From fc28fae03fd1510d571a5011ef9d712c7778e578 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Thu, 20 Jan 2011 16:35:34 -0500 Subject: Add some basic filter validation to permissions and disallow empty filters Try a query with a filter to see if it is at least legal. This doesn't guarantee that the filter is at all otherwise sane. ticket 808 --- ipaserver/plugins/ldap2.py | 2 ++ 1 file changed, 2 insertions(+) (limited to 'ipaserver/plugins') diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index e2c83d9b2..86ea3f882 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -108,6 +108,8 @@ def _handle_errors(e, **kw): raise errors.LimitsExceeded() except _ldap.NOT_ALLOWED_ON_RDN: raise errors.NotAllowedOnRDN(attr=info) + except _ldap.FILTER_ERROR: + raise errors.BadSearchFilter(info=info) except _ldap.SUCCESS: pass except _ldap.LDAPError, e: -- cgit