directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Luke Taylor (JIRA)" <directory-...@incubator.apache.org>
Subject [jira] Created: (DIRLDAP-79) Attempting to bind as non-existent user causes infinite loop
Date Thu, 08 Dec 2005 19:01:10 GMT
Attempting to bind as non-existent user causes infinite loop
------------------------------------------------------------

         Key: DIRLDAP-79
         URL: http://issues.apache.org/jira/browse/DIRLDAP-79
     Project: Directory LDAP
        Type: Bug
    Reporter: Luke Taylor


If the following test method is added to the end of SimpleAuthenticationTest in the core-tests
module, the code goes into an infinite loop.

    public void test11NonExistentUser()
    {
        Hashtable env = new Hashtable( configuration.toJndiEnvironment() );
        env.put( Context.PROVIDER_URL, "ou=system" );
        env.put( Context.SECURITY_PRINCIPAL, "uid=idontexist,ou=users,ou=system" );
        env.put( Context.SECURITY_CREDENTIALS, "test" );
        env.put( Context.SECURITY_AUTHENTICATION, "simple" );
        env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.ldap.server.jndi.CoreContextFactory"
);
        try {
            new InitialContext( env );
            fail("Authenticated as non-existent user");
        } catch(Exception expected) {
        }
    }

Line 139 of org.apache.ldap.server.jndi.ServerContext is

        if ( ! nexusProxy.hasEntry( dn ) )
        {
            throw new NameNotFoundException( dn + " does not exist" );
        }

But the call to hasEntry(dn) results in an authenticate() call. SimpleAuthenticator then performs
a "lookup" operation on the given dn. When the call reaches the ExceptionService, it calls
assertHasEntry() on itself:

line 372:
        if ( !nextInterceptor.hasEntry( dn ) )
        {
            LdapNameNotFoundException e = null;

            if ( msg != null )
            {
                e = new LdapNameNotFoundException( msg + dn );
            }
            else
            {
                e = new LdapNameNotFoundException( dn.toString() );
            }

            e.setResolvedName( proxy.getMatchedName( dn, false ) );
            throw e;
        }

The hasEntry call here fails as expected. However, the subsequent call to getMatchedName results
in another call through the interceptor stack, another authenticate(), another lookup from
SimpleAuthenticator and then we're stuck.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message