Author: bdaw
Date: 2010-10-05 15:14:30 -0400 (Tue, 05 Oct 2010)
New Revision: 434
Modified:
idm/branches/1.1.0/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/helper/Tools.java
idm/branches/1.1.0/picketlink-idm-core/src/test/java/org/picketlink/idm/impl/store/CommonIdentityStoreTest.java
idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreImpl.java
idm/branches/1.1.0/picketlink-idm-testsuite/src/test/java/org/picketlink/idm/impl/api/OrganizationTest.java
Log:
- PLIDM-24 names in LDAP search filter are not escaped properly
Modified:
idm/branches/1.1.0/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/helper/Tools.java
===================================================================
---
idm/branches/1.1.0/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/helper/Tools.java 2010-10-04
17:58:28 UTC (rev 433)
+++
idm/branches/1.1.0/picketlink-idm-core/src/main/java/org/picketlink/idm/impl/helper/Tools.java 2010-10-05
19:14:30 UTC (rev 434)
@@ -118,4 +118,47 @@
return null;
}
+
+
+ /**
+ * Escape string for LDAP search filter use according to RFC 2554
+ *
+ * Character ASCII value
+ * ---------------------------
+ * * 0x2a
+ * ( 0x28
+ * ) 0x29
+ * \ 0x5c
+ * NUL 0x00
+ *
+ * @param filter
+ * @return
+ */
+ public static final String escapeLDAPSearchFilter(String filter)
+ {
+ StringBuilder sb = new StringBuilder();
+ for (int i = 0; i < filter.length(); i++) {
+ char curChar = filter.charAt(i);
+ switch (curChar) {
+ case '\\':
+ sb.append("\\5c");
+ break;
+ case '*':
+ sb.append("\\2a");
+ break;
+ case '(':
+ sb.append("\\28");
+ break;
+ case ')':
+ sb.append("\\29");
+ break;
+ case '\u0000':
+ sb.append("\\00");
+ break;
+ default:
+ sb.append(curChar);
+ }
+ }
+ return sb.toString();
+ }
}
Modified:
idm/branches/1.1.0/picketlink-idm-core/src/test/java/org/picketlink/idm/impl/store/CommonIdentityStoreTest.java
===================================================================
---
idm/branches/1.1.0/picketlink-idm-core/src/test/java/org/picketlink/idm/impl/store/CommonIdentityStoreTest.java 2010-10-04
17:58:28 UTC (rev 433)
+++
idm/branches/1.1.0/picketlink-idm-core/src/test/java/org/picketlink/idm/impl/store/CommonIdentityStoreTest.java 2010-10-05
19:14:30 UTC (rev 434)
@@ -110,8 +110,20 @@
assertNotNull(testContext.getStore().findIdentityObject(testContext.getCtx(),
"Adam//Ewa////Toto*%.$", IdentityTypeEnum.USER));
+ user1 = testContext.getStore().createIdentityObject(testContext.getCtx(),
"Adam(Ewa)", IdentityTypeEnum.USER);
+ assertNotNull(testContext.getStore().findIdentityObject(testContext.getCtx(),
"Adam(Ewa)", IdentityTypeEnum.USER));
+ user1 = testContext.getStore().createIdentityObject(testContext.getCtx(),
"Adam!(Ewa)", IdentityTypeEnum.USER);
+
+ assertNotNull(testContext.getStore().findIdentityObject(testContext.getCtx(),
"Adam!(Ewa)", IdentityTypeEnum.USER));
+
+ user1 = testContext.getStore().createIdentityObject(testContext.getCtx(),
"!(06_13_07 Sche) !(0", IdentityTypeEnum.USER);
+
+ assertNotNull(testContext.getStore().findIdentityObject(testContext.getCtx(),
"!(06_13_07 Sche) !(0", IdentityTypeEnum.USER));
+
+
+
testContext.commit();
Modified:
idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreImpl.java
===================================================================
---
idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreImpl.java 2010-10-04
17:58:28 UTC (rev 433)
+++
idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreImpl.java 2010-10-05
19:14:30 UTC (rev 434)
@@ -602,7 +602,11 @@
else
{
//search all entries
- filter = "(".concat(getTypeConfiguration(invocationCtx,
type).getIdAttributeName()).concat("=").concat(name).concat(")");
+ filter = "("
+ .concat(getTypeConfiguration(invocationCtx, type).getIdAttributeName())
+ .concat("=")
+ .concat(Tools.escapeLDAPSearchFilter(name))
+ .concat(")");
sr = searchIdentityObjects(invocationCtx,
entryCtxs,
filter,
@@ -1226,7 +1230,7 @@
af.append("(")
.append(stringEntry.getKey())
.append("=")
- .append(value)
+ .append(Tools.escapeLDAPSearchFilter(value))
.append(")");
}
}
@@ -2138,7 +2142,11 @@
else
{
//search all entries
- filter =
"(".concat(getConfiguration(invocationCtx).getRelationshipNameAttributeName()).concat("=").concat(name).concat(")");
+ filter = "("
+
.concat(getConfiguration(invocationCtx).getRelationshipNameAttributeName())
+ .concat("=")
+ .concat(Tools.escapeLDAPSearchFilter(name))
+ .concat(")");
sr = searchIdentityObjects(invocationCtx,
entryCtxs,
filter,
Modified:
idm/branches/1.1.0/picketlink-idm-testsuite/src/test/java/org/picketlink/idm/impl/api/OrganizationTest.java
===================================================================
---
idm/branches/1.1.0/picketlink-idm-testsuite/src/test/java/org/picketlink/idm/impl/api/OrganizationTest.java 2010-10-04
17:58:28 UTC (rev 433)
+++
idm/branches/1.1.0/picketlink-idm-testsuite/src/test/java/org/picketlink/idm/impl/api/OrganizationTest.java 2010-10-05
19:14:30 UTC (rev 434)
@@ -422,7 +422,13 @@
assertTrue(session.getAttributesManager().validateCredentials(anotherOne, new
Credential[]{binaryCredential}));
}
+ session.getPersistenceManager().createUser("!(06_13_07 Sche) !(0");
+ User u1 = session.getPersistenceManager().findUser("!(06_13_07 Sche)
!(0");
+
+ assertNotNull(u1);
+
+
ctx.commit();
}