directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From akaras...@apache.org
Subject svn commit: r331254 - in /directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz: AuthorizationService.java TupleCache.java
Date Mon, 07 Nov 2005 10:41:55 GMT
Author: akarasulu
Date: Mon Nov  7 02:41:53 2005
New Revision: 331254

URL: http://svn.apache.org/viewcvs?rev=331254&view=rev
Log:
fixed bugs due to improper normalization of names in tuple cache

Modified:
    directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java
    directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/TupleCache.java

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java?rev=331254&r1=331253&r2=331254&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/AuthorizationService.java
Mon Nov  7 02:41:53 2005
@@ -559,7 +559,8 @@
         Attributes entry = proxy.lookup( name, DirectoryPartitionNexusProxy.LOOKUP_BYPASS
);
         LdapPrincipal user = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
 
-        if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) ||
! enabled )
+        if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) ||
! enabled
+                || name.toString().trim().equals( "" ) ) // no checks on the rootdse
         {
             return next.hasEntry( name );
         }
@@ -596,6 +597,12 @@
     private void checkLookupAccess( LdapPrincipal user, Name dn, Attributes entry )
             throws NamingException
     {
+        // no permissions checks on the RootDSE
+        if ( dn.toString().trim().equals( "" ) )
+        {
+            return;
+        }
+
         DirectoryPartitionNexusProxy proxy = InvocationStack.getInstance().peek().getProxy();
         Set userGroups = groupCache.getGroups( user.getName() );
         Collection tuples = new HashSet();
@@ -875,7 +882,9 @@
         ServerLdapContext ctx = ( ServerLdapContext ) invocation.getCaller();
         LdapPrincipal user = ctx.getPrincipal();
         NamingEnumeration e = next.search( base, env, filter, searchCtls );
-        if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) ||
! enabled )
+
+        boolean isRootDSELookup = base.size() == 0 && searchCtls.getSearchScope()
== SearchControls.OBJECT_SCOPE;
+        if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) ||
! enabled || isRootDSELookup )
         {
             return e;
         }

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/TupleCache.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/TupleCache.java?rev=331254&r1=331253&r2=331254&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/TupleCache.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authz/TupleCache.java
Mon Nov  7 02:41:53 2005
@@ -31,15 +31,17 @@
 
 import org.apache.ldap.common.aci.ACIItem;
 import org.apache.ldap.common.aci.ACIItemParser;
-import org.apache.ldap.common.exception.LdapInvalidAttributeValueException;
 import org.apache.ldap.common.exception.LdapSchemaViolationException;
 import org.apache.ldap.common.filter.ExprNode;
 import org.apache.ldap.common.filter.SimpleNode;
 import org.apache.ldap.common.message.ResultCodeEnum;
 import org.apache.ldap.common.name.LdapName;
+import org.apache.ldap.common.name.NameComponentNormalizer;
+import org.apache.ldap.common.name.DnParser;
 import org.apache.ldap.server.DirectoryServiceConfiguration;
 import org.apache.ldap.server.partition.DirectoryPartitionNexus;
 import org.apache.ldap.server.schema.ConcreteNameComponentNormalizer;
+import org.apache.ldap.server.schema.AttributeTypeRegistry;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -72,6 +74,8 @@
     private final DirectoryPartitionNexus nexus;
     /** a normalizing ACIItem parser */
     private final ACIItemParser aciParser;
+    /** a normalizing DN parser */
+    private final DnParser dnParser;
 
 
     /**
@@ -82,8 +86,10 @@
     public TupleCache( DirectoryServiceConfiguration factoryCfg ) throws NamingException
     {
         this.nexus = factoryCfg.getPartitionNexus();
-        aciParser = new ACIItemParser( new ConcreteNameComponentNormalizer(
-                factoryCfg.getGlobalRegistries().getAttributeTypeRegistry() ) );
+        AttributeTypeRegistry registry = factoryCfg.getGlobalRegistries().getAttributeTypeRegistry();
+        NameComponentNormalizer ncn = new ConcreteNameComponentNormalizer( registry );
+        aciParser = new ACIItemParser( ncn );
+        dnParser = new DnParser( ncn );
         env = ( Hashtable ) factoryCfg.getEnvironment().clone();
         initialize();
     }
@@ -114,7 +120,8 @@
                     continue;
                 }
 
-                subentryAdded( subentryDn, new LdapName( subentryDn ), result.getAttributes()
);
+                Name normName = dnParser.parse( subentryDn );
+                subentryAdded( subentryDn, normName, result.getAttributes() );
             }
             results.close();
         }



Mime
View raw message