You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by ja...@apache.org on 2015/04/28 19:26:51 UTC
[3/3] karaf git commit: KARAF-3711 - LDAP login module doesn't handle
case where CN, OU, DC case doesn't match
KARAF-3711 - LDAP login module doesn't handle case where CN, OU, DC case doesn't match
Conflicts:
jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/94ddfed7
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/94ddfed7
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/94ddfed7
Branch: refs/heads/master
Commit: 94ddfed72956e86cc35234f117ab16b388b48fd9
Parents: ed5a22a
Author: Jonathan Anstey <ja...@gmail.com>
Authored: Tue Apr 28 14:37:46 2015 -0230
Committer: Jonathan Anstey <ja...@gmail.com>
Committed: Tue Apr 28 14:56:20 2015 -0230
----------------------------------------------------------------------
.../jaas/modules/ldap/LDAPLoginModule.java | 7 +-
.../modules/ldap/LdapCaseInsensitiveDNTest.java | 107 +++++++++++++++++++
.../ldap/ldapCaseInsensitiveDN.properties | 36 +++++++
3 files changed, 149 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/karaf/blob/94ddfed7/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
----------------------------------------------------------------------
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
index ea5e953..23b6648 100644
--- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
@@ -266,8 +266,13 @@ public class LDAPLoginModule extends AbstractKarafLoginModule {
// SearchResult.getNameInNamespace = cn=admin\,\=\+\<\>#\;\\,ou=people,dc=example,dc=com
//
// the second escapes the slashes correctly.
- String userDN = result.getNameInNamespace().replace("," + userBaseDN, "");
String userDNNamespace = (String) result.getNameInNamespace();
+ // handle case where cn, ou, dc case doesn't match
+ int indexOfUserBaseDN = userDNNamespace.toLowerCase().indexOf("," + userBaseDN.toLowerCase());
+ String userDN = (indexOfUserBaseDN > 0) ?
+ userDNNamespace.substring(0, indexOfUserBaseDN) :
+ result.getName();
+
return new String[]{userDN, userDNNamespace};
} finally {
if (namingEnumeration != null) {
http://git-wip-us.apache.org/repos/asf/karaf/blob/94ddfed7/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapCaseInsensitiveDNTest.java
----------------------------------------------------------------------
diff --git a/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapCaseInsensitiveDNTest.java b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapCaseInsensitiveDNTest.java
new file mode 100644
index 0000000..25579b4
--- /dev/null
+++ b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapCaseInsensitiveDNTest.java
@@ -0,0 +1,107 @@
+/*
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * under the License.
+ */
+package org.apache.karaf.jaas.modules.ldap;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import java.io.File;
+import java.io.IOException;
+import java.security.Principal;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.directory.api.ldap.model.constants.SchemaConstants;
+import org.apache.directory.api.ldap.model.message.ModifyRequest;
+import org.apache.directory.api.ldap.model.message.ModifyRequestImpl;
+import org.apache.directory.api.ldap.model.name.Dn;
+import org.apache.directory.ldap.client.api.LdapConnection;
+import org.apache.directory.ldap.client.api.LdapNetworkConnection;
+import org.apache.directory.server.core.integ.FrameworkRunner;
+import org.apache.directory.server.annotations.CreateLdapServer;
+import org.apache.directory.server.annotations.CreateTransport;
+import org.apache.directory.server.core.annotations.ApplyLdifFiles;
+import org.apache.directory.server.core.annotations.CreateDS;
+import org.apache.directory.server.core.annotations.CreatePartition;
+import org.apache.felix.utils.properties.Properties;
+import org.apache.karaf.jaas.boot.principal.RolePrincipal;
+import org.apache.karaf.jaas.boot.principal.UserPrincipal;
+import org.apache.karaf.jaas.modules.ldap.LdapLoginModuleTest;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith ( FrameworkRunner.class )
+@CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP", port=9999)})
+@CreateDS(name = "LdapCaseInsensitiveDNTest-class",
+ partitions = { @CreatePartition(name = "example", suffix = "dc=example,dc=com") })
+@ApplyLdifFiles(
+ "org/apache/karaf/jaas/modules/ldap/example.com.ldif"
+)
+public class LdapCaseInsensitiveDNTest extends LdapLoginModuleTest {
+
+ @Test
+ public void testCaseInsensitiveDN() throws Exception {
+ Properties options = ldapLoginModuleOptions();
+ LDAPLoginModule module = new LDAPLoginModule();
+ CallbackHandler cb = new CallbackHandler() {
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ for (Callback cb : callbacks) {
+ if (cb instanceof NameCallback) {
+ ((NameCallback) cb).setName("admin");
+ } else if (cb instanceof PasswordCallback) {
+ ((PasswordCallback) cb).setPassword("admin123".toCharArray());
+ }
+ }
+ }
+ };
+ Subject subject = new Subject();
+ module.initialize(subject, cb, null, options);
+
+ assertEquals("Precondition", 0, subject.getPrincipals().size());
+ assertTrue(module.login());
+ assertTrue(module.commit());
+
+ assertEquals(2, subject.getPrincipals().size());
+
+ boolean foundUser = false;
+ boolean foundRole = false;
+ for (Principal pr : subject.getPrincipals()) {
+ if (pr instanceof UserPrincipal) {
+ assertEquals("admin", pr.getName());
+ foundUser = true;
+ } else if (pr instanceof RolePrincipal) {
+ assertEquals("admin", pr.getName());
+ foundRole = true;
+ }
+ }
+ assertTrue(foundUser);
+ assertTrue(foundRole);
+
+ assertTrue(module.logout());
+ assertEquals("Principals should be gone as the user has logged out", 0, subject.getPrincipals().size());
+ }
+
+ protected Properties ldapLoginModuleOptions() throws IOException {
+ return new Properties(new File("src/test/resources/org/apache/karaf/jaas/modules/ldap/ldapCaseInsensitiveDN.properties"));
+ }
+}
+
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/karaf/blob/94ddfed7/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/ldapCaseInsensitiveDN.properties
----------------------------------------------------------------------
diff --git a/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/ldapCaseInsensitiveDN.properties b/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/ldapCaseInsensitiveDN.properties
new file mode 100644
index 0000000..931e7b6
--- /dev/null
+++ b/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/ldapCaseInsensitiveDN.properties
@@ -0,0 +1,36 @@
+################################################################################
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+debug=true
+connection.url=ldap://127.0.0.1:9999
+connection.username=uid=admin,ou=system
+connection.password=secret
+connection.protocol=
+authentication=simple
+
+user.base.dn=oU=people,Dc=example,DC=com
+user.filter=(uid=%u)
+user.search.subtree=true
+
+role.base.dn=ou=groups,dc=example,dc=com
+role.name.attribute=cn
+role.filter=(member=%fqdn)
+role.search.subtree=true
+
+initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory