From 156ba568bac5aa35435bd226d25eafc4b619a25a Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Tue, 18 Sep 2012 12:30:53 -0500 Subject: Added DN and filter escaping in ConfigurationUtils. The ConfigurationUtils has been modified to escape values used in DN or filter according to LDAP standard. Ticket #193 --- .../cms/servlet/csadmin/ConfigurationUtils.java | 38 +++++++++++----------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java index 987502d4e..6cd64f654 100644 --- a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java +++ b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java @@ -1049,7 +1049,7 @@ public class ConfigurationUtils { boolean foundDatabase = false; try { - String dn = "cn=" + database + ",cn=ldbm database, cn=plugins, cn=config"; + String dn = "cn=" + LDAPUtil.escapeDN(database) + ",cn=ldbm database, cn=plugins, cn=config"; LDAPEntry entry = conn.read(dn); if (entry != null) foundDatabase = true; } catch (LDAPException e) { @@ -1114,7 +1114,7 @@ public class ConfigurationUtils { attrs.add(new LDAPAttribute("objectClass", oc)); attrs.add(new LDAPAttribute("cn", database)); attrs.add(new LDAPAttribute("nsslapd-suffix", baseDN)); - String dn = "cn=" + database + ",cn=ldbm database, cn=plugins, cn=config"; + String dn = "cn=" + LDAPUtil.escapeDN(database) + ",cn=ldbm database, cn=plugins, cn=config"; LDAPEntry entry = new LDAPEntry(dn, attrs); conn.add(entry); } catch (Exception e) { @@ -1204,8 +1204,8 @@ public class ConfigurationUtils { String instanceId = cs.getString("instanceId"); String cstype = cs.getString("cs.type"); - String dbuser = "uid=" + cstype + "-" + cs.getString("machineName") + "-" - + cs.getString("service.securePort") + ",ou=people," + baseDN; + String dbuser = "uid=" + LDAPUtil.escapeDN(cstype + "-" + cs.getString("machineName") + "-" + + cs.getString("service.securePort")) + ",ou=people," + baseDN; String configDir = instancePath + File.separator + cstype.toLowerCase() + File.separator + "conf"; @@ -1296,7 +1296,7 @@ public class ConfigurationUtils { try { dn = "cn=mapping tree, cn=config"; - filter = "nsslapd-backend=" + database; + filter = "nsslapd-backend=" + LDAPUtil.escapeFilter(database); LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter, attrs, true, cons); if (res != null) { @@ -1314,7 +1314,7 @@ public class ConfigurationUtils { } try { - dn = "cn=" + database + ",cn=ldbm database, cn=plugins, cn=config"; + dn = "cn=" + LDAPUtil.escapeDN(database) + ",cn=ldbm database, cn=plugins, cn=config"; LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_BASE, filter, attrs, true, cons); if (res != null) { @@ -1619,7 +1619,7 @@ public class ConfigurationUtils { } } - dn = "cn=" + bindUser + ",ou=csusers,cn=config"; + dn = "cn=" + LDAPUtil.escapeDN(bindUser) + ",ou=csusers,cn=config"; try { attrs = new LDAPAttributeSet(); attrs.add(new LDAPAttribute("objectclass", "top")); @@ -1689,7 +1689,7 @@ public class ConfigurationUtils { attrs.add(new LDAPAttribute("nsDS5ReplicaRoot", basedn)); attrs.add(new LDAPAttribute("nsDS5ReplicaType", "3")); attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN", - "cn=" + bindUser + ",ou=csusers,cn=config")); + "cn=" + LDAPUtil.escapeDN(bindUser) + ",ou=csusers,cn=config")); attrs.add(new LDAPAttribute("cn", "replica")); attrs.add(new LDAPAttribute("nsDS5ReplicaId", Integer.toString(id))); attrs.add(new LDAPAttribute("nsds5flags", "1")); @@ -1704,7 +1704,7 @@ public class ConfigurationUtils { try { entry = conn.read(replicadn); LDAPAttribute attr = entry.getAttribute("nsDS5ReplicaBindDN"); - attr.addValue("cn=" + bindUser + ",ou=csusers,cn=config"); + attr.addValue("cn=" + LDAPUtil.escapeDN(bindUser) + ",ou=csusers,cn=config"); LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, attr); conn.modify(replicadn, mod); } catch (LDAPException ee) { @@ -1726,7 +1726,7 @@ public class ConfigurationUtils { public static void createReplicationAgreement(String replicadn, LDAPConnection conn, String name, String replicahost, int replicaport, String replicapwd, String basedn, String bindUser, String secure, String replicationSecurity) throws LDAPException { - String dn = "cn=" + name + "," + replicadn; + String dn = "cn=" + LDAPUtil.escapeDN(name) + "," + replicadn; CMS.debug("createReplicationAgreement: dn: " + dn); LDAPEntry entry = null; LDAPAttributeSet attrs = null; @@ -1741,7 +1741,7 @@ public class ConfigurationUtils { attrs.add(new LDAPAttribute("nsDS5ReplicaPort", "" + replicaport)); attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN", - "cn=" + bindUser + ",ou=csusers,cn=config")); + "cn=" + LDAPUtil.escapeDN(bindUser) + ",ou=csusers,cn=config")); attrs.add(new LDAPAttribute("nsDS5ReplicaBindMethod", "Simple")); attrs.add(new LDAPAttribute("nsds5replicacredentials", replicapwd)); @@ -1783,7 +1783,7 @@ public class ConfigurationUtils { } public static void initializeConsumer(String replicadn, LDAPConnection conn, String name) throws LDAPException { - String dn = "cn=" + name + "," + replicadn; + String dn = "cn=" + LDAPUtil.escapeDN(name) + "," + replicadn; CMS.debug("initializeConsumer: initializeConsumer dn: " + dn); CMS.debug("initializeConsumer: initializeConsumer host: " + conn.getHost() + " port: " + conn.getPort()); @@ -1796,7 +1796,7 @@ public class ConfigurationUtils { public static boolean replicationDone(String replicadn, LDAPConnection conn, String name) throws LDAPException, IOException { - String dn = "cn=" + name + "," + replicadn; + String dn = "cn=" + LDAPUtil.escapeDN(name) + "," + replicadn; String filter = "(objectclass=*)"; String[] attrs = { "nsds5beginreplicarefresh" }; @@ -1818,7 +1818,7 @@ public class ConfigurationUtils { public static String replicationStatus(String replicadn, LDAPConnection conn, String name) throws IOException, LDAPException { - String dn = "cn=" + name + "," + replicadn; + String dn = "cn=" + LDAPUtil.escapeDN(name) + "," + replicadn; String filter = "(objectclass=*)"; String[] attrs = { "nsds5replicalastinitstatus" }; @@ -3060,7 +3060,7 @@ public class ConfigurationUtils { // create list containers String clist[] = { "CAList", "OCSPList", "KRAList", "RAList", "TKSList", "TPSList" }; for (int i = 0; i < clist.length; i++) { - dn = "cn=" + clist[i] + ",ou=Security Domain," + basedn; + dn = "cn=" + LDAPUtil.escapeDN(clist[i]) + ",ou=Security Domain," + basedn; attrs = new LDAPAttributeSet(); attrs.add(new LDAPAttribute("objectclass", "top")); attrs.add(new LDAPAttribute("objectclass", "pkiSecurityGroup")); @@ -3071,7 +3071,7 @@ public class ConfigurationUtils { // Add this host String cn = CMS.getEESSLHost() + ":" + CMS.getAdminPort(); - dn = "cn=" + cn + ",cn=CAList,ou=Security Domain," + basedn; + dn = "cn=" + LDAPUtil.escapeDN(cn) + ",cn=CAList,ou=Security Domain," + basedn; String subsystemName = cs.getString("preop.subsystem.name"); attrs = new LDAPAttributeSet(); attrs.add(new LDAPAttribute("objectclass", "top")); @@ -3460,16 +3460,16 @@ public class ConfigurationUtils { String serialdn = ""; if (type.equals("CA")) { - serialdn = "ou=certificateRepository,ou=" + type.toLowerCase() + "," + basedn; + serialdn = "ou=certificateRepository,ou=" + LDAPUtil.escapeDN(type.toLowerCase()) + "," + basedn; } else { - serialdn = "ou=keyRepository,ou=" + type.toLowerCase() + "," + basedn; + serialdn = "ou=keyRepository,ou=" + LDAPUtil.escapeDN(type.toLowerCase()) + "," + basedn; } LDAPAttribute attrSerialNextRange = new LDAPAttribute("nextRange", endSerialNum.add(oneNum).toString()); LDAPModification serialmod = new LDAPModification(LDAPModification.REPLACE, attrSerialNextRange); conn.modify(serialdn, serialmod); - String requestdn = "ou=" + type.toLowerCase() + ",ou=requests," + basedn; + String requestdn = "ou=" + LDAPUtil.escapeDN(type.toLowerCase()) + ",ou=requests," + basedn; LDAPAttribute attrRequestNextRange = new LDAPAttribute("nextRange", endRequestNum.add(oneNum).toString()); LDAPModification requestmod = new LDAPModification(LDAPModification.REPLACE, attrRequestNextRange); -- cgit