From 25f97e19ada9abd43b1527eba29a621b80c238ef Mon Sep 17 00:00:00 2001
From: Chris Ridd <chris.ridd@forgerock.com>
Date: Tue, 07 Aug 2012 15:55:36 +0000
Subject: [PATCH] Fix OPENDJ-558 Validation for JPEGSyntax values
---
opends/resource/schema/02-config.ldif | 6 +
opends/src/admin/messages/JPEGAttributeSyntaxCfgDefn.properties | 6 +
opends/resource/admin/abbreviations.xsl | 4
opends/src/admin/defn/org/opends/server/admin/std/JPEGAttributeSyntaxConfiguration.xml | 71 +++++++++++++++++
opends/src/server/org/opends/server/schema/JPEGSyntax.java | 98 ++++++++++++++++++++++-
opends/resource/config/config.ldif | 2
6 files changed, 178 insertions(+), 9 deletions(-)
diff --git a/opends/resource/admin/abbreviations.xsl b/opends/resource/admin/abbreviations.xsl
index 91969fa..256ba7d 100644
--- a/opends/resource/admin/abbreviations.xsl
+++ b/opends/resource/admin/abbreviations.xsl
@@ -23,7 +23,7 @@
!
!
! Copyright 2008-2009 Sun Microsystems, Inc.
- ! Portions copyright 2011 ForgeRock AS
+ ! Portions copyright 2011-2012 ForgeRock AS
! -->
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
@@ -54,7 +54,7 @@
or $value = 'sha384' or $value = 'sha512' or $value = 'tls'
or $value = 'des' or $value = 'aes' or $value = 'rc4'
or $value = 'db' or $value = 'snmp' or $value = 'qos'
- or $value = 'ecl' or $value = 'ttl'
+ or $value = 'ecl' or $value = 'ttl' or $value = 'jpeg'
"/>
</xsl:template>
</xsl:stylesheet>
diff --git a/opends/resource/config/config.ldif b/opends/resource/config/config.ldif
index cc9e977..1337096 100644
--- a/opends/resource/config/config.ldif
+++ b/opends/resource/config/config.ldif
@@ -2160,9 +2160,11 @@
dn: cn=JPEG,cn=Syntaxes,cn=config
objectClass: top
objectClass: ds-cfg-attribute-syntax
+objectClass: ds-cfg-jpeg-attribute-syntax
cn: JPEG
ds-cfg-java-class: org.opends.server.schema.JPEGSyntax
ds-cfg-enabled: true
+ds-cfg-strict-format: false
dn: cn=LDAP Syntax Description,cn=Syntaxes,cn=config
objectClass: top
diff --git a/opends/resource/schema/02-config.ldif b/opends/resource/schema/02-config.ldif
index 8d36825..c9271f4 100644
--- a/opends/resource/schema/02-config.ldif
+++ b/opends/resource/schema/02-config.ldif
@@ -5148,3 +5148,9 @@
STRUCTURAL
MAY ds-cfg-strict-format
X-ORIGIN 'OpenDJ Directory Server' )
+objectClasses: ( 1.3.6.1.4.1.36733.2.1.2.11
+ NAME 'ds-cfg-jpeg-attribute-syntax'
+ SUP ds-cfg-attribute-syntax
+ STRUCTURAL
+ MAY ds-cfg-strict-format
+ X-ORIGIN 'OpenDJ Directory Server' )
diff --git a/opends/src/admin/defn/org/opends/server/admin/std/JPEGAttributeSyntaxConfiguration.xml b/opends/src/admin/defn/org/opends/server/admin/std/JPEGAttributeSyntaxConfiguration.xml
new file mode 100644
index 0000000..e4c642f
--- /dev/null
+++ b/opends/src/admin/defn/org/opends/server/admin/std/JPEGAttributeSyntaxConfiguration.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2012 ForgeRock AS
+ ! -->
+<adm:managed-object name="jpeg-attribute-syntax"
+ plural-name="jpeg-attribute-syntaxes"
+ extends="attribute-syntax" package="org.opends.server.admin.std"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ define an attribute syntax for storing JPEG information.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-jpeg-attribute-syntax</ldap:name>
+ <ldap:superior>ds-cfg-attribute-syntax</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.schema.JPEGSyntax
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="strict-format" advanced="true">
+ <adm:synopsis>
+ Indicates whether to require JPEG values to strictly
+ comply with the standard definition for this syntax.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-strict-format</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opends/src/admin/messages/JPEGAttributeSyntaxCfgDefn.properties b/opends/src/admin/messages/JPEGAttributeSyntaxCfgDefn.properties
new file mode 100644
index 0000000..19a71d1
--- /dev/null
+++ b/opends/src/admin/messages/JPEGAttributeSyntaxCfgDefn.properties
@@ -0,0 +1,6 @@
+user-friendly-name=JPEG Attribute Syntax
+user-friendly-plural-name=JPEG Attribute Syntaxes
+synopsis=JPEG Attribute Syntaxes define an attribute syntax for storing JPEG information.
+property.enabled.synopsis=Indicates whether the JPEG Attribute Syntax is enabled.
+property.java-class.synopsis=Specifies the fully-qualified name of the Java class that provides the JPEG Attribute Syntax implementation.
+property.strict-format.synopsis=Indicates whether to require JPEG values to strictly comply with the standard definition for this syntax.
diff --git a/opends/src/server/org/opends/server/schema/JPEGSyntax.java b/opends/src/server/org/opends/server/schema/JPEGSyntax.java
index 1e858b7..9a45270 100644
--- a/opends/src/server/org/opends/server/schema/JPEGSyntax.java
+++ b/opends/src/server/org/opends/server/schema/JPEGSyntax.java
@@ -24,12 +24,16 @@
*
* Copyright 2006-2008 Sun Microsystems, Inc.
* Portions Copyright 2012 ForgeRock AS
+ *
*/
package org.opends.server.schema;
-import org.opends.server.admin.std.server.AttributeSyntaxCfg;
+import java.util.List;
+
+import org.opends.server.admin.server.ConfigurationChangeListener;
+import org.opends.server.admin.std.server.JPEGAttributeSyntaxCfg;
import org.opends.server.api.ApproximateMatchingRule;
import org.opends.server.api.AttributeSyntax;
import org.opends.server.api.EqualityMatchingRule;
@@ -38,22 +42,31 @@
import org.opends.server.config.ConfigException;
import org.opends.server.core.DirectoryServer;
import org.opends.server.types.ByteSequence;
+import org.opends.server.types.ConfigChangeResult;
+import org.opends.server.types.ResultCode;
import static org.opends.server.loggers.ErrorLogger.*;
import static org.opends.messages.SchemaMessages.*;
+
+import org.opends.messages.Message;
import org.opends.messages.MessageBuilder;
import static org.opends.server.schema.SchemaConstants.*;
/**
- * This class implements the JPEG attribute syntax. This should be restricted
- * to holding only JPEG image contents, but we will accept any set of bytes. It
- * will be treated much like the octet string attribute syntax.
+ * This class implements the JPEG attribute syntax. This is actually
+ * two specifications - JPEG and JFIF. As an extension we allow JPEG
+ * and Exif, which is what most digital cameras use. We only check for
+ * valid JFIF and Exif headers.
*/
public class JPEGSyntax
- extends AttributeSyntax<AttributeSyntaxCfg>
+ extends AttributeSyntax<JPEGAttributeSyntaxCfg>
+ implements ConfigurationChangeListener<JPEGAttributeSyntaxCfg>
{
+ // Indicates whether this syntax should operate in strict mode.
+ private boolean strictMode;
+
// The default equality matching rule for this syntax.
private EqualityMatchingRule defaultEqualityMatchingRule;
@@ -63,6 +76,9 @@
// The default substring matching rule for this syntax.
private SubstringMatchingRule defaultSubstringMatchingRule;
+ // The current configuration for this JPEG syntax.
+ private JPEGAttributeSyntaxCfg currentConfig;
+
/**
@@ -81,7 +97,7 @@
/**
* {@inheritDoc}
*/
- public void initializeSyntax(AttributeSyntaxCfg configuration)
+ public void initializeSyntax(JPEGAttributeSyntaxCfg configuration)
throws ConfigException
{
defaultEqualityMatchingRule =
@@ -107,6 +123,17 @@
logError(ERR_ATTR_SYNTAX_UNKNOWN_SUBSTRING_MATCHING_RULE.get(
SMR_OCTET_STRING_OID, SYNTAX_JPEG_NAME));
}
+
+ // We may or may not have access to the config entry. If we do, then see if
+ // we should use the strict compliance mode. If not, just assume that we
+ // won't.
+ strictMode = false;
+ if (configuration != null)
+ {
+ currentConfig = configuration;
+ currentConfig.addJPEGChangeListener(this);
+ strictMode = currentConfig.isStrictFormat();
+ }
}
@@ -223,7 +250,49 @@
public boolean valueIsAcceptable(ByteSequence value,
MessageBuilder invalidReason)
{
- // All values will be acceptable for the JPEG syntax.
+ // anything is acceptable if we're not strict.
+ if (strictMode == false)
+ return true;
+
+ /* JFIF files start:
+ * 0xff 0xd8 0xff 0xe0 LH LL 0x4a 0x46 0x49 0x46 ...
+ * SOI APP0 len "JFIF"
+ *
+ * Exif files (from most digital cameras) start:
+ * 0xff 0xd8 0xff 0xe1 LH LL 0x45 0x78 0x69 0x66 ...
+ * SOI APP1 len "Exif"
+ *
+ * So all legal values must be at least 10 bytes long
+ */
+ if (value.length() < 10)
+ return false;
+
+ if (value.byteAt(0) != (byte)0xff && value.byteAt(1) != (byte)0xd8)
+ return false;
+
+ if (value.byteAt(2) == (byte)0xff && value.byteAt(3) == (byte)0xe0 &&
+ value.byteAt(6) == 'J' && value.byteAt(7) == 'F' &&
+ value.byteAt(8) == 'I' && value.byteAt(9) == 'F')
+ return true;
+
+ if (value.byteAt(2) == (byte)0xff && value.byteAt(3) == (byte)0xe1 &&
+ value.byteAt(6) == 'E' && value.byteAt(7) == 'x' &&
+ value.byteAt(8) == 'i' && value.byteAt(9) == 'f')
+ return true;
+
+ // No JFIF or Exif header found
+ return false;
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public boolean isConfigurationChangeAcceptable(
+ JPEGAttributeSyntaxCfg configuration,
+ List<Message> unacceptableReasons)
+ {
+ // The configuration will always be acceptable.
return true;
}
@@ -232,6 +301,21 @@
/**
* {@inheritDoc}
*/
+ public ConfigChangeResult applyConfigurationChange(
+ JPEGAttributeSyntaxCfg configuration)
+ {
+ currentConfig = configuration;
+ strictMode = configuration.isStrictFormat();
+
+ return new ConfigChangeResult(ResultCode.SUCCESS, false);
+ }
+
+
+
+
+ /**
+ * {@inheritDoc}
+ */
public boolean isBinary()
{
return false;
--
Gitblit v1.10.0