From cc9db00b66ccb71927ca7ef74f1b91f8b333bb85 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Mon, 06 Nov 2006 20:08:49 +0000
Subject: [PATCH] Update the AttributeValue constructors to ensure that they do not accept any null arguments. This also requires making changes to other areas of the server code to eliminate cases in which it was possible that at least one of the arguments was null.
---
opends/src/server/org/opends/server/types/AttributeValue.java | 23 +++++--
opends/src/server/org/opends/server/core/SearchOperation.java | 21 +++++-
opends/src/server/org/opends/server/controls/LDAPAssertionRequestControl.java | 5 +
opends/src/server/org/opends/server/protocols/ldap/LDAPFilter.java | 44 ++++++++++++++
opends/tests/unit-tests-testng/src/server/org/opends/server/synchronization/ValueInfoTest.java | 3
opends/src/server/org/opends/server/core/CompareOperation.java | 2
opends/tests/unit-tests-testng/src/server/org/opends/server/protocols/ldap/TestLDAPFilter.java | 9 +-
opends/src/server/org/opends/server/messages/ProtocolMessages.java | 27 +++++++++
opends/src/server/org/opends/server/core/AddOperation.java | 2
opends/src/server/org/opends/server/core/ModifyDNOperation.java | 2
opends/src/server/org/opends/server/core/ModifyOperation.java | 2
opends/src/server/org/opends/server/core/DeleteOperation.java | 2
opends/tests/unit-tests-testng/src/server/org/opends/server/synchronization/AttrInfoTest.java | 2
13 files changed, 121 insertions(+), 23 deletions(-)
diff --git a/opends/src/server/org/opends/server/controls/LDAPAssertionRequestControl.java b/opends/src/server/org/opends/server/controls/LDAPAssertionRequestControl.java
index b2f20bc..445176b 100644
--- a/opends/src/server/org/opends/server/controls/LDAPAssertionRequestControl.java
+++ b/opends/src/server/org/opends/server/controls/LDAPAssertionRequestControl.java
@@ -35,6 +35,7 @@
import org.opends.server.protocols.ldap.LDAPFilter;
import org.opends.server.protocols.ldap.LDAPResultCode;
import org.opends.server.types.Control;
+import org.opends.server.types.DirectoryException;
import org.opends.server.types.SearchFilter;
import static org.opends.server.loggers.Debug.*;
@@ -234,8 +235,12 @@
* Retrieves the processed search filter for this control.
*
* @return The processed search filter for this control.
+ *
+ * @throws DirectoryException If a problem occurs while attempting to
+ * process the search filter.
*/
public SearchFilter getSearchFilter()
+ throws DirectoryException
{
assert debugEnter(CLASS_NAME, "getSearchFilter");
diff --git a/opends/src/server/org/opends/server/core/AddOperation.java b/opends/src/server/org/opends/server/core/AddOperation.java
index 8ca91ba..960f90b 100644
--- a/opends/src/server/org/opends/server/core/AddOperation.java
+++ b/opends/src/server/org/opends/server/core/AddOperation.java
@@ -1659,11 +1659,11 @@
}
}
- SearchFilter filter = assertControl.getSearchFilter();
try
{
// FIXME -- We need to determine whether the current user has
// permission to make this determination.
+ SearchFilter filter = assertControl.getSearchFilter();
if (! filter.matchesEntry(entry))
{
setResultCode(ResultCode.ASSERTION_FAILED);
diff --git a/opends/src/server/org/opends/server/core/CompareOperation.java b/opends/src/server/org/opends/server/core/CompareOperation.java
index 3ad3fba..e0015cb 100644
--- a/opends/src/server/org/opends/server/core/CompareOperation.java
+++ b/opends/src/server/org/opends/server/core/CompareOperation.java
@@ -784,11 +784,11 @@
}
}
- SearchFilter filter = assertControl.getSearchFilter();
try
{
// FIXME -- We need to determine whether the current user has
// permission to make this determination.
+ SearchFilter filter = assertControl.getSearchFilter();
if (! filter.matchesEntry(entry))
{
setResultCode(ResultCode.ASSERTION_FAILED);
diff --git a/opends/src/server/org/opends/server/core/DeleteOperation.java b/opends/src/server/org/opends/server/core/DeleteOperation.java
index 70d034c..93d3841 100644
--- a/opends/src/server/org/opends/server/core/DeleteOperation.java
+++ b/opends/src/server/org/opends/server/core/DeleteOperation.java
@@ -735,11 +735,11 @@
}
}
- SearchFilter filter = assertControl.getSearchFilter();
try
{
// FIXME -- We need to determine whether the current user has
// permission to make this determination.
+ SearchFilter filter = assertControl.getSearchFilter();
if (! filter.matchesEntry(entry))
{
setResultCode(ResultCode.ASSERTION_FAILED);
diff --git a/opends/src/server/org/opends/server/core/ModifyDNOperation.java b/opends/src/server/org/opends/server/core/ModifyDNOperation.java
index 978870d..2f44f55 100644
--- a/opends/src/server/org/opends/server/core/ModifyDNOperation.java
+++ b/opends/src/server/org/opends/server/core/ModifyDNOperation.java
@@ -1202,11 +1202,11 @@
}
}
- SearchFilter filter = assertControl.getSearchFilter();
try
{
// FIXME -- We need to determine whether the current user has
// permission to make this determination.
+ SearchFilter filter = assertControl.getSearchFilter();
if (! filter.matchesEntry(currentEntry))
{
setResultCode(ResultCode.ASSERTION_FAILED);
diff --git a/opends/src/server/org/opends/server/core/ModifyOperation.java b/opends/src/server/org/opends/server/core/ModifyOperation.java
index c46d128..bdf5b54 100644
--- a/opends/src/server/org/opends/server/core/ModifyOperation.java
+++ b/opends/src/server/org/opends/server/core/ModifyOperation.java
@@ -1004,11 +1004,11 @@
}
}
- SearchFilter filter = assertControl.getSearchFilter();
try
{
// FIXME -- We need to determine whether the current user has
// permission to make this determination.
+ SearchFilter filter = assertControl.getSearchFilter();
if (! filter.matchesEntry(currentEntry))
{
setResultCode(ResultCode.ASSERTION_FAILED);
diff --git a/opends/src/server/org/opends/server/core/SearchOperation.java b/opends/src/server/org/opends/server/core/SearchOperation.java
index 5fdaccf..96c8931 100644
--- a/opends/src/server/org/opends/server/core/SearchOperation.java
+++ b/opends/src/server/org/opends/server/core/SearchOperation.java
@@ -1592,9 +1592,23 @@
break searchProcessing;
}
- if (filter == null)
+ try
{
- filter = rawFilter.toSearchFilter();
+ if (filter == null)
+ {
+ filter = rawFilter.toSearchFilter();
+ }
+ }
+ catch (DirectoryException de)
+ {
+ assert debugException(CLASS_NAME, "run", de);
+
+ setResultCode(de.getResultCode());
+ appendErrorMessage(de.getErrorMessage());
+ setMatchedDN(de.getMatchedDN());
+ setReferralURLs(de.getReferralURLs());
+
+ break searchProcessing;
}
// Check to see if the client has permission to perform the
@@ -1650,12 +1664,11 @@
}
}
- SearchFilter assertionFilter = assertControl.getSearchFilter();
try
{
// FIXME -- We need to determine whether the current user has
// permission to make this determination.
-
+ SearchFilter assertionFilter = assertControl.getSearchFilter();
Entry entry;
try
{
diff --git a/opends/src/server/org/opends/server/messages/ProtocolMessages.java b/opends/src/server/org/opends/server/messages/ProtocolMessages.java
index 98d4f8c..5050b25 100644
--- a/opends/src/server/org/opends/server/messages/ProtocolMessages.java
+++ b/opends/src/server/org/opends/server/messages/ProtocolMessages.java
@@ -4179,6 +4179,26 @@
/**
+ * The message ID for the message that will be used if an LDAP search filter
+ * references an unsupported matching rule. It takes a single argument, which
+ * is the unrecognized matching rule OID.
+ */
+ public static final int MSGID_LDAP_FILTER_UNKNOWN_MATCHING_RULE =
+ CATEGORY_MASK_PROTOCOL | SEVERITY_MASK_MILD_ERROR | 385;
+
+
+
+ /**
+ * The message ID for the message that will be used if an LDAP search filter
+ * has an assertion value without either an attribute type or a matching rule
+ * OID. This does not take any arguments.
+ */
+ public static final int MSGID_LDAP_FILTER_VALUE_WITH_NO_ATTR_OR_MR =
+ CATEGORY_MASK_PROTOCOL | SEVERITY_MASK_MILD_ERROR | 386;
+
+
+
+ /**
* Associates a set of generic messages with the message IDs defined in this
* class.
*/
@@ -4908,6 +4928,13 @@
"Cannot decode the provided ASN.1 element as an LDAP " +
"search filter because a problem occurred while trying " +
"to parse the extensible match sequence elements: %s.");
+ registerMessage(MSGID_LDAP_FILTER_UNKNOWN_MATCHING_RULE,
+ "The provided LDAP search filter references unknown " +
+ "matching rule %s.");
+ registerMessage(MSGID_LDAP_FILTER_VALUE_WITH_NO_ATTR_OR_MR,
+ "The provided LDAP search filter has an assertion value " +
+ "but does not include either an attribute type or a " +
+ "matching rule ID.");
registerMessage(MSGID_LDAP_FILTER_STRING_NULL,
"Cannot decode the provided string as an LDAP search " +
"filter because the string was null.");
diff --git a/opends/src/server/org/opends/server/protocols/ldap/LDAPFilter.java b/opends/src/server/org/opends/server/protocols/ldap/LDAPFilter.java
index 765b5d6..be16f37 100644
--- a/opends/src/server/org/opends/server/protocols/ldap/LDAPFilter.java
+++ b/opends/src/server/org/opends/server/protocols/ldap/LDAPFilter.java
@@ -35,6 +35,7 @@
import java.util.List;
import java.util.StringTokenizer;
+import org.opends.server.api.MatchingRule;
import org.opends.server.core.DirectoryServer;
import org.opends.server.protocols.asn1.ASN1Boolean;
import org.opends.server.protocols.asn1.ASN1Element;
@@ -46,7 +47,9 @@
import org.opends.server.types.ByteString;
import org.opends.server.types.DebugLogCategory;
import org.opends.server.types.DebugLogSeverity;
+import org.opends.server.types.DirectoryException;
import org.opends.server.types.FilterType;
+import org.opends.server.types.ResultCode;
import org.opends.server.types.SearchFilter;
import static org.opends.server.loggers.Debug.*;
@@ -2826,8 +2829,12 @@
* Directory Server's core processing.
*
* @return The generated search filter.
+ *
+ * @throws DirectoryException If a problem occurs while attempting to
+ * construct the search filter.
*/
public SearchFilter toSearchFilter()
+ throws DirectoryException
{
assert debugEnter(CLASS_NAME, "toSearchFilter");
@@ -2898,7 +2905,42 @@
}
- AttributeValue value = new AttributeValue(attrType, assertionValue);
+ AttributeValue value;
+ if (assertionValue == null)
+ {
+ value = null;
+ }
+ else if (attrType == null)
+ {
+ if (matchingRuleID == null)
+ {
+ int msgID = MSGID_LDAP_FILTER_VALUE_WITH_NO_ATTR_OR_MR;
+ String message = getMessage(msgID);
+ throw new DirectoryException(ResultCode.PROTOCOL_ERROR, message, msgID);
+ }
+ else
+ {
+ MatchingRule mr =
+ DirectoryServer.getMatchingRule(toLowerCase(matchingRuleID));
+ if (mr == null)
+ {
+ int msgID = MSGID_LDAP_FILTER_UNKNOWN_MATCHING_RULE;
+ String message = getMessage(msgID, matchingRuleID);
+ throw new DirectoryException(ResultCode.INAPPROPRIATE_MATCHING,
+ message, msgID);
+ }
+ else
+ {
+ ByteString normalizedValue = mr.normalizeValue(assertionValue);
+ value = new AttributeValue(assertionValue, normalizedValue);
+ }
+ }
+ }
+ else
+ {
+ value = new AttributeValue(attrType, assertionValue);
+ }
+
ArrayList<ByteString> subAnyComps;
if (subAnyElements == null)
diff --git a/opends/src/server/org/opends/server/types/AttributeValue.java b/opends/src/server/org/opends/server/types/AttributeValue.java
index 7d454a7..ba9ddd2 100644
--- a/opends/src/server/org/opends/server/types/AttributeValue.java
+++ b/opends/src/server/org/opends/server/types/AttributeValue.java
@@ -32,6 +32,7 @@
import org.opends.server.protocols.asn1.ASN1OctetString;
import static org.opends.server.loggers.Debug.*;
+import static org.opends.server.util.Validator.*;
@@ -69,15 +70,18 @@
* Creates a new attribute value with the provided information.
*
* @param attributeType The attribute type for this attribute
- * value.
+ * value. It must not be {@code null}.
* @param value The value in user-provided form for this
- * attribute value.
+ * attribute value. It must not be
+ * {@code null}.
*/
public AttributeValue(AttributeType attributeType, ByteString value)
{
assert debugConstructor(CLASS_NAME, String.valueOf(attributeType),
String.valueOf(value));
+ ensureNotNull(attributeType, value);
+
this.attributeType = attributeType;
this.value = value;
@@ -89,15 +93,18 @@
* Creates a new attribute value with the provided information.
*
* @param attributeType The attribute type for this attribute
- * value.
+ * value. It must not be {@code null}.
* @param value The value in user-provided form for this
- * attribute value.
+ * attribute value. It must not be
+ * {@code null}.
*/
public AttributeValue(AttributeType attributeType, String value)
{
assert debugConstructor(CLASS_NAME, String.valueOf(attributeType),
String.valueOf(value));
+ ensureNotNull(attributeType, value);
+
this.attributeType = attributeType;
this.value = new ASN1OctetString(value);
@@ -112,13 +119,17 @@
* byte-for-byte comparison of normalized values.
*
* @param value The user-provided form of this value.
- * @param normalizedValue The normalized form of this value.
+ * It must not be {@code null}.
+ * @param normalizedValue The normalized form of this value. It
+ * must not be {@code null}.
*/
public AttributeValue(ByteString value, ByteString normalizedValue)
{
assert debugConstructor(CLASS_NAME, String.valueOf(value),
String.valueOf(normalizedValue));
+ ensureNotNull(value, normalizedValue);
+
this.value = value;
this.normalizedValue = normalizedValue;
@@ -386,7 +397,7 @@
assert debugEnter(CLASS_NAME, "toString",
"java.lang.StringBuilder");
- value.toString(buffer);
+ buffer.append(value.toString());
}
}
diff --git a/opends/tests/unit-tests-testng/src/server/org/opends/server/protocols/ldap/TestLDAPFilter.java b/opends/tests/unit-tests-testng/src/server/org/opends/server/protocols/ldap/TestLDAPFilter.java
index bb8042e..550f5ee 100644
--- a/opends/tests/unit-tests-testng/src/server/org/opends/server/protocols/ldap/TestLDAPFilter.java
+++ b/opends/tests/unit-tests-testng/src/server/org/opends/server/protocols/ldap/TestLDAPFilter.java
@@ -244,20 +244,19 @@
LDAPFilter filter = LDAPFilter.decode(
"(&" +
"(cn>=*)" +
- "(:1.2.3.4:=Bob)" +
+ "(:2.5.13.2:=Bob)" +
"(cn:=Jane)" +
"(|" +
"(sn<=gh*sh*sl)" +
- "(!(cn:dn:2.4.6.8.19:=Sally))" +
+ "(!(cn:dn:2.5.13.5:=Sally))" +
"(cn~=blvd)" +
"(cn=*)" +
")" +
"(cn=*n)" +
"(cn=n*)" +
"(cn=n*n)" +
- "(:dn:=Sally)" +
- "(:dn:1.2.3.4:=Doe)" +
- "(cn:2.4.6.8.10:=)" +
+ "(:dn:1.3.6.1.4.1.1466.109.114.1:=Doe)" +
+ "(cn:2.5.13.2:=)" +
")");
SearchFilter searchFilter = filter.toSearchFilter();
diff --git a/opends/tests/unit-tests-testng/src/server/org/opends/server/synchronization/AttrInfoTest.java b/opends/tests/unit-tests-testng/src/server/org/opends/server/synchronization/AttrInfoTest.java
index 0988362..7022218 100644
--- a/opends/tests/unit-tests-testng/src/server/org/opends/server/synchronization/AttrInfoTest.java
+++ b/opends/tests/unit-tests-testng/src/server/org/opends/server/synchronization/AttrInfoTest.java
@@ -53,7 +53,7 @@
AttributeValue att1 = new AttributeValue(type, "string");
AttributeValue att2 = new AttributeValue(type, "value");
- AttributeValue att3 = new AttributeValue(null, "again");
+ AttributeValue att3 = new AttributeValue(type, "again");
ChangeNumber del1 = new ChangeNumber(1, (short) 0, (short) 1);
ChangeNumber del2 = new ChangeNumber(1, (short) 1, (short) 1);
diff --git a/opends/tests/unit-tests-testng/src/server/org/opends/server/synchronization/ValueInfoTest.java b/opends/tests/unit-tests-testng/src/server/org/opends/server/synchronization/ValueInfoTest.java
index 4a9f7a3..0a1bc9e 100644
--- a/opends/tests/unit-tests-testng/src/server/org/opends/server/synchronization/ValueInfoTest.java
+++ b/opends/tests/unit-tests-testng/src/server/org/opends/server/synchronization/ValueInfoTest.java
@@ -78,9 +78,10 @@
ChangeNumber CNdelete)
throws Exception
{
+ AttributeType type = DirectoryServer.getAttributeType("description");
ValueInfo valInfo1 = new ValueInfo(value,CNupdate,CNdelete);
ValueInfo valInfo2 = new ValueInfo(value,CNupdate,CNupdate);
- ValueInfo valInfo3 = new ValueInfo(new AttributeValue(null,"Test"),
+ ValueInfo valInfo3 = new ValueInfo(new AttributeValue(type,"Test"),
CNupdate,CNupdate);
// Check equals
--
Gitblit v1.10.0