From 0b3e7244c6e8eb60da49d12cc7c34391c4909136 Mon Sep 17 00:00:00 2001
From: ludovicp <ludovicp@localhost>
Date: Fri, 28 May 2010 09:36:38 +0000
Subject: [PATCH] Fix for issue #4390. Reject malformed RDNs in ModifyDN requests. Tests updated.

---
 opends/tests/unit-tests-testng/src/server/org/opends/server/types/TestRDN.java              |    4 +-
 opends/src/messages/messages/core.properties                                                |    4 +
 opends/tests/unit-tests-testng/src/server/org/opends/server/core/TestModifyDNOperation.java |   44 ++++++++++++++++++++--
 opends/src/server/org/opends/server/types/RDN.java                                          |   26 +++----------
 4 files changed, 51 insertions(+), 27 deletions(-)

diff --git a/opends/src/messages/messages/core.properties b/opends/src/messages/messages/core.properties
index 2cdf09d..96ba3db 100644
--- a/opends/src/messages/messages/core.properties
+++ b/opends/src/messages/messages/core.properties
@@ -1831,4 +1831,6 @@
 INFO_RESULT_UNDEFINED_725=Undefined
 SEVERE_ERR_PWPOLICY_NO_PWDPOLICY_OC_726=The entry %s does not contain the \
  pwdPolicy objectclass, which is required for Directory Server password policy
-
+MILD_ERR_RDN_MISSING_ATTRIBUTE_VALUE_727=Unable to decode the provided string "%s" \
+ as a relative distinguished name because it does not contain a value \
+ for attribute type %s
diff --git a/opends/src/server/org/opends/server/types/RDN.java b/opends/src/server/org/opends/server/types/RDN.java
index 97426aa..247e09b 100644
--- a/opends/src/server/org/opends/server/types/RDN.java
+++ b/opends/src/server/org/opends/server/types/RDN.java
@@ -22,7 +22,7 @@
  * CDDL HEADER END
  *
  *
- *      Copyright 2006-2009 Sun Microsystems, Inc.
+ *      Copyright 2006-2010 Sun Microsystems, Inc.
  */
 package org.opends.server.types;
 import org.opends.messages.Message;
@@ -672,29 +672,15 @@
 
 
     // If we are at the end of the RDN string, then that must mean
-    // that the attribute value was empty.  This will probably never
-    // happen in a real-world environment, but technically isn't
-    // illegal.  If it does happen, then go ahead and return the RDN.
+    // that the attribute value was empty.
     if (pos >= length)
     {
       String        name      = attributeName.toString();
       String        lowerName = toLowerCase(name);
-      AttributeType attrType  =
-           DirectoryServer.getAttributeType(lowerName);
-
-      if (attrType == null)
-      {
-        // This must be an attribute type that we don't know about.
-        // In that case, we'll create a new attribute using the
-        // default syntax.  If this is a problem, it will be caught
-        // later either by not finding the target entry or by not
-        // allowing the entry to be added.
-        attrType = DirectoryServer.getDefaultAttributeType(name);
-      }
-
-      AttributeValue value = AttributeValues.create(
-          ByteString.empty(), ByteString.empty());
-      return new RDN(attrType, name, value);
+     Message message = ERR_RDN_MISSING_ATTRIBUTE_VALUE.get(rdnString,
+             lowerName);
+      throw new DirectoryException(ResultCode.INVALID_DN_SYNTAX,
+                                   message);
     }
 
 
diff --git a/opends/tests/unit-tests-testng/src/server/org/opends/server/core/TestModifyDNOperation.java b/opends/tests/unit-tests-testng/src/server/org/opends/server/core/TestModifyDNOperation.java
index a7fbffd..a759f3e 100644
--- a/opends/tests/unit-tests-testng/src/server/org/opends/server/core/TestModifyDNOperation.java
+++ b/opends/tests/unit-tests-testng/src/server/org/opends/server/core/TestModifyDNOperation.java
@@ -22,7 +22,7 @@
  * CDDL HEADER END
  *
  *
- *      Copyright 2006-2009 Sun Microsystems, Inc.
+ *      Copyright 2006-2010 Sun Microsystems, Inc.
  */
 package org.opends.server.core;
 
@@ -34,15 +34,12 @@
 import static org.testng.Assert.assertTrue;
 import static org.testng.Assert.assertFalse;
 import org.opends.server.protocols.internal.InternalClientConnection;
-import org.opends.server.protocols.asn1.ASN1Reader;
-import org.opends.server.protocols.asn1.ASN1Writer;
 import org.opends.server.protocols.ldap.*;
 import org.opends.server.types.*;
 import org.opends.server.TestCaseUtils;
 import org.opends.server.util.ServerConstants;
 import org.opends.server.controls.ProxiedAuthV1Control;
 import org.opends.server.controls.ProxiedAuthV2Control;
-import org.opends.server.controls.LDAPAssertionRequestControl;
 import org.opends.server.plugins.InvocationCounterPlugin;
 import org.opends.server.plugins.ShortCircuitPlugin;
 import org.opends.server.tools.LDAPModify;
@@ -53,6 +50,11 @@
 import java.util.List;
 import java.util.concurrent.locks.Lock;
 import java.net.Socket;
+import java.util.Hashtable;
+import javax.naming.Context;
+import javax.naming.InvalidNameException;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.InitialDirContext;
 
 public class TestModifyDNOperation extends OperationTestCase
 {
@@ -1513,5 +1515,39 @@
     modifyDNOperation.run();
     assertEquals(modifyDNOperation.getResultCode(), ResultCode.CANCELED);
   }
+
+
+  /**
+   * Tests whether an invalid rdn is allowed during an modrdn operation.
+   * This test uses a valid attribute type with an empty value.
+   *
+   * @throws Exception
+   */
+  @Test(expectedExceptions=InvalidNameException.class)
+  public void testInvalidModRDN() throws Exception
+  {
+    Hashtable<String,String> env = new Hashtable<String,String>();
+    env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
+    String url = "ldap://localhost:" + TestCaseUtils.getServerLdapPort()
+            +"/dc=example,dc=com";
+    env.put(Context.PROVIDER_URL,url);
+    env.put(Context.SECURITY_AUTHENTICATION, "simple");
+    env.put(Context.SECURITY_PRINCIPAL, "cn=directory manager");
+    env.put(Context.SECURITY_CREDENTIALS, "password");
+
+    env.put("java.naming.ldap.deleteRDN", "true");  // default is 'true'
+    /* Create the initial context */
+    DirContext ctx = new InitialDirContext(env);
+    try
+    {
+      ctx.rename("uid=user.0,ou=People,dc=example,dc=com",
+                   "uid=,ou=People,dc=example,dc=com");
+    }
+    finally
+    {
+      /* Close the context when it's done */
+      ctx.close();
+    }
+  }
 }
 
diff --git a/opends/tests/unit-tests-testng/src/server/org/opends/server/types/TestRDN.java b/opends/tests/unit-tests-testng/src/server/org/opends/server/types/TestRDN.java
index 2c6d196..4cc1358 100644
--- a/opends/tests/unit-tests-testng/src/server/org/opends/server/types/TestRDN.java
+++ b/opends/tests/unit-tests-testng/src/server/org/opends/server/types/TestRDN.java
@@ -22,7 +22,7 @@
  * CDDL HEADER END
  *
  *
- *      Copyright 2006-2009 Sun Microsystems, Inc.
+ *      Copyright 2006-2010 Sun Microsystems, Inc.
  */
 package org.opends.server.types;
 
@@ -238,7 +238,7 @@
             "ou=\u55b6\u696d\u90e8" },
         { "photo=\\ john \\ ", "photo=\\ john \\ ",
             "photo=\\ john \\ " },
-        { "AB-global=", "ab-global=", "AB-global=" },
+     //   { "AB-global=", "ab-global=", "AB-global=" },
         { "cn=John+a=", "a=+cn=john", "cn=John+a=" },
         { "OID.1.3.6.1.4.1.1466.0=#04024869",
             //Unicode codepoints from 0000-0008 are mapped to nothing.

--
Gitblit v1.10.0