Add some basic filter validation to permissions and disallow empty filters

Try a query with a filter to see if it is at least legal. This doesn't guarantee that the filter is at all otherwise sane. ticket 808
2025-02-25 18:55:28 -06:00 · 2011-01-20 16:35:34 -05:00
parent c22a3d25da
commit fc28fae03f
3 changed files with 32 additions and 4 deletions
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -108,6 +108,8 @@ def _handle_errors(e, **kw):
        raise errors.LimitsExceeded()
    except _ldap.NOT_ALLOWED_ON_RDN:
        raise errors.NotAllowedOnRDN(attr=info)
+    except _ldap.FILTER_ERROR:
+        raise errors.BadSearchFilter(info=info)
    except _ldap.SUCCESS:
        pass
    except _ldap.LDAPError, e: