You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by md...@apache.org on 2021/04/12 15:37:47 UTC
[lucene-solr] branch branch_8_8 updated: SOLR-15317 Handle spaces
in principal names
This is an automated email from the ASF dual-hosted git repository.
mdrob pushed a commit to branch branch_8_8
in repository https://gitbox.apache.org/repos/asf/lucene-solr.git
The following commit(s) were added to refs/heads/branch_8_8 by this push:
new d9ef567 SOLR-15317 Handle spaces in principal names
d9ef567 is described below
commit d9ef5670f4e389ce1de86c19f51c3fe95075b7f3
Author: Mike Drob <md...@apache.org>
AuthorDate: Thu Apr 8 16:03:41 2021 -0500
SOLR-15317 Handle spaces in principal names
---
solr/CHANGES.txt | 9 ++++++++-
.../org/apache/solr/security/PKIAuthenticationPlugin.java | 8 ++++----
.../apache/solr/security/TestPKIAuthenticationPlugin.java | 14 ++++++++------
3 files changed, 20 insertions(+), 11 deletions(-)
diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index 7a9bf53..2fe6fa7 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -4,13 +4,20 @@ This file lists Solr's raw release notes with details of every change to Solr.
Most people will find the solr-upgrade-notes.adoc file more approachable.
https://github.com/apache/lucene-solr/blob/master/solr/solr-ref-guide/src/solr-upgrade-notes.adoc
-================== 8.8.2 ==================
+================== 8.8.3 ==================
Consult the LUCENE_CHANGES.txt file for additional, low level, changes in this release.
Bug Fixes
---------------------
+* SOLR-15317: Correctly handle user principals with whitespace in PKIAuthPlugin (Dominik Dresel, Mike Drob)
+
+================== 8.8.2 ==================
+
+Bug Fixes
+---------------------
+
* SOLR-15249: Properly set ZK ACLs on /security.json (Mike Drob)
* SOLR-15288: Hardening NODEDOWN event in PRS collections (noble)
diff --git a/solr/core/src/java/org/apache/solr/security/PKIAuthenticationPlugin.java b/solr/core/src/java/org/apache/solr/security/PKIAuthenticationPlugin.java
index 4c35ff4..e5fd8a8 100644
--- a/solr/core/src/java/org/apache/solr/security/PKIAuthenticationPlugin.java
+++ b/solr/core/src/java/org/apache/solr/security/PKIAuthenticationPlugin.java
@@ -178,15 +178,15 @@ public class PKIAuthenticationPlugin extends AuthenticationPlugin implements Htt
return null;
}
String s = new String(bytes, UTF_8).trim();
- String[] ss = s.split(" ");
- if (ss.length < 2) {
+ int splitPoint = s.lastIndexOf(' ');
+ if (splitPoint == -1) {
log.warn("Invalid cipher {} deciphered data {}", cipher, s);
return null;
}
PKIHeaderData headerData = new PKIHeaderData();
try {
- headerData.timestamp = Long.parseLong(ss[1]);
- headerData.userName = ss[0];
+ headerData.timestamp = Long.parseLong(s.substring(splitPoint + 1));
+ headerData.userName = s.substring(0, splitPoint);
log.debug("Successfully decrypted header {} {}", headerData.userName, headerData.timestamp);
return headerData;
} catch (NumberFormatException e) {
diff --git a/solr/core/src/test/org/apache/solr/security/TestPKIAuthenticationPlugin.java b/solr/core/src/test/org/apache/solr/security/TestPKIAuthenticationPlugin.java
index 9cb9bb1..76498e4 100644
--- a/solr/core/src/test/org/apache/solr/security/TestPKIAuthenticationPlugin.java
+++ b/solr/core/src/test/org/apache/solr/security/TestPKIAuthenticationPlugin.java
@@ -67,6 +67,10 @@ public class TestPKIAuthenticationPlugin extends SolrTestCaseJ4 {
}
}
+ final AtomicReference<Header> header = new AtomicReference<>();
+ final AtomicReference<ServletRequest> wrappedRequestByFilter = new AtomicReference<>();
+ final FilterChain filterChain = (servletRequest, servletResponse) -> wrappedRequestByFilter.set(servletRequest);
+
public void test() throws Exception {
assumeWorkingMockito();
@@ -83,22 +87,20 @@ public class TestPKIAuthenticationPlugin extends SolrTestCaseJ4 {
PublicKey correctKey = CryptoKeys.deserializeX509PublicKey(mock.getPublicKey());
mock.remoteKeys.put(nodeName, correctKey);
- principal.set(new BasicUserPrincipal("solr"));
+ String username = "solr user"; // with spaces
+ principal.set(new BasicUserPrincipal(username));
mock.solrRequestInfo = new SolrRequestInfo(localSolrQueryRequest, new SolrQueryResponse());
BasicHttpRequest request = new BasicHttpRequest("GET", "http://localhost:56565");
mock.setHeader(request);
- final AtomicReference<Header> header = new AtomicReference<>();
header.set(request.getFirstHeader(PKIAuthenticationPlugin.HEADER));
assertNotNull(header.get());
assertTrue(header.get().getValue().startsWith(nodeName));
- final AtomicReference<ServletRequest> wrappedRequestByFilter = new AtomicReference<>();
HttpServletRequest mockReq = createMockRequest(header);
- FilterChain filterChain = (servletRequest, servletResponse) -> wrappedRequestByFilter.set(servletRequest);
mock.authenticate(mockReq, null, filterChain);
- assertNotNull(((HttpServletRequest) wrappedRequestByFilter.get()).getUserPrincipal());
assertNotNull(wrappedRequestByFilter.get());
- assertEquals("solr", ((HttpServletRequest) wrappedRequestByFilter.get()).getUserPrincipal().getName());
+ assertNotNull(((HttpServletRequest) wrappedRequestByFilter.get()).getUserPrincipal());
+ assertEquals(username, ((HttpServletRequest) wrappedRequestByFilter.get()).getUserPrincipal().getName());
//test 2
principal.set(null); // no user