You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Luke Taylor (JIRA)" <di...@incubator.apache.org> on 2005/12/08 20:01:10 UTC
[jira] Created: (DIRLDAP-79) Attempting to bind as non-existent user causes infinite loop
Attempting to bind as non-existent user causes infinite loop
------------------------------------------------------------
Key: DIRLDAP-79
URL: http://issues.apache.org/jira/browse/DIRLDAP-79
Project: Directory LDAP
Type: Bug
Reporter: Luke Taylor
If the following test method is added to the end of SimpleAuthenticationTest in the core-tests module, the code goes into an infinite loop.
public void test11NonExistentUser()
{
Hashtable env = new Hashtable( configuration.toJndiEnvironment() );
env.put( Context.PROVIDER_URL, "ou=system" );
env.put( Context.SECURITY_PRINCIPAL, "uid=idontexist,ou=users,ou=system" );
env.put( Context.SECURITY_CREDENTIALS, "test" );
env.put( Context.SECURITY_AUTHENTICATION, "simple" );
env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.ldap.server.jndi.CoreContextFactory" );
try {
new InitialContext( env );
fail("Authenticated as non-existent user");
} catch(Exception expected) {
}
}
Line 139 of org.apache.ldap.server.jndi.ServerContext is
if ( ! nexusProxy.hasEntry( dn ) )
{
throw new NameNotFoundException( dn + " does not exist" );
}
But the call to hasEntry(dn) results in an authenticate() call. SimpleAuthenticator then performs a "lookup" operation on the given dn. When the call reaches the ExceptionService, it calls assertHasEntry() on itself:
line 372:
if ( !nextInterceptor.hasEntry( dn ) )
{
LdapNameNotFoundException e = null;
if ( msg != null )
{
e = new LdapNameNotFoundException( msg + dn );
}
else
{
e = new LdapNameNotFoundException( dn.toString() );
}
e.setResolvedName( proxy.getMatchedName( dn, false ) );
throw e;
}
The hasEntry call here fails as expected. However, the subsequent call to getMatchedName results in another call through the interceptor stack, another authenticate(), another lookup from SimpleAuthenticator and then we're stuck.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Closed: (DIRSERVER-200) Attempting to bind as non-existent
user causes infinite loop
Posted by "Emmanuel Lecharny (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRSERVER-200?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Emmanuel Lecharny closed DIRSERVER-200.
---------------------------------------
Closing all issues created in 2005 and before which are marked resolved
> Attempting to bind as non-existent user causes infinite loop
> ------------------------------------------------------------
>
> Key: DIRSERVER-200
> URL: https://issues.apache.org/jira/browse/DIRSERVER-200
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: ldap
> Affects Versions: pre-1.0
> Reporter: Luke Taylor
> Fix For: pre-1.0
>
>
> If the following test method is added to the end of SimpleAuthenticationTest in the core-tests module, the code goes into an infinite loop.
> public void test11NonExistentUser()
> {
> Hashtable env = new Hashtable( configuration.toJndiEnvironment() );
> env.put( Context.PROVIDER_URL, "ou=system" );
> env.put( Context.SECURITY_PRINCIPAL, "uid=idontexist,ou=users,ou=system" );
> env.put( Context.SECURITY_CREDENTIALS, "test" );
> env.put( Context.SECURITY_AUTHENTICATION, "simple" );
> env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.ldap.server.jndi.CoreContextFactory" );
> try {
> new InitialContext( env );
> fail("Authenticated as non-existent user");
> } catch(Exception expected) {
> }
> }
> Line 139 of org.apache.ldap.server.jndi.ServerContext is
> if ( ! nexusProxy.hasEntry( dn ) )
> {
> throw new NameNotFoundException( dn + " does not exist" );
> }
> But the call to hasEntry(dn) results in an authenticate() call. SimpleAuthenticator then performs a "lookup" operation on the given dn. When the call reaches the ExceptionService, it calls assertHasEntry() on itself:
> line 372:
> if ( !nextInterceptor.hasEntry( dn ) )
> {
> LdapNameNotFoundException e = null;
> if ( msg != null )
> {
> e = new LdapNameNotFoundException( msg + dn );
> }
> else
> {
> e = new LdapNameNotFoundException( dn.toString() );
> }
> e.setResolvedName( proxy.getMatchedName( dn, false ) );
> throw e;
> }
> The hasEntry call here fails as expected. However, the subsequent call to getMatchedName results in another call through the interceptor stack, another authenticate(), another lookup from SimpleAuthenticator and then we're stuck.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
Re: Bugs status
Posted by Trustin Lee <tr...@gmail.com>.
2006/1/20, Emmanuel Lecharny <el...@gmail.com>:
>
> Hi all !
>
> Here is the list of bugs we have :
>
> DIREVE-310 To be investigate after 1.0-RC-1
Thanks! :)
DIRMINA-157 To be fixed for 1.0-RC1
This depends on our site reorganization. We cannot deploy our site at all
for now.
DIRMINA-152 Is it fixed? To be fixed for 1.0-RC1
Resolved.
DIRMINA-162 To be fixed for 1.0-RC1
This issue is not related with ApacheDS, so it will be fixed later. Perhaps
in MINA 0.9.2?
DIRMINA-143 Postponed to 1.0.1
This issue is supposed to be fixed very easily. I'll take care of this
before 1.0-RC1 is out.
Could everybody check those bugs and tell me which is there status?
We need to release MINA 0.9.1 together. There're a few issues Alex
addressed recently. I'll fix all of them and make sure both ApacheDS
1.0RC1and MINA
0.9.1 are fully in a line.
BTW, you had to put the subject of the issues. :)
Thanks,
Trustin
--
what we call human nature is actually human habit
--
http://gleamynode.net/
PGP Key ID: 0x854B996C
Re: Bugs status
Posted by Alex Karasulu <ao...@bellsouth.net>.
Emmanuel Lecharny wrote:
> Hi all !
>
> Here is the list of bugs we have :
...
> DIREVE-310 To be investigate after 1.0-RC-1
> DIREVE-314 To be fixed for 1.0-RC1
> DIREVE-308 To be fixed for 1.0-RC1
> DIREVE-297 ???
[Access Control] Autonomous areas for AC must not overlap
Can be done after 1.0 RC1 ... before 1.0.
> DIREVE-277 To be fixed for 1.1
> DIREVE-276 ???
Search for super OC does not return subclasses if add op does not
add complete objectClass lineage
Needs to be done before 1.0 release.
> DIREVE-253 Is it a ADS problem or not ???
This is an API issue and does not effect our server release. We are not
making the internal embedding API 1.0 ... it will still be under
construction while ApacheDS 1.0 is getting bombarded. Also I have no
clue if this issue is our fault ... probably is.
>
> DIR-123 State ? 1.0.1 ? 1.1
Don't know don't care. I'm waiting get rid of this spring stuff. OSGi
will get rid of this stuff which is only there in standalone/simple/main.
> DIR-115 State ?
Man we need to reorg JIRA people are putting issues in the wrong place
like this one and the last one. Can't blame them. Oh this one is
intended to be the case. I probably did not comment on it becasue is an
embedding issue. Embedding issues for apacheds is not a big worry.
Let's put these issues on the bottom of the list: let's fix em after
ApacheDS 1.2.
>
> DIRLDAP-84 To be fixed for 1.0-RC1
I'd say for RCx.
> DIRLDAP-75 To be fixed for 1.0-RCx
Looks like we already have it no? (Twix Support for LDAP Controls
<https://issues.apache.org/jira/browse/DIRLDAP-75>)
>
> DIRLDAP-51 Partially fixed. To be fixed for 1.0-RC1
Incorrect matched DN in the bind response (and others depending on the
result code) <https://issues.apache.org/jira/browse/DIRLDAP-51>
Yea this should be done before 1.0 too.
> DIRLDAP-37 Postponed to 1.0.1
Oh yeah this is pretty serious hehe ... I thought I fixed this too.
Perhaps we should be done with this by 1.0 but again its on an API not
on core server functionality. So yeah ok we can defer this to 1.0.1.
>
>
> Could everybody check those bugs and tell me which is there status?
>
> Thanks a lot !
>
Sorry I took a while.
Laters,
Alex
Bugs status
Posted by Emmanuel Lecharny <el...@gmail.com>.
Hi all !
Here is the list of bugs we have :
DIRSNICKERS-120 To be done for 1.0-RC1
DIRSNICKERS-96 To be checked for 1.0-RC1. Status unknown
DIRSITEDOCS-10 To be checked for 1.0-RCx
DIRSITEDOCS-8 To be fixed for 1.0-RC1
DIREVE-310 To be investigate after 1.0-RC-1
DIREVE-314 To be fixed for 1.0-RC1
DIREVE-308 To be fixed for 1.0-RC1
DIREVE-297 ???
DIREVE-277 To be fixed for 1.1
DIREVE-276 ???
DIREVE-253 Is it a ADS problem or not ???
DIR-123 State ? 1.0.1 ? 1.1
DIR-115 State ?
DIRMINA-157 To be fixed for 1.0-RC1
DIRMINA-152 Is it fixed? To be fixed for 1.0-RC1
DIRMINA-162 To be fixed for 1.0-RC1
DIRMINA-143 Postponed to 1.0.1
DIRLDAP-84 To be fixed for 1.0-RC1
DIRLDAP-75 To be fixed for 1.0-RCx
DIRLDAP-51 Partially fixed. To be fixed for 1.0-RC1
DIRLDAP-37 Postponed to 1.0.1
Could everybody check those bugs and tell me which is there status?
Thanks a lot !
[jira] Resolved: (DIRLDAP-79) Attempting to bind as non-existent
user causes infinite loop
Posted by "Emmanuel Lecharny (JIRA)" <di...@incubator.apache.org>.
[ http://issues.apache.org/jira/browse/DIRLDAP-79?page=all ]
Emmanuel Lecharny resolved DIRLDAP-79:
--------------------------------------
Resolution: Duplicate
Duplicate of DIREVE-314
> Attempting to bind as non-existent user causes infinite loop
> ------------------------------------------------------------
>
> Key: DIRLDAP-79
> URL: http://issues.apache.org/jira/browse/DIRLDAP-79
> Project: Directory LDAP
> Type: Bug
> Reporter: Luke Taylor
>
> If the following test method is added to the end of SimpleAuthenticationTest in the core-tests module, the code goes into an infinite loop.
> public void test11NonExistentUser()
> {
> Hashtable env = new Hashtable( configuration.toJndiEnvironment() );
> env.put( Context.PROVIDER_URL, "ou=system" );
> env.put( Context.SECURITY_PRINCIPAL, "uid=idontexist,ou=users,ou=system" );
> env.put( Context.SECURITY_CREDENTIALS, "test" );
> env.put( Context.SECURITY_AUTHENTICATION, "simple" );
> env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.ldap.server.jndi.CoreContextFactory" );
> try {
> new InitialContext( env );
> fail("Authenticated as non-existent user");
> } catch(Exception expected) {
> }
> }
> Line 139 of org.apache.ldap.server.jndi.ServerContext is
> if ( ! nexusProxy.hasEntry( dn ) )
> {
> throw new NameNotFoundException( dn + " does not exist" );
> }
> But the call to hasEntry(dn) results in an authenticate() call. SimpleAuthenticator then performs a "lookup" operation on the given dn. When the call reaches the ExceptionService, it calls assertHasEntry() on itself:
> line 372:
> if ( !nextInterceptor.hasEntry( dn ) )
> {
> LdapNameNotFoundException e = null;
> if ( msg != null )
> {
> e = new LdapNameNotFoundException( msg + dn );
> }
> else
> {
> e = new LdapNameNotFoundException( dn.toString() );
> }
> e.setResolvedName( proxy.getMatchedName( dn, false ) );
> throw e;
> }
> The hasEntry call here fails as expected. However, the subsequent call to getMatchedName results in another call through the interceptor stack, another authenticate(), another lookup from SimpleAuthenticator and then we're stuck.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Commented: (DIRLDAP-79) Attempting to bind as non-existent user causes infinite loop
Posted by "Emmanuel Lecharny (JIRA)" <di...@incubator.apache.org>.
[ http://issues.apache.org/jira/browse/DIRLDAP-79?page=comments#action_12359764 ]
Emmanuel Lecharny commented on DIRLDAP-79:
------------------------------------------
(see DIREVE-314 : http://issues.apache.org/jira/browse/DIREVE-314 ).
> Attempting to bind as non-existent user causes infinite loop
> ------------------------------------------------------------
>
> Key: DIRLDAP-79
> URL: http://issues.apache.org/jira/browse/DIRLDAP-79
> Project: Directory LDAP
> Type: Bug
> Reporter: Luke Taylor
>
> If the following test method is added to the end of SimpleAuthenticationTest in the core-tests module, the code goes into an infinite loop.
> public void test11NonExistentUser()
> {
> Hashtable env = new Hashtable( configuration.toJndiEnvironment() );
> env.put( Context.PROVIDER_URL, "ou=system" );
> env.put( Context.SECURITY_PRINCIPAL, "uid=idontexist,ou=users,ou=system" );
> env.put( Context.SECURITY_CREDENTIALS, "test" );
> env.put( Context.SECURITY_AUTHENTICATION, "simple" );
> env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.ldap.server.jndi.CoreContextFactory" );
> try {
> new InitialContext( env );
> fail("Authenticated as non-existent user");
> } catch(Exception expected) {
> }
> }
> Line 139 of org.apache.ldap.server.jndi.ServerContext is
> if ( ! nexusProxy.hasEntry( dn ) )
> {
> throw new NameNotFoundException( dn + " does not exist" );
> }
> But the call to hasEntry(dn) results in an authenticate() call. SimpleAuthenticator then performs a "lookup" operation on the given dn. When the call reaches the ExceptionService, it calls assertHasEntry() on itself:
> line 372:
> if ( !nextInterceptor.hasEntry( dn ) )
> {
> LdapNameNotFoundException e = null;
> if ( msg != null )
> {
> e = new LdapNameNotFoundException( msg + dn );
> }
> else
> {
> e = new LdapNameNotFoundException( dn.toString() );
> }
> e.setResolvedName( proxy.getMatchedName( dn, false ) );
> throw e;
> }
> The hasEntry call here fails as expected. However, the subsequent call to getMatchedName results in another call through the interceptor stack, another authenticate(), another lookup from SimpleAuthenticator and then we're stuck.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Reopened: (DIRLDAP-79) Attempting to bind as non-existent
user causes infinite loop
Posted by "Emmanuel Lecharny (JIRA)" <di...@incubator.apache.org>.
[ http://issues.apache.org/jira/browse/DIRLDAP-79?page=all ]
Emmanuel Lecharny reopened DIRLDAP-79:
--------------------------------------
bad link to DIRLDAP-86
> Attempting to bind as non-existent user causes infinite loop
> ------------------------------------------------------------
>
> Key: DIRLDAP-79
> URL: http://issues.apache.org/jira/browse/DIRLDAP-79
> Project: Directory LDAP
> Type: Bug
> Reporter: Luke Taylor
>
> If the following test method is added to the end of SimpleAuthenticationTest in the core-tests module, the code goes into an infinite loop.
> public void test11NonExistentUser()
> {
> Hashtable env = new Hashtable( configuration.toJndiEnvironment() );
> env.put( Context.PROVIDER_URL, "ou=system" );
> env.put( Context.SECURITY_PRINCIPAL, "uid=idontexist,ou=users,ou=system" );
> env.put( Context.SECURITY_CREDENTIALS, "test" );
> env.put( Context.SECURITY_AUTHENTICATION, "simple" );
> env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.ldap.server.jndi.CoreContextFactory" );
> try {
> new InitialContext( env );
> fail("Authenticated as non-existent user");
> } catch(Exception expected) {
> }
> }
> Line 139 of org.apache.ldap.server.jndi.ServerContext is
> if ( ! nexusProxy.hasEntry( dn ) )
> {
> throw new NameNotFoundException( dn + " does not exist" );
> }
> But the call to hasEntry(dn) results in an authenticate() call. SimpleAuthenticator then performs a "lookup" operation on the given dn. When the call reaches the ExceptionService, it calls assertHasEntry() on itself:
> line 372:
> if ( !nextInterceptor.hasEntry( dn ) )
> {
> LdapNameNotFoundException e = null;
> if ( msg != null )
> {
> e = new LdapNameNotFoundException( msg + dn );
> }
> else
> {
> e = new LdapNameNotFoundException( dn.toString() );
> }
> e.setResolvedName( proxy.getMatchedName( dn, false ) );
> throw e;
> }
> The hasEntry call here fails as expected. However, the subsequent call to getMatchedName results in another call through the interceptor stack, another authenticate(), another lookup from SimpleAuthenticator and then we're stuck.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Resolved: (DIRLDAP-79) Attempting to bind as non-existent
user causes infinite loop
Posted by "Emmanuel Lecharny (JIRA)" <di...@incubator.apache.org>.
[ http://issues.apache.org/jira/browse/DIRLDAP-79?page=all ]
Emmanuel Lecharny resolved DIRLDAP-79:
--------------------------------------
Resolution: Duplicate
see DIRLDAP-79
> Attempting to bind as non-existent user causes infinite loop
> ------------------------------------------------------------
>
> Key: DIRLDAP-79
> URL: http://issues.apache.org/jira/browse/DIRLDAP-79
> Project: Directory LDAP
> Type: Bug
> Reporter: Luke Taylor
>
> If the following test method is added to the end of SimpleAuthenticationTest in the core-tests module, the code goes into an infinite loop.
> public void test11NonExistentUser()
> {
> Hashtable env = new Hashtable( configuration.toJndiEnvironment() );
> env.put( Context.PROVIDER_URL, "ou=system" );
> env.put( Context.SECURITY_PRINCIPAL, "uid=idontexist,ou=users,ou=system" );
> env.put( Context.SECURITY_CREDENTIALS, "test" );
> env.put( Context.SECURITY_AUTHENTICATION, "simple" );
> env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.ldap.server.jndi.CoreContextFactory" );
> try {
> new InitialContext( env );
> fail("Authenticated as non-existent user");
> } catch(Exception expected) {
> }
> }
> Line 139 of org.apache.ldap.server.jndi.ServerContext is
> if ( ! nexusProxy.hasEntry( dn ) )
> {
> throw new NameNotFoundException( dn + " does not exist" );
> }
> But the call to hasEntry(dn) results in an authenticate() call. SimpleAuthenticator then performs a "lookup" operation on the given dn. When the call reaches the ExceptionService, it calls assertHasEntry() on itself:
> line 372:
> if ( !nextInterceptor.hasEntry( dn ) )
> {
> LdapNameNotFoundException e = null;
> if ( msg != null )
> {
> e = new LdapNameNotFoundException( msg + dn );
> }
> else
> {
> e = new LdapNameNotFoundException( dn.toString() );
> }
> e.setResolvedName( proxy.getMatchedName( dn, false ) );
> throw e;
> }
> The hasEntry call here fails as expected. However, the subsequent call to getMatchedName results in another call through the interceptor stack, another authenticate(), another lookup from SimpleAuthenticator and then we're stuck.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira