From ad89155aefdc8cc757657a5c57da6624d8e8b25d Mon Sep 17 00:00:00 2001
From: Andrew Branson <andrew.branson@cern.ch>
Date: Thu, 13 Jun 2013 09:58:56 +0200
Subject: Escape DNs in Path, so special characters can be used in Path
 components. Fixes #125

---
 .../predefined/entitycreation/NewItem.java         |  8 +++---
 src/main/java/com/c2kernel/lookup/LDAPLookup.java  |  6 ++++-
 .../java/com/c2kernel/lookup/LDAPLookupUtils.java  | 29 +++++++++++++++++++---
 src/main/java/com/c2kernel/lookup/Path.java        |  5 ++--
 4 files changed, 37 insertions(+), 11 deletions(-)

(limited to 'src/main/java/com/c2kernel')

diff --git a/src/main/java/com/c2kernel/lifecycle/instance/predefined/entitycreation/NewItem.java b/src/main/java/com/c2kernel/lifecycle/instance/predefined/entitycreation/NewItem.java
index 3c5a16e..dfb19b8 100644
--- a/src/main/java/com/c2kernel/lifecycle/instance/predefined/entitycreation/NewItem.java
+++ b/src/main/java/com/c2kernel/lifecycle/instance/predefined/entitycreation/NewItem.java
@@ -103,8 +103,11 @@ public class NewItem extends ModuleImport {
 			}
 		}
         
+        // register domain path (before collections in case of recursive collections)
+        domPath.setEntity(entPath);
+        Gateway.getLDAPLookup().add(domPath);
+        
         // create collections
-
         for (Dependency element: dependencyList) {
             try {
                 Gateway.getStorage().put(entPath.getSysKey(), element.create(), null);
@@ -128,9 +131,6 @@ public class NewItem extends ModuleImport {
 	            throw new CannotManageException("A specified member is not of the correct type in "+element.name, "");
 	        }
         }
-        // register domain path
-        domPath.setEntity(entPath);
-        Gateway.getLDAPLookup().add(domPath);
     }
 
 	@Override
diff --git a/src/main/java/com/c2kernel/lookup/LDAPLookup.java b/src/main/java/com/c2kernel/lookup/LDAPLookup.java
index d581dfd..3a336dd 100644
--- a/src/main/java/com/c2kernel/lookup/LDAPLookup.java
+++ b/src/main/java/com/c2kernel/lookup/LDAPLookup.java
@@ -338,6 +338,10 @@ public class LDAPLookup
         return search(start.getFullDN(),LDAPConnection.SCOPE_SUB,"cristalprop="+LDAPLookupUtils.escapeSearchFilter(val),searchCons);
     }
 
+    public LDAPPathSet searchType(Path start, Path type) {
+    	return null;
+    }
+    
     protected LDAPPathSet search(String startDN, int scope, String filter, LDAPSearchConstraints searchCons)
     {
         Logger.msg(8,"Searching for "+filter+" in "+startDN);
@@ -345,7 +349,7 @@ public class LDAPLookup
         String[] attr = { LDAPConnection.ALL_USER_ATTRS };
         try
         {
-            LDAPSearchResults res = getConnection().search(LDAPLookupUtils.escapeDN(startDN),scope,
+            LDAPSearchResults res = getConnection().search(startDN, scope,
             		filter,attr,false,searchCons);
             return new LDAPPathSet(res);
         }
diff --git a/src/main/java/com/c2kernel/lookup/LDAPLookupUtils.java b/src/main/java/com/c2kernel/lookup/LDAPLookupUtils.java
index d8a4394..1ac4b3b 100644
--- a/src/main/java/com/c2kernel/lookup/LDAPLookupUtils.java
+++ b/src/main/java/com/c2kernel/lookup/LDAPLookupUtils.java
@@ -27,6 +27,7 @@ import com.novell.ldap.LDAPSearchResults;
 
 final public class LDAPLookupUtils
 {
+    static final char[] META_CHARS = {'+', '=', '"', ',', '<', '>', ';', '/'};
     static public LDAPEntry getEntry(LDAPConnection ld, String dn,int dereference)
         throws ObjectNotFoundException
     {
@@ -285,24 +286,44 @@ final public class LDAPLookupUtils
             Logger.msg(ex.toString());
         }
     }
+    
     public static String escapeDN (String name) {
         //From RFC 2253 and the / character for JNDI
-        final char[] META_CHARS = {'+', '"', '<', '>', ';', '/'};
+        
         String escapedStr = new String(name);
 
         //Backslash is both a Java and an LDAP escape character, so escape it first
         escapedStr = escapedStr.replaceAll("\\\\","\\\\");
 
         //Positional characters - see RFC 2253
-        escapedStr = escapedStr.replaceAll("^#","\\\\#");
+        escapedStr = escapedStr.replaceAll("^#","\\\\#");  // TODO: active directory requires hash to be escaped everywhere
         escapedStr = escapedStr.replaceAll("^ | $","\\\\ ");
 
         for (char element : META_CHARS) {
             escapedStr = escapedStr.replaceAll("\\"+element,"\\\\" + element);
         }
-        Logger.msg(6, "LDAP DN "+name+" escaped to "+escapedStr);
+        if (!name.equals(escapedStr)) Logger.msg(3, "LDAP DN "+name+" escaped to "+escapedStr);
         return escapedStr;
     }
+    
+    public static String unescapeDN (String dn) {
+        //From RFC 2253 and the / character for JNDI
+        String unescapedStr = new String(dn);
+
+        //Positional characters - see RFC 2253
+        unescapedStr = unescapedStr.replaceAll("^\\\\#", "#");  // TODO: active directory requires hash to be escaped everywhere
+        unescapedStr = unescapedStr.replaceAll("^\\\\ |\\\\ $", " ");
+
+        for (char element : META_CHARS) {
+        	unescapedStr = unescapedStr.replaceAll("\\\\" + element, ""+element);
+        }
+
+        //Any remaining backslashes
+        unescapedStr = unescapedStr.replaceAll("\\\\","\\");
+        
+        if (!dn.equals(unescapedStr)) Logger.msg(3, "LDAP DN "+dn+" unescaped to "+unescapedStr);
+        return unescapedStr;
+    }
 
     public static String escapeSearchFilter (String filter) {
         //From RFC 2254
@@ -312,7 +333,7 @@ final public class LDAPLookupUtils
         //escapedStr = escapedStr.replaceAll("\\*","\\\\2a"); // we need stars for searching
         escapedStr = escapedStr.replaceAll("\\(","\\\\28");
         escapedStr = escapedStr.replaceAll("\\)","\\\\29");
-        Logger.msg(6, "LDAP Search Filter "+filter+" escaped to "+escapedStr);
+        if (!filter.equals(escapedStr)) Logger.msg(3, "LDAP Search Filter "+filter+" escaped to "+escapedStr);
         return escapedStr;
     }
 }
diff --git a/src/main/java/com/c2kernel/lookup/Path.java b/src/main/java/com/c2kernel/lookup/Path.java
index 16d4f07..4bec43a 100644
--- a/src/main/java/com/c2kernel/lookup/Path.java
+++ b/src/main/java/com/c2kernel/lookup/Path.java
@@ -176,7 +176,7 @@ public abstract class Path implements Serializable
         while (tok.hasMoreTokens()) {
             String nextPath = tok.nextToken();
             if (nextPath.indexOf("cn=") == 0)
-                newPath.add(0, nextPath.substring(3));
+                newPath.add(0, LDAPLookupUtils.unescapeDN(nextPath.substring(3)));
             else
                 break;
         }
@@ -188,6 +188,7 @@ public abstract class Path implements Serializable
 
     /*************************************************************************/
 
+
     /*
      * Getter Methods
      */
@@ -215,7 +216,7 @@ public abstract class Path implements Serializable
         if (mDN == null) {
             StringBuffer dnBuffer = new StringBuffer();
             for (int i=mPath.length-1; i>=0; i--)
-                dnBuffer.append("cn=").append(mPath[i]).append(",");
+                dnBuffer.append("cn=").append(LDAPLookupUtils.escapeDN(mPath[i])).append(",");
             dnBuffer.append("cn="+getRoot()+",");
             mDN = dnBuffer.toString();
         }
-- 
cgit v1.2.3