directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <directory-...@incubator.apache.org>
Subject [jira] Resolved: (DIRLDAP-79) Attempting to bind as non-existent user causes infinite loop
Date Thu, 19 Jan 2006 22:34:42 GMT
     [ http://issues.apache.org/jira/browse/DIRLDAP-79?page=all ]
     
Emmanuel Lecharny resolved DIRLDAP-79:
--------------------------------------

    Resolution: Duplicate

see DIRLDAP-79

> Attempting to bind as non-existent user causes infinite loop
> ------------------------------------------------------------
>
>          Key: DIRLDAP-79
>          URL: http://issues.apache.org/jira/browse/DIRLDAP-79
>      Project: Directory LDAP
>         Type: Bug
>     Reporter: Luke Taylor

>
> If the following test method is added to the end of SimpleAuthenticationTest in the core-tests
module, the code goes into an infinite loop.
>     public void test11NonExistentUser()
>     {
>         Hashtable env = new Hashtable( configuration.toJndiEnvironment() );
>         env.put( Context.PROVIDER_URL, "ou=system" );
>         env.put( Context.SECURITY_PRINCIPAL, "uid=idontexist,ou=users,ou=system" );
>         env.put( Context.SECURITY_CREDENTIALS, "test" );
>         env.put( Context.SECURITY_AUTHENTICATION, "simple" );
>         env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.ldap.server.jndi.CoreContextFactory"
);
>         try {
>             new InitialContext( env );
>             fail("Authenticated as non-existent user");
>         } catch(Exception expected) {
>         }
>     }
> Line 139 of org.apache.ldap.server.jndi.ServerContext is
>         if ( ! nexusProxy.hasEntry( dn ) )
>         {
>             throw new NameNotFoundException( dn + " does not exist" );
>         }
> But the call to hasEntry(dn) results in an authenticate() call. SimpleAuthenticator then
performs a "lookup" operation on the given dn. When the call reaches the ExceptionService,
it calls assertHasEntry() on itself:
> line 372:
>         if ( !nextInterceptor.hasEntry( dn ) )
>         {
>             LdapNameNotFoundException e = null;
>             if ( msg != null )
>             {
>                 e = new LdapNameNotFoundException( msg + dn );
>             }
>             else
>             {
>                 e = new LdapNameNotFoundException( dn.toString() );
>             }
>             e.setResolvedName( proxy.getMatchedName( dn, false ) );
>             throw e;
>         }
> The hasEntry call here fails as expected. However, the subsequent call to getMatchedName
results in another call through the interceptor stack, another authenticate(), another lookup
from SimpleAuthenticator and then we're stuck.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message