You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2021/04/13 14:23:27 UTC
[tomcat] 04/10: Expand tests and fix escaping issue when searching
for users by filter
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit d5303a506c7533803d2b3bc46e6120ce673a6667
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Apr 13 11:43:51 2021 +0100
Expand tests and fix escaping issue when searching for users by filter
---
java/org/apache/catalina/realm/JNDIRealm.java | 6 ++-
.../catalina/realm/TestJNDIRealmIntegration.java | 52 +++++++++++++++++-----
2 files changed, 47 insertions(+), 11 deletions(-)
diff --git a/java/org/apache/catalina/realm/JNDIRealm.java b/java/org/apache/catalina/realm/JNDIRealm.java
index c16c7b7..ec36187 100644
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -1585,7 +1585,9 @@ public class JNDIRealm extends RealmBase {
}
// Form the search filter
- String filter = connection.userSearchFormat.format(new String[] { username });
+ // Escape in case username contains a character with special meaning in
+ // a search filter.
+ String filter = connection.userSearchFormat.format(new String[] { doFilterEscaping(username) });
// Set up the search controls
SearchControls constraints = new SearchControls();
@@ -1753,6 +1755,8 @@ public class JNDIRealm extends RealmBase {
return false;
}
+ // This is returned from the directory so will be attribute value
+ // escaped if required
String dn = user.getDN();
if (dn == null) {
return false;
diff --git a/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java b/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
index ca45053..ef0cc35 100644
--- a/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
+++ b/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
@@ -43,24 +43,42 @@ import com.unboundid.ldap.sdk.ResultCode;
@RunWith(Parameterized.class)
public class TestJNDIRealmIntegration {
+ private static final String USER_PATTERN = "cn={0},ou=people,dc=example,dc=com";
+ private static final String USER_SEARCH = "cn={0}";
+ private static final String USER_BASE = "ou=people,dc=example,dc=com";
+
private static InMemoryDirectoryServer ldapServer;
- @Parameterized.Parameters(name = "{index}: in[{0}], out[{1}]")
+ @Parameterized.Parameters(name = "{index}: user[{3}], pwd[{4}]")
public static Collection<Object[]> parameters() {
List<Object[]> parameterSets = new ArrayList<>();
+ addUsers(USER_PATTERN, null, null, parameterSets);
+ addUsers(null, USER_SEARCH, USER_BASE, parameterSets);
+ return parameterSets;
+ }
- parameterSets.add(new Object[] { "test", "test", new String[] {"TestGroup"} });
- parameterSets.add(new Object[] { "t;", "test", new String[] {"TestGroup"} });
- return parameterSets;
+ private static void addUsers(String userPattern, String userSearch, String userBase, List<Object[]> parameterSets) {
+ parameterSets.add(new Object[] { userPattern, userSearch, userBase,
+ "test", "test", new String[] {"TestGroup"} });
+ parameterSets.add(new Object[] { userPattern, userSearch, userBase,
+ "t;", "test", new String[] {"TestGroup"} });
+ parameterSets.add(new Object[] { userPattern, userSearch, userBase,
+ "t*", "test", new String[] {"TestGroup"} });
}
@Parameter(0)
- public String username;
+ public String realmConfigUserPattern;
@Parameter(1)
- public String credentials;
+ public String realmConfigUserSearch;
@Parameter(2)
+ public String realmConfigUserBase;
+ @Parameter(3)
+ public String username;
+ @Parameter(4)
+ public String credentials;
+ @Parameter(5)
public String[] groups;
@Test
@@ -69,7 +87,9 @@ public class TestJNDIRealmIntegration {
realm.containerLog = LogFactory.getLog(TestJNDIRealmIntegration.class);
realm.setConnectionURL("ldap://localhost:" + ldapServer.getListenPort());
- realm.setUserPattern("cn={0},ou=people,dc=example,dc=com");
+ realm.setUserPattern(realmConfigUserPattern);
+ realm.setUserSearch(realmConfigUserSearch);
+ realm.setUserBase(realmConfigUserBase);
realm.setRoleName("cn");
realm.setRoleBase("ou=people,dc=example,dc=com");
realm.setRoleSearch("member={0}");
@@ -131,19 +151,31 @@ public class TestJNDIRealmIntegration {
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
- "cn: test",
- "sn: Test",
+ "cn: t\\;",
+ "sn: Tsemicolon",
"userPassword: test");
result = conn.processOperation(addUserTestSemicolon);
Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());
+ AddRequest addUserTestAsterisk = new AddRequest(
+ "dn: cn=t\\*,ou=people,dc=example,dc=com",
+ "objectClass: top",
+ "objectClass: person",
+ "objectClass: organizationalPerson",
+ "cn: t\\*",
+ "sn: Tasterisk",
+ "userPassword: test");
+ result = conn.processOperation(addUserTestAsterisk);
+ Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());
+
AddRequest addGroupTest = new AddRequest(
"dn: cn=TestGroup,ou=people,dc=example,dc=com",
"objectClass: top",
"objectClass: groupOfNames",
"cn: TestGroup",
"member: cn=test,ou=people,dc=example,dc=com",
- "member: cn=t\\;,ou=people,dc=example,dc=com");
+ "member: cn=t\\;,ou=people,dc=example,dc=com",
+ "member: cn=t\\*,ou=people,dc=example,dc=com");
result = conn.processOperation(addGroupTest);
Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org