Skip to content

Commit

Permalink
Expand tests and fix escaping issue when searching for users by filter
Browse files Browse the repository at this point in the history
  • Loading branch information
markt-asf committed Apr 13, 2021
1 parent 4e61e1d commit d5303a5
Show file tree
Hide file tree
Showing 2 changed files with 47 additions and 11 deletions.
6 changes: 5 additions & 1 deletion java/org/apache/catalina/realm/JNDIRealm.java
Original file line number Diff line number Diff line change
Expand Up @@ -1585,7 +1585,9 @@ protected User getUserBySearch(JNDIConnection connection, String username, Strin
}

// Form the search filter
String filter = connection.userSearchFormat.format(new String[] { username });
// Escape in case username contains a character with special meaning in
// a search filter.
String filter = connection.userSearchFormat.format(new String[] { doFilterEscaping(username) });

// Set up the search controls
SearchControls constraints = new SearchControls();
Expand Down Expand Up @@ -1753,6 +1755,8 @@ protected boolean bindAsUser(DirContext context, User user, String credentials)
return false;
}

// This is returned from the directory so will be attribute value
// escaped if required
String dn = user.getDN();
if (dn == null) {
return false;
Expand Down
52 changes: 42 additions & 10 deletions test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
Original file line number Diff line number Diff line change
Expand Up @@ -43,24 +43,42 @@
@RunWith(Parameterized.class)
public class TestJNDIRealmIntegration {

private static final String USER_PATTERN = "cn={0},ou=people,dc=example,dc=com";
private static final String USER_SEARCH = "cn={0}";
private static final String USER_BASE = "ou=people,dc=example,dc=com";

private static InMemoryDirectoryServer ldapServer;

@Parameterized.Parameters(name = "{index}: in[{0}], out[{1}]")
@Parameterized.Parameters(name = "{index}: user[{3}], pwd[{4}]")
public static Collection<Object[]> parameters() {
List<Object[]> parameterSets = new ArrayList<>();
addUsers(USER_PATTERN, null, null, parameterSets);
addUsers(null, USER_SEARCH, USER_BASE, parameterSets);
return parameterSets;
}

parameterSets.add(new Object[] { "test", "test", new String[] {"TestGroup"} });
parameterSets.add(new Object[] { "t;", "test", new String[] {"TestGroup"} });

return parameterSets;
private static void addUsers(String userPattern, String userSearch, String userBase, List<Object[]> parameterSets) {
parameterSets.add(new Object[] { userPattern, userSearch, userBase,
"test", "test", new String[] {"TestGroup"} });
parameterSets.add(new Object[] { userPattern, userSearch, userBase,
"t;", "test", new String[] {"TestGroup"} });
parameterSets.add(new Object[] { userPattern, userSearch, userBase,
"t*", "test", new String[] {"TestGroup"} });
}


@Parameter(0)
public String username;
public String realmConfigUserPattern;
@Parameter(1)
public String credentials;
public String realmConfigUserSearch;
@Parameter(2)
public String realmConfigUserBase;
@Parameter(3)
public String username;
@Parameter(4)
public String credentials;
@Parameter(5)
public String[] groups;

@Test
Expand All @@ -69,7 +87,9 @@ public void testAuthenication() throws Exception {
realm.containerLog = LogFactory.getLog(TestJNDIRealmIntegration.class);

realm.setConnectionURL("ldap://localhost:" + ldapServer.getListenPort());
realm.setUserPattern("cn={0},ou=people,dc=example,dc=com");
realm.setUserPattern(realmConfigUserPattern);
realm.setUserSearch(realmConfigUserSearch);
realm.setUserBase(realmConfigUserBase);
realm.setRoleName("cn");
realm.setRoleBase("ou=people,dc=example,dc=com");
realm.setRoleSearch("member={0}");
Expand Down Expand Up @@ -131,19 +151,31 @@ public static void createLDAP() throws Exception {
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"cn: test",
"sn: Test",
"cn: t\\;",
"sn: Tsemicolon",
"userPassword: test");
result = conn.processOperation(addUserTestSemicolon);
Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());

AddRequest addUserTestAsterisk = new AddRequest(
"dn: cn=t\\*,ou=people,dc=example,dc=com",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"cn: t\\*",
"sn: Tasterisk",
"userPassword: test");
result = conn.processOperation(addUserTestAsterisk);
Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());

AddRequest addGroupTest = new AddRequest(
"dn: cn=TestGroup,ou=people,dc=example,dc=com",
"objectClass: top",
"objectClass: groupOfNames",
"cn: TestGroup",
"member: cn=test,ou=people,dc=example,dc=com",
"member: cn=t\\;,ou=people,dc=example,dc=com");
"member: cn=t\\;,ou=people,dc=example,dc=com",
"member: cn=t\\*,ou=people,dc=example,dc=com");
result = conn.processOperation(addGroupTest);
Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());
}
Expand Down

0 comments on commit d5303a5

Please sign in to comment.