Add some basic filter validation to permissions and disallow empty filters

Try a query with a filter to see if it is at least legal. This doesn't guarantee that the filter is at all otherwise sane. ticket 808
author: Rob Crittenden <rcritten@redhat.com> 2011-01-20 16:35:34 -0500
committer: Rob Crittenden <rcritten@redhat.com> 2011-01-21 10:47:43 -0500
commit: fc28fae03fd1510d571a5011ef9d712c7778e578 (patch)
tree: fcdb81011c3e9a55cd637c1d7e46a499fd431e85 /ipaserver
parent: c22a3d25daee443db2e408c5325242691a62062e (diff)
download: freeipa-fc28fae03fd1510d571a5011ef9d712c7778e578.tar.gz
freeipa-fc28fae03fd1510d571a5011ef9d712c7778e578.tar.xz
freeipa-fc28fae03fd1510d571a5011ef9d712c7778e578.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index e2c83d9b2..86ea3f882 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -108,6 +108,8 @@ def _handle_errors(e, **kw):
         raise errors.LimitsExceeded()
     except _ldap.NOT_ALLOWED_ON_RDN:
         raise errors.NotAllowedOnRDN(attr=info)
+    except _ldap.FILTER_ERROR:
+        raise errors.BadSearchFilter(info=info)
     except _ldap.SUCCESS:
         pass
     except _ldap.LDAPError, e:
author	Rob Crittenden <rcritten@redhat.com>	2011-01-20 16:35:34 -0500
committer	Rob Crittenden <rcritten@redhat.com>	2011-01-21 10:47:43 -0500
commit	fc28fae03fd1510d571a5011ef9d712c7778e578 (patch)
tree	fcdb81011c3e9a55cd637c1d7e46a499fd431e85 /ipaserver
parent	c22a3d25daee443db2e408c5325242691a62062e (diff)
download	freeipa-fc28fae03fd1510d571a5011ef9d712c7778e578.tar.gz freeipa-fc28fae03fd1510d571a5011ef9d712c7778e578.tar.xz freeipa-fc28fae03fd1510d571a5011ef9d712c7778e578.zip