From cc1e513fe4481879acf22cc57ed5ac547ea9ef6d Mon Sep 17 00:00:00 2001
From: dugan <dugan@localhost>
Date: Thu, 05 Jul 2007 12:37:54 +0000
Subject: [PATCH] Fix inconsistent format checking ACI targattrfilters keyword. Issue 1473.

---
 opends/src/server/org/opends/server/authorization/dseecompat/TargAttrFilters.java                                 |   34 ++++++++++-
 opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/TargAttrFiltersTestCase.java |   99 +++++++++++++++++++++++++++++++++
 2 files changed, 129 insertions(+), 4 deletions(-)

diff --git a/opends/src/server/org/opends/server/authorization/dseecompat/TargAttrFilters.java b/opends/src/server/org/opends/server/authorization/dseecompat/TargAttrFilters.java
index fd001d7..3d0441b 100644
--- a/opends/src/server/org/opends/server/authorization/dseecompat/TargAttrFilters.java
+++ b/opends/src/server/org/opends/server/authorization/dseecompat/TargAttrFilters.java
@@ -176,8 +176,27 @@
         String[] filterLists=
                 subExpression.split(secondOp, -1);
         if(filterLists.length > 2) {
-            int msgID =
-                    MSGID_ACI_SYNTAX_INVALID_TARGATTRFILTERS_MAX_FILTER_LISTS;
+          int msgID =
+                  MSGID_ACI_SYNTAX_INVALID_TARGATTRFILTERS_MAX_FILTER_LISTS;
+          String message = getMessage(msgID, expression);
+          throw new AciException(msgID, message);
+        } else if (filterLists.length == 1) {
+          //This check catches the case where there might not be a
+          //',' character between the first filter list and the second.
+          String sOp="del";
+          if(getMask(firstOp) == TARGATTRFILTERS_DELETE)
+            sOp="add";
+          String rg= sOp + "=";
+          if(subExpression.indexOf(rg) != -1) {
+            int msgID = MSGID_ACI_SYNTAX_INVALID_TARGATTRFILTERS_EXPRESSION;
+            String message = getMessage(msgID, expression);
+            throw new AciException(msgID, message);
+          }
+        }
+        filterLists[0]=filterLists[0].trim();
+        //First filter list must end in an ')' character.
+        if(!filterLists[0].endsWith(")")) {
+            int msgID = MSGID_ACI_SYNTAX_INVALID_TARGATTRFILTERS_EXPRESSION;
             String message = getMessage(msgID, expression);
             throw new AciException(msgID, message);
         }
@@ -185,8 +204,15 @@
                 TargAttrFilterList.decode(getMask(firstOp), filterLists[0]);
         TargAttrFilterList secondFilterList=null;
         //Handle the second filter list if there is one.
-        if(filterLists.length == 2) {
-            String temp2= filterLists[1].substring(1,filterLists[1].length());
+          if(filterLists.length == 2) {
+            String filterList=filterLists[1].trim();
+            //Second filter list must start with a '='.
+            if(!filterList.startsWith("=")) {
+              int msgID = MSGID_ACI_SYNTAX_INVALID_TARGATTRFILTERS_EXPRESSION;
+              String message = getMessage(msgID, expression);
+              throw new AciException(msgID, message);
+            }
+            String temp2= filterList.substring(1,filterList.length());
             //Assume the first op is an "add" so this has to be a "del".
             String secondOp="del";
             //If the first op is a "del", the second has to be an "add".
diff --git a/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/TargAttrFiltersTestCase.java b/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/TargAttrFiltersTestCase.java
new file mode 100644
index 0000000..d2a66b3
--- /dev/null
+++ b/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/TargAttrFiltersTestCase.java
@@ -0,0 +1,99 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License, Version 1.0 only
+ * (the "License").  You may not use this file except in compliance
+ * with the License.
+ *
+ * You can obtain a copy of the license at
+ * trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ * or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at
+ * trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
+ * add the following below this CDDL HEADER, with the fields enclosed
+ * by brackets "[]" replaced with your own identifying information:
+ *      Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ *
+ *
+ *      Portions Copyright 2007 Sun Microsystems, Inc.
+ */
+
+package org.opends.server.authorization.dseecompat;
+
+import org.testng.annotations.DataProvider;
+import org.testng.annotations.Test;
+import org.testng.annotations.BeforeClass;
+import org.opends.server.TestCaseUtils;
+
+
+/**
+ * This test tests the ACI targattrfilters syntax.
+ */
+public class TargAttrFiltersTestCase  extends AciTestCase {
+
+    @BeforeClass
+    public void startServer() throws Exception {
+      TestCaseUtils.startServer();
+   }
+
+  //Valid targattrfilters statements. Not the complete ACI.
+  @DataProvider(name = "validStatements")
+  public Object[][] valids() {
+    return new Object[][] {
+            {"add=st:(st=*),del=st:(st=*)"},
+            {"add=st:(st=*) && cn:(cn=c*), del=st:(st=*) && sn:(sn=s*)"},
+    };
+  }
+
+  //Invalid targattrfilters statements.
+  @DataProvider(name = "invalidStatements")
+  public Object[][] invalids() {
+    return new Object[][] {
+            {"add=st:(st=*),,,del=st:(st=*)"},
+            {"add=st:(st=*),dellll =st:(st=*)"},
+            {"add=st:(st=*)del=st:(st=*)"},
+            {"add=st:(st=*),add=st:(st=*)"},
+            {"add=st:(st=*),del=st:(st=*),add=st:(st=*)"},
+            {"add=st:(st=*),del=cn:(st=*)"},
+            {"add=st:(st=*) && cn:(cn=c*), del=st:(st=*) && l:(cn=c*)"},
+    };
+  }
+
+  /**
+   * Test valid targattrfilters statements. All should pass.
+   * @param statement The statement string.
+   * @throws Exception If a valid statement fails to parse.
+   */
+  @Test(dataProvider = "validStatements")
+  public void testValidStatements(String statement)
+          throws Exception {
+      TargAttrFilters.decode(EnumTargetOperator.EQUALITY, statement);
+  }
+
+  /**
+   * Test invalid targattrfilters statemnents. All should fail to parse.
+   * @param statement The statement string.
+   * @throws Exception If an invalid statement parses.
+   */
+  @Test(expectedExceptions= AciException.class, dataProvider="invalidStatements")
+  public void testInvalidStatements(String statement)  throws Exception {
+    try {
+      TargAttrFilters.decode(EnumTargetOperator.EQUALITY,statement);
+    } catch (AciException e) {
+      throw e;
+    } catch (Exception e) {
+      System.out.println(
+              "Invalid Aci  <" + statement + "> threw wrong exception type.");
+      throw e;
+    }
+    throw new RuntimeException(
+            "Invalid aci <" + statement + "> did not throw an exception.");
+  }
+}

--
Gitblit v1.10.0