
+                    "The provided search filter contains an invalid " +
+                    "attribute type '%s' with invalid character '%s' at " +
+                    "position %d");
 
 
     registerMessage(MSGID_LDAP_CLIENT_SEND_RESPONSE_NO_RESULT_CODE,
@@ -6605,10 +6623,6 @@
     registerMessage(MSGID_CANNOT_DECODE_GETEFFECTIVERIGHTS_AUTHZID_DN,
                     "Unable to decode authzid DN string \"%s\" as a valid " +
                     "distinguished name:  %s");
-
-
-    registerMessage(MSGID_LDAP_FILTER_ENCLOSED_IN_APOSTROPHES,
-                    "An LDAP filter enclosed in apostrophes is invalid:  %s");
   }
 }
 

--
Gitblit v1.10.0