You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2021/04/13 14:23:30 UTC
[tomcat] 07/10: Expanded tests to cover nested roles and fix
escaping issues in search
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit bd4d1fbe9146dff4714130594afd668406a6a5ef
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Apr 13 12:54:24 2021 +0100
Expanded tests to cover nested roles and fix escaping issues in search
---
java/org/apache/catalina/realm/JNDIRealm.java | 9 ++++--
.../catalina/realm/TestJNDIRealmIntegration.java | 34 +++++++++++++++++++++-
2 files changed, 40 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/catalina/realm/JNDIRealm.java b/java/org/apache/catalina/realm/JNDIRealm.java
index 59a56d8..4f61ad6 100644
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -1961,8 +1961,13 @@ public class JNDIRealm extends RealmBase {
Map<String, String> newThisRound = new HashMap<>(); // Stores the groups we find in this iteration
for (Entry<String, String> group : newGroups.entrySet()) {
- filter = connection.roleFormat.format(new String[] { doFilterEscaping(group.getKey()),
- group.getValue(), group.getValue() });
+ // Group key is already value escaped if required
+ // Group value is not value escaped
+ // Everything needs to be filter escaped
+ filter = connection.roleFormat.format(new String[] {
+ doFilterEscaping(group.getKey()),
+ doFilterEscaping(doAttributeValueEscaping(group.getValue())),
+ doFilterEscaping(doAttributeValueEscaping(group.getValue())) });
if (containerLog.isTraceEnabled()) {
containerLog.trace("Perform a nested group search with base "+ roleBase +
diff --git a/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java b/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
index 8302e47..cf47369 100644
--- a/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
+++ b/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
@@ -52,7 +52,7 @@ public class TestJNDIRealmIntegration {
private static InMemoryDirectoryServer ldapServer;
- @Parameterized.Parameters(name = "{index}: user[{3}], pwd[{4}]")
+ @Parameterized.Parameters(name = "{index}: user[{4}], pwd[{5}]")
public static Collection<Object[]> parameters() {
List<Object[]> parameterSets = new ArrayList<>();
for (String roleSearch : new String[] { ROLE_SEARCH_A, ROLE_SEARCH_B, ROLE_SEARCH_C }) {
@@ -71,6 +71,8 @@ public class TestJNDIRealmIntegration {
"t;", "test", new String[] {"TestGroup"} });
parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch,
"t*", "test", new String[] {"TestGroup"} });
+ parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch,
+ "t=", "test", new String[] {"Test<Group*2", "Test>Group*3"} });
}
@@ -102,6 +104,7 @@ public class TestJNDIRealmIntegration {
realm.setRoleName("cn");
realm.setRoleBase("ou=people,dc=example,dc=com");
realm.setRoleSearch(realmConfigRoleSearch);
+ realm.setRoleNested(true);
GenericPrincipal p = (GenericPrincipal) realm.authenticate(username, credentials);
@@ -178,6 +181,17 @@ public class TestJNDIRealmIntegration {
result = conn.processOperation(addUserTestAsterisk);
Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());
+ AddRequest addUserTestEquals = new AddRequest(
+ "dn: cn=t\\=,ou=people,dc=example,dc=com",
+ "objectClass: top",
+ "objectClass: person",
+ "objectClass: organizationalPerson",
+ "cn: t=",
+ "sn: Tequals",
+ "userPassword: test");
+ result = conn.processOperation(addUserTestEquals);
+ Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());
+
AddRequest addGroupTest = new AddRequest(
"dn: cn=TestGroup,ou=people,dc=example,dc=com",
"objectClass: top",
@@ -188,6 +202,24 @@ public class TestJNDIRealmIntegration {
"member: cn=t\\*,ou=people,dc=example,dc=com");
result = conn.processOperation(addGroupTest);
Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());
+
+ AddRequest addGroupTest2 = new AddRequest(
+ "dn: cn=Test\\<Group*2,ou=people,dc=example,dc=com",
+ "objectClass: top",
+ "objectClass: groupOfNames",
+ "cn: Test<Group*2",
+ "member: cn=t\\=,ou=people,dc=example,dc=com");
+ result = conn.processOperation(addGroupTest2);
+ Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());
+
+ AddRequest addGroupTest3 = new AddRequest(
+ "dn: cn=Test\\>Group*3,ou=people,dc=example,dc=com",
+ "objectClass: top",
+ "objectClass: groupOfNames",
+ "cn: Test>Group*3",
+ "member: cn=Test\\<Group*2,ou=people,dc=example,dc=com");
+ result = conn.processOperation(addGroupTest3);
+ Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org