You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2021/04/13 14:23:28 UTC

[tomcat] 05/10: Expand tests and fix an issue in escaping for group search

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit b930d0b3161d9ec78d5fa57f886ed2de4680518b
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Apr 13 12:11:35 2021 +0100

    Expand tests and fix an issue in escaping for group search
---
 java/org/apache/catalina/realm/JNDIRealm.java      |  9 +++++++-
 .../catalina/realm/TestJNDIRealmIntegration.java   | 26 ++++++++++++++--------
 2 files changed, 25 insertions(+), 10 deletions(-)

diff --git a/java/org/apache/catalina/realm/JNDIRealm.java b/java/org/apache/catalina/realm/JNDIRealm.java
index ec36187..cdb9f9e 100644
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -1847,7 +1847,11 @@ public class JNDIRealm extends RealmBase {
             return null;
         }
 
+        // This is returned from the directory so will be attribute value
+        // escaped if required
         String dn = user.getDN();
+        // This is the name the user provided to the authentication process so
+        // it will not be escaped
         String username = user.getUserName();
         String userRoleId = user.getUserRoleId();
 
@@ -1880,7 +1884,10 @@ public class JNDIRealm extends RealmBase {
         }
 
         // Set up parameters for an appropriate search
-        String filter = connection.roleFormat.format(new String[] { doFilterEscaping(dn), username, userRoleId });
+        String filter = connection.roleFormat.format(new String[] {
+                doFilterEscaping(dn),
+                doFilterEscaping(doAttributeValueEscaping(username)),
+                userRoleId });
         SearchControls controls = new SearchControls();
         if (roleSubtree) {
             controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
diff --git a/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java b/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
index ef0cc35..3d9969e 100644
--- a/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
+++ b/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
@@ -46,24 +46,29 @@ public class TestJNDIRealmIntegration {
     private static final String USER_PATTERN = "cn={0},ou=people,dc=example,dc=com";
     private static final String USER_SEARCH = "cn={0}";
     private static final String USER_BASE = "ou=people,dc=example,dc=com";
+    private static final String ROLE_SEARCH_A = "member={0}";
+    private static final String ROLE_SEARCH_B = "member=cn={1},ou=people,dc=example,dc=com";
 
     private static InMemoryDirectoryServer ldapServer;
 
     @Parameterized.Parameters(name = "{index}: user[{3}], pwd[{4}]")
     public static Collection<Object[]> parameters() {
         List<Object[]> parameterSets = new ArrayList<>();
-        addUsers(USER_PATTERN, null, null, parameterSets);
-        addUsers(null, USER_SEARCH, USER_BASE, parameterSets);
+        for (String roleSearch : new String[] { ROLE_SEARCH_A, ROLE_SEARCH_B }) {
+            addUsers(USER_PATTERN, null, null, roleSearch, parameterSets);
+            addUsers(null, USER_SEARCH, USER_BASE, roleSearch, parameterSets);
+        }
         return parameterSets;
     }
 
 
-    private static void addUsers(String userPattern, String userSearch, String userBase, List<Object[]> parameterSets) {
-        parameterSets.add(new Object[] { userPattern, userSearch, userBase,
+    private static void addUsers(String userPattern, String userSearch, String userBase, String roleSearch,
+            List<Object[]> parameterSets) {
+        parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch,
                 "test", "test", new String[] {"TestGroup"} });
-        parameterSets.add(new Object[] { userPattern, userSearch, userBase,
+        parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch,
                 "t;", "test", new String[] {"TestGroup"} });
-        parameterSets.add(new Object[] { userPattern, userSearch, userBase,
+        parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch,
                 "t*", "test", new String[] {"TestGroup"} });
     }
 
@@ -75,10 +80,12 @@ public class TestJNDIRealmIntegration {
     @Parameter(2)
     public String realmConfigUserBase;
     @Parameter(3)
-    public String username;
+    public String realmConfigRoleSearch;
     @Parameter(4)
-    public String credentials;
+    public String username;
     @Parameter(5)
+    public String credentials;
+    @Parameter(6)
     public String[] groups;
 
     @Test
@@ -90,9 +97,10 @@ public class TestJNDIRealmIntegration {
         realm.setUserPattern(realmConfigUserPattern);
         realm.setUserSearch(realmConfigUserSearch);
         realm.setUserBase(realmConfigUserBase);
+        realm.setUserRoleAttribute("cn");
         realm.setRoleName("cn");
         realm.setRoleBase("ou=people,dc=example,dc=com");
-        realm.setRoleSearch("member={0}");
+        realm.setRoleSearch(realmConfigRoleSearch);
 
         GenericPrincipal p = (GenericPrincipal) realm.authenticate(username, credentials);
 

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org