You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by "Emmanuel Lecharny (JIRA)" <di...@incubator.apache.org> on 2006/01/19 23:36:43 UTC

[jira] Reopened: (DIRLDAP-79) Attempting to bind as non-existent user causes infinite loop

     [ http://issues.apache.org/jira/browse/DIRLDAP-79?page=all ]
     
Emmanuel Lecharny reopened DIRLDAP-79:
--------------------------------------


bad link to DIRLDAP-86

> Attempting to bind as non-existent user causes infinite loop
> ------------------------------------------------------------
>
>          Key: DIRLDAP-79
>          URL: http://issues.apache.org/jira/browse/DIRLDAP-79
>      Project: Directory LDAP
>         Type: Bug
>     Reporter: Luke Taylor

>
> If the following test method is added to the end of SimpleAuthenticationTest in the core-tests module, the code goes into an infinite loop.
>     public void test11NonExistentUser()
>     {
>         Hashtable env = new Hashtable( configuration.toJndiEnvironment() );
>         env.put( Context.PROVIDER_URL, "ou=system" );
>         env.put( Context.SECURITY_PRINCIPAL, "uid=idontexist,ou=users,ou=system" );
>         env.put( Context.SECURITY_CREDENTIALS, "test" );
>         env.put( Context.SECURITY_AUTHENTICATION, "simple" );
>         env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.ldap.server.jndi.CoreContextFactory" );
>         try {
>             new InitialContext( env );
>             fail("Authenticated as non-existent user");
>         } catch(Exception expected) {
>         }
>     }
> Line 139 of org.apache.ldap.server.jndi.ServerContext is
>         if ( ! nexusProxy.hasEntry( dn ) )
>         {
>             throw new NameNotFoundException( dn + " does not exist" );
>         }
> But the call to hasEntry(dn) results in an authenticate() call. SimpleAuthenticator then performs a "lookup" operation on the given dn. When the call reaches the ExceptionService, it calls assertHasEntry() on itself:
> line 372:
>         if ( !nextInterceptor.hasEntry( dn ) )
>         {
>             LdapNameNotFoundException e = null;
>             if ( msg != null )
>             {
>                 e = new LdapNameNotFoundException( msg + dn );
>             }
>             else
>             {
>                 e = new LdapNameNotFoundException( dn.toString() );
>             }
>             e.setResolvedName( proxy.getMatchedName( dn, false ) );
>             throw e;
>         }
> The hasEntry call here fails as expected. However, the subsequent call to getMatchedName results in another call through the interceptor stack, another authenticate(), another lookup from SimpleAuthenticator and then we're stuck.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira