From 8e6fb9432151fd9eb49efe6937034e27c30a6545 Mon Sep 17 00:00:00 2001
From: Jean-Noël Rouvignac <jean-noel.rouvignac@forgerock.com>
Date: Fri, 01 Apr 2016 10:32:18 +0000
Subject: [PATCH] OPENDJ-2777 Invalid attribute syntax not caught with ldapmodify for badly shaped aci
---
opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/ParentInheritance.java | 7 -
opendj-server-legacy/src/main/java/org/opends/guitools/controlpanel/browser/NodeRefresher.java | 3
opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/UserAttr.java | 3
opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/UserDN.java | 44 ++++------
opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/DN2URI.java | 17 +---
opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/GroupDN.java | 6 -
opendj-server-legacy/src/main/java/org/opends/guitools/controlpanel/ui/ErrorSearchingEntryPanel.java | 124 ++++++++++++++++--------------
opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/Target.java | 3
opendj-server-legacy/src/main/java/org/opends/server/extensions/DynamicGroup.java | 9 +-
opendj-server-legacy/src/main/java/org/opends/guitools/controlpanel/ui/NewGroupPanel.java | 4
10 files changed, 107 insertions(+), 113 deletions(-)
diff --git a/opendj-server-legacy/src/main/java/org/opends/guitools/controlpanel/browser/NodeRefresher.java b/opendj-server-legacy/src/main/java/org/opends/guitools/controlpanel/browser/NodeRefresher.java
index 82b0cb7..42c6623 100644
--- a/opendj-server-legacy/src/main/java/org/opends/guitools/controlpanel/browser/NodeRefresher.java
+++ b/opendj-server-legacy/src/main/java/org/opends/guitools/controlpanel/browser/NodeRefresher.java
@@ -33,6 +33,7 @@
import javax.swing.SwingUtilities;
import javax.swing.tree.TreeNode;
+import org.forgerock.i18n.LocalizedIllegalArgumentException;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.RDN;
import org.forgerock.opendj.ldap.SearchScope;
@@ -562,7 +563,7 @@
catch (InterruptedNamingException x) {
throwAbandonIfNeeded(x);
}
- catch (NamingException | DirectoryException x) {
+ catch (NamingException | LocalizedIllegalArgumentException | DirectoryException x) {
lastException = x;
lastExceptionArg = referral[i];
}
diff --git a/opendj-server-legacy/src/main/java/org/opends/guitools/controlpanel/ui/ErrorSearchingEntryPanel.java b/opendj-server-legacy/src/main/java/org/opends/guitools/controlpanel/ui/ErrorSearchingEntryPanel.java
index 5c180f4..afd8a07 100644
--- a/opendj-server-legacy/src/main/java/org/opends/guitools/controlpanel/ui/ErrorSearchingEntryPanel.java
+++ b/opendj-server-legacy/src/main/java/org/opends/guitools/controlpanel/ui/ErrorSearchingEntryPanel.java
@@ -12,9 +12,8 @@
* information: "Portions Copyright [year] [name of copyright owner]".
*
* Copyright 2008-2010 Sun Microsystems, Inc.
- * Portions Copyright 2014 ForgeRock AS.
+ * Portions Copyright 2014-2016 ForgeRock AS.
*/
-
package org.opends.guitools.controlpanel.ui;
import java.awt.Component;
@@ -37,9 +36,7 @@
import static org.opends.messages.AdminToolMessages.*;
-/**
- * The panel that is displayed when there is an error searching an entry.
- */
+/** The panel that is displayed when there is an error searching an entry. */
public class ErrorSearchingEntryPanel extends StatusGenericPanel
{
private static final long serialVersionUID = -8460172599072631973L;
@@ -47,7 +44,6 @@
/** Default constructor. */
public ErrorSearchingEntryPanel()
{
- super();
GridBagConstraints gbc = new GridBagConstraints();
gbc.gridx = 0;
gbc.gridy = 0;
@@ -135,58 +131,7 @@
if (ex instanceof NamingException)
{
Object arg = error.getArg();
- LocalizableMessage msg = null;
- if (arg != null)
- {
- // Maybe is the LDAPURL
- try
- {
- LDAPURL url = LDAPURL.decode(arg.toString(), false);
- if (url.getHost() != null)
- {
- String hostPort = url.getHost()+":"+url.getPort();
- if (ex instanceof ReferralLimitExceededException)
- {
- msg = LocalizableMessage.raw(ex.getLocalizedMessage());
- }
- else if (ex instanceof NameNotFoundException)
- {
- msg = ERR_CTRL_PANEL_COULD_NOT_FIND_PROVIDED_ENTRY_IN_REFERRAL.get(arg, hostPort);
- }
- else
- {
- msg = getMessageForException((NamingException) ex, hostPort);
- }
- }
- else if (ex instanceof ReferralLimitExceededException)
- {
- msg = LocalizableMessage.raw(ex.getLocalizedMessage());
- }
- else if (ex instanceof NameNotFoundException)
- {
- msg = ERR_CTRL_PANEL_COULD_NOT_FIND_PROVIDED_ENTRY_IN_REFERRAL_NO_HOST.get(arg);
- }
- else
- {
- msg = Utils.getMessageForException((NamingException)ex);
- }
- }
- catch (Throwable t)
- {
- }
- }
-
- if (msg == null)
- {
- if (ex instanceof ReferralLimitExceededException)
- {
- msg = LocalizableMessage.raw(ex.getLocalizedMessage());
- }
- else
- {
- msg = Utils.getMessageForException((NamingException)ex);
- }
- }
+ LocalizableMessage msg = getErrorMsg(ex, arg);
if (arg != null)
{
details.append("<br><br>").append(ERR_CTRL_PANEL_RESOLVING_REFERRAL_DETAILS.get(arg, msg));
@@ -209,4 +154,67 @@
updateErrorPane(errorPane, title, ColorAndFontConstants.errorTitleFont,
details.toMessage(), ColorAndFontConstants.defaultFont);
}
+
+ private LocalizableMessage getErrorMsg(Exception ex, Object arg)
+ {
+ LocalizableMessage msg = getErrorMsg0(ex, arg);
+ if (msg != null)
+ {
+ return msg;
+ }
+ else if (ex instanceof ReferralLimitExceededException)
+ {
+ return LocalizableMessage.raw(ex.getLocalizedMessage());
+ }
+ else
+ {
+ return Utils.getMessageForException((NamingException) ex);
+ }
+ }
+
+ private LocalizableMessage getErrorMsg0(Exception ex, Object arg)
+ {
+ if (arg == null)
+ {
+ return null;
+ }
+
+ // Maybe arg is an LDAPURL
+ try
+ {
+ LDAPURL url = LDAPURL.decode(arg.toString(), false);
+ if (url.getHost() != null)
+ {
+ String hostPort = url.getHost() + ":" + url.getPort();
+ if (ex instanceof ReferralLimitExceededException)
+ {
+ return LocalizableMessage.raw(ex.getLocalizedMessage());
+ }
+ else if (ex instanceof NameNotFoundException)
+ {
+ return ERR_CTRL_PANEL_COULD_NOT_FIND_PROVIDED_ENTRY_IN_REFERRAL.get(arg, hostPort);
+ }
+ else
+ {
+ return getMessageForException((NamingException) ex, hostPort);
+ }
+ }
+ else if (ex instanceof ReferralLimitExceededException)
+ {
+ return LocalizableMessage.raw(ex.getLocalizedMessage());
+ }
+ else if (ex instanceof NameNotFoundException)
+ {
+ return ERR_CTRL_PANEL_COULD_NOT_FIND_PROVIDED_ENTRY_IN_REFERRAL_NO_HOST.get(arg);
+ }
+ else
+ {
+ return Utils.getMessageForException((NamingException) ex);
+ }
+ }
+ catch (Throwable t)
+ {
+ return null;
+ }
+ }
}
diff --git a/opendj-server-legacy/src/main/java/org/opends/guitools/controlpanel/ui/NewGroupPanel.java b/opendj-server-legacy/src/main/java/org/opends/guitools/controlpanel/ui/NewGroupPanel.java
index d50f780..e7e54c3 100644
--- a/opendj-server-legacy/src/main/java/org/opends/guitools/controlpanel/ui/NewGroupPanel.java
+++ b/opendj-server-legacy/src/main/java/org/opends/guitools/controlpanel/ui/NewGroupPanel.java
@@ -242,9 +242,9 @@
{
LDAPURL.decode(f, true);
}
- catch (OpenDsException ode)
+ catch (LocalizedIllegalArgumentException | OpenDsException e)
{
- errors.add(ERR_CTRL_PANEL_GROUP_FILTER_NOT_VALID.get(ode.getMessageObject()));
+ errors.add(ERR_CTRL_PANEL_GROUP_FILTER_NOT_VALID.get(e.getMessageObject()));
}
}
if (errorFound)
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/GroupDN.java b/opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/GroupDN.java
index 9d9b6c4..fb4757e 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/GroupDN.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/GroupDN.java
@@ -87,10 +87,8 @@
String value = ldapURLMatcher.group(ldapURLPos).trim();
DN dn=LDAPURL.decode(value, true).getBaseDN();
groupDNs.add(dn);
- } catch (DirectoryException ex) {
- LocalizableMessage message = WARN_ACI_SYNTAX_INVALID_GROUPDN_URL.get(
- ex.getMessageObject());
- throw new AciException(message);
+ } catch (LocalizedIllegalArgumentException | DirectoryException e) {
+ throw new AciException(WARN_ACI_SYNTAX_INVALID_GROUPDN_URL.get(e.getMessageObject()));
}
}
return new GroupDN(type, groupDNs);
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/ParentInheritance.java b/opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/ParentInheritance.java
index 1823959..235da0a 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/ParentInheritance.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/ParentInheritance.java
@@ -17,6 +17,7 @@
package org.opends.server.authorization.dseecompat;
import org.forgerock.i18n.LocalizableMessage;
+import org.forgerock.i18n.LocalizedIllegalArgumentException;
import static org.opends.messages.AccessControlMessages.*;
import static org.opends.server.authorization.dseecompat.Aci.*;
@@ -176,10 +177,8 @@
throw new AciException(message);
}
attrTypeStr=attrs.iterator().next();
- } catch (DirectoryException ex) {
- LocalizableMessage message = WARN_ACI_SYNTAX_INVALID_USERATTR_URL.get(
- ex.getMessageObject());
- throw new AciException(message);
+ } catch (LocalizedIllegalArgumentException | DirectoryException ex) {
+ throw new AciException(WARN_ACI_SYNTAX_INVALID_USERATTR_URL.get(ex.getMessageObject()));
}
}
numLevels=1;
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/Target.java b/opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/Target.java
index 1c0ab21..515b66b 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/Target.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/Target.java
@@ -18,6 +18,7 @@
import java.util.regex.Pattern;
+import org.forgerock.i18n.LocalizedIllegalArgumentException;
import org.forgerock.opendj.ldap.DN;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.LDAPURL;
@@ -86,7 +87,7 @@
}
}
}
- catch (DirectoryException e){
+ catch (LocalizedIllegalArgumentException | DirectoryException e) {
throw new AciException(WARN_ACI_SYNTAX_INVALID_TARGETKEYWORD_EXPRESSION.get(target));
}
}
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/UserAttr.java b/opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/UserAttr.java
index 940f69a..1779450 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/UserAttr.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/UserAttr.java
@@ -20,6 +20,7 @@
import java.util.List;
import org.forgerock.i18n.LocalizableMessage;
+import org.forgerock.i18n.LocalizedIllegalArgumentException;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.SearchScope;
@@ -227,7 +228,7 @@
LDAPURL url;
try {
url = LDAPURL.decode(v.toString(), true);
- } catch (DirectoryException e) {
+ } catch (LocalizedIllegalArgumentException | DirectoryException e) {
break;
}
matched=UserDN.evalURL(evalCtx, url);
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/UserDN.java b/opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/UserDN.java
index de54459..aab65e3 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/UserDN.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/UserDN.java
@@ -20,33 +20,28 @@
import java.util.LinkedList;
import java.util.List;
-import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.LocalizedIllegalArgumentException;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.SearchScope;
-import org.opends.server.core.DirectoryServer;
import org.forgerock.opendj.ldap.schema.AttributeType;
-import org.opends.server.types.*;
+import org.opends.server.core.DirectoryServer;
+import org.opends.server.types.Attribute;
+import org.opends.server.types.DirectoryException;
+import org.opends.server.types.Entry;
+import org.opends.server.types.LDAPURL;
+import org.opends.server.types.SearchFilter;
import static org.opends.messages.AccessControlMessages.*;
-/**
- * This class represents the userdn keyword in a bind rule.
- */
+/** This class represents the userdn keyword in a bind rule. */
public class UserDN implements KeywordBindRule {
- /**
- * A dummy URL for invalid URLs such as: all, parent, anyone, self.
- */
- private static String urlStr="ldap:///";
+ /** A dummy URL for invalid URLs such as: all, parent, anyone, self. */
+ private static final String URL_STR = "ldap:///";
- /**
- * This list holds a list of objects representing a EnumUserDNType
- * URL mapping.
- */
+ /** This list holds a list of objects representing a EnumUserDNType URL mapping. */
private List<UserDNTypeURL> urlList;
-
/** Enumeration of the userdn operation type. */
private EnumBindRuleType type;
@@ -94,13 +89,10 @@
LDAPURL url;
try {
url=LDAPURL.decode(value.toString(), true);
- } catch (DirectoryException de) {
- LocalizableMessage message = WARN_ACI_SYNTAX_INVALID_USERDN_URL.get(
- de.getMessageObject());
- throw new AciException(message);
+ } catch (LocalizedIllegalArgumentException | DirectoryException e) {
+ throw new AciException(WARN_ACI_SYNTAX_INVALID_USERDN_URL.get(e.getMessageObject()));
}
- UserDNTypeURL dnTypeURL=new UserDNTypeURL(userDNType, url);
- urlList.add(dnTypeURL);
+ urlList.add(new UserDNTypeURL(userDNType, url));
}
return new UserDN(type, urlList);
}
@@ -144,16 +136,16 @@
type = EnumUserDNType.URL;
} else if(str.equalsIgnoreCase("ldap:///self")) {
type = EnumUserDNType.SELF;
- bldr.replace(0, bldr.length(), urlStr);
+ bldr.replace(0, bldr.length(), URL_STR);
} else if(str.equalsIgnoreCase("ldap:///anyone")) {
type = EnumUserDNType.ANYONE;
- bldr.replace(0, bldr.length(), urlStr);
+ bldr.replace(0, bldr.length(), URL_STR);
} else if(str.equalsIgnoreCase("ldap:///parent")) {
type = EnumUserDNType.PARENT;
- bldr.replace(0, bldr.length(), urlStr);
+ bldr.replace(0, bldr.length(), URL_STR);
} else if(str.equalsIgnoreCase("ldap:///all")) {
type = EnumUserDNType.ALL;
- bldr.replace(0, bldr.length(), urlStr);
+ bldr.replace(0, bldr.length(), URL_STR);
} else if (str.contains("*")) {
type = EnumUserDNType.DNPATTERN;
} else {
@@ -409,7 +401,7 @@
buffer.append(this.type.getType());
for (UserDNTypeURL url : this.urlList) {
buffer.append("\"");
- buffer.append(urlStr);
+ buffer.append(URL_STR);
buffer.append(url.getUserDNType().toString().toLowerCase());
buffer.append("\"");
}
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/DN2URI.java b/opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/DN2URI.java
index b1c3a27..8fb6048 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/DN2URI.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/DN2URI.java
@@ -16,6 +16,7 @@
*/
package org.opends.server.backends.pluggable;
+import static org.forgerock.opendj.ldap.SearchScope.*;
import static org.opends.messages.BackendMessages.*;
import static org.opends.server.backends.pluggable.DnKeyFormat.*;
import static org.opends.server.util.ServerConstants.*;
@@ -518,7 +519,7 @@
}
}
}
- catch (DirectoryException e)
+ catch (LocalizedIllegalArgumentException | DirectoryException e)
{
logger.traceException(e);
// Return the non-LDAP URI as is.
@@ -621,7 +622,7 @@
{
// We have found a subordinate referral.
// Make sure the referral is within scope.
- if (searchOp.getScope() == SearchScope.SINGLE_LEVEL
+ if (searchOp.getScope() == SINGLE_LEVEL
&& DnKeyFormat.findDNKeyParent(cursor.getKey()) != baseDN.length())
{
success = cursor.next();
@@ -670,7 +671,6 @@
try
{
LDAPURL ldapurl = LDAPURL.decode(uri, false);
-
if ("ldap".equalsIgnoreCase(ldapurl.getScheme()))
{
if (ldapurl.getBaseDN().isRootDN())
@@ -678,19 +678,12 @@
ldapurl.setBaseDN(dn);
}
ldapurl.getAttributes().clear();
- if (scope == SearchScope.SINGLE_LEVEL)
- {
- ldapurl.setScope(SearchScope.BASE_OBJECT);
- }
- else
- {
- ldapurl.setScope(SearchScope.WHOLE_SUBTREE);
- }
+ ldapurl.setScope(scope == SINGLE_LEVEL ? BASE_OBJECT : WHOLE_SUBTREE);
ldapurl.setFilter(null);
uri = ldapurl.toString();
}
}
- catch (DirectoryException e)
+ catch (LocalizedIllegalArgumentException | DirectoryException e)
{
logger.traceException(e);
// Return the non-LDAP URI as is.
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/extensions/DynamicGroup.java b/opendj-server-legacy/src/main/java/org/opends/server/extensions/DynamicGroup.java
index e2d20c9..2b5cfda 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/extensions/DynamicGroup.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/extensions/DynamicGroup.java
@@ -23,9 +23,11 @@
import java.util.Set;
import org.forgerock.i18n.LocalizableMessage;
+import org.forgerock.i18n.LocalizedIllegalArgumentException;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.config.server.ConfigException;
import org.forgerock.opendj.ldap.ByteString;
+import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.SearchScope;
import org.forgerock.opendj.ldap.schema.AttributeType;
import org.opends.server.admin.std.server.DynamicGroupImplementationCfg;
@@ -33,7 +35,6 @@
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.ServerContext;
import org.opends.server.types.Attribute;
-import org.forgerock.opendj.ldap.DN;
import org.opends.server.types.DirectoryConfig;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
@@ -135,10 +136,10 @@
{
memberURLs.add(LDAPURL.decode(v.toString(), true));
}
- catch (DirectoryException de)
+ catch (LocalizedIllegalArgumentException | DirectoryException e)
{
- logger.traceException(de);
- logger.error(ERR_DYNAMICGROUP_CANNOT_DECODE_MEMBERURL, v, groupEntry.getName(), de.getMessageObject());
+ logger.traceException(e);
+ logger.error(ERR_DYNAMICGROUP_CANNOT_DECODE_MEMBERURL, v, groupEntry.getName(), e.getMessageObject());
}
}
}
--
Gitblit v1.10.0