You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Emmanuel Lecharny (JIRA)" <ji...@apache.org> on 2007/04/21 13:22:15 UTC

[jira] Closed: (DIRSERVER-200) Attempting to bind as non-existent user causes infinite loop

     [ https://issues.apache.org/jira/browse/DIRSERVER-200?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Emmanuel Lecharny closed DIRSERVER-200.
---------------------------------------


Closing all issues created in 2005 and before which are marked resolved

> Attempting to bind as non-existent user causes infinite loop
> ------------------------------------------------------------
>
>                 Key: DIRSERVER-200
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-200
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: ldap
>    Affects Versions: pre-1.0
>            Reporter: Luke Taylor
>             Fix For: pre-1.0
>
>
> If the following test method is added to the end of SimpleAuthenticationTest in the core-tests module, the code goes into an infinite loop.
>     public void test11NonExistentUser()
>     {
>         Hashtable env = new Hashtable( configuration.toJndiEnvironment() );
>         env.put( Context.PROVIDER_URL, "ou=system" );
>         env.put( Context.SECURITY_PRINCIPAL, "uid=idontexist,ou=users,ou=system" );
>         env.put( Context.SECURITY_CREDENTIALS, "test" );
>         env.put( Context.SECURITY_AUTHENTICATION, "simple" );
>         env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.ldap.server.jndi.CoreContextFactory" );
>         try {
>             new InitialContext( env );
>             fail("Authenticated as non-existent user");
>         } catch(Exception expected) {
>         }
>     }
> Line 139 of org.apache.ldap.server.jndi.ServerContext is
>         if ( ! nexusProxy.hasEntry( dn ) )
>         {
>             throw new NameNotFoundException( dn + " does not exist" );
>         }
> But the call to hasEntry(dn) results in an authenticate() call. SimpleAuthenticator then performs a "lookup" operation on the given dn. When the call reaches the ExceptionService, it calls assertHasEntry() on itself:
> line 372:
>         if ( !nextInterceptor.hasEntry( dn ) )
>         {
>             LdapNameNotFoundException e = null;
>             if ( msg != null )
>             {
>                 e = new LdapNameNotFoundException( msg + dn );
>             }
>             else
>             {
>                 e = new LdapNameNotFoundException( dn.toString() );
>             }
>             e.setResolvedName( proxy.getMatchedName( dn, false ) );
>             throw e;
>         }
> The hasEntry call here fails as expected. However, the subsequent call to getMatchedName results in another call through the interceptor stack, another authenticate(), another lookup from SimpleAuthenticator and then we're stuck.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.