diff options
author | Rob Crittenden <rcritten@redhat.com> | 2011-01-20 16:35:34 -0500 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2011-01-21 10:47:43 -0500 |
commit | fc28fae03fd1510d571a5011ef9d712c7778e578 (patch) | |
tree | fcdb81011c3e9a55cd637c1d7e46a499fd431e85 /ipaserver/plugins | |
parent | c22a3d25daee443db2e408c5325242691a62062e (diff) | |
download | freeipa-fc28fae03fd1510d571a5011ef9d712c7778e578.tar.gz freeipa-fc28fae03fd1510d571a5011ef9d712c7778e578.tar.xz freeipa-fc28fae03fd1510d571a5011ef9d712c7778e578.zip |
Add some basic filter validation to permissions and disallow empty filters
Try a query with a filter to see if it is at least legal. This doesn't
guarantee that the filter is at all otherwise sane.
ticket 808
Diffstat (limited to 'ipaserver/plugins')
-rw-r--r-- | ipaserver/plugins/ldap2.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index e2c83d9b2..86ea3f882 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -108,6 +108,8 @@ def _handle_errors(e, **kw): raise errors.LimitsExceeded() except _ldap.NOT_ALLOWED_ON_RDN: raise errors.NotAllowedOnRDN(attr=info) + except _ldap.FILTER_ERROR: + raise errors.BadSearchFilter(info=info) except _ldap.SUCCESS: pass except _ldap.LDAPError, e: |