directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu (JIRA)" <j...@apache.org>
Subject [jira] Closed: (DIRSERVER-884) Authorization, Prescriptive ACI Bug - Server start fails on bad ACI Entry
Date Thu, 19 Apr 2007 23:25:15 GMT

     [ https://issues.apache.org/jira/browse/DIRSERVER-884?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Alex Karasulu closed DIRSERVER-884.
-----------------------------------

    Resolution: Fixed

Added fixes for 1.0.x with commit 530528:

    http://svn.apache.org/viewvc?view=rev&revision=530528

Here we simply catch the exception when parsing the malformed ACI and continue rather than
trying to generate tuples from it.

Added fixes for 1.5.x with commit 530588:

     http://svn.apache.org/viewvc?view=rev&revision=530588

This adds the same exception handling code when parsing ACI but the real jist of this
is already handle by elecharny's syntaxChecker additions to the server after the 1.5.0 release.
 It works as expected as confirmed with a test case.

Alex


> Authorization, Prescriptive ACI Bug - Server start fails on bad ACI Entry
> -------------------------------------------------------------------------
>
>                 Key: DIRSERVER-884
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-884
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 1.0.1, 1.5.0
>         Environment: Confirmed on Windows XP and Mac OSX 10.4.8
>            Reporter: Timothy Quinn
>         Assigned To: Alex Karasulu
>            Priority: Critical
>             Fix For: 1.5.1, 1.0.2
>
>
> :: Summary ::
> ApacheDS server fails to start when a Access Control Subentry exists that contains a
malformed prescriptiveACI. Just by simply removing a single brace from the ACI, the server
startup fails on validation of the entry.
> :: Steps To Reproduce ::
> 1) Installed fresh version of ApacheDS (ok)
> 2) Started Server (ok)
> 3) Connected to server using LDAP Studio (ok)
> 4) Added administrativeRole attribute to entry (ok)
> 5) Added a good ACI Entry (copied from working sever - ok)
> 6) Removed a curly brace from the prescriptiveaci attribute (ok)
> 7) Stopped and restarted server (barf)
> ... Server barfed out the error and server fails to start!:
> ~err_snip~
> TupleCache.subentryAdded - ACIItem parser failure on 'null'. Cannnot add ACITuples to
TupleCache.
> java.text.ParseException: Parser failure on ACIItem:
>         {
>     identificationTag "enableSearchForAllUsers",
>     precedence 14,
>     .... ~skipping aci details for lack of relevance to issue~ ...
> }
> Antlr exception trace:
> unexpected token: name
>         at org.apache.directory.shared.ldap.aci.ACIItemParser.parse(ACIItemParser.java:128)
>         at org.apache.directory.server.core.authz.TupleCache.subentryAdded(TupleCache.java:186)
>         at org.apache.directory.server.core.authz.TupleCache.initialize (TupleCache.java:139)
>         at org.apache.directory.server.core.authz.TupleCache.<init>(TupleCache.java:101)
> ~/err_snip~
> 8) Try turning off accessControlEnabled flag in config.xml (ok)
> 9) Try Starting the server (barf)
> ... This is the most intuitive step to fix it but did not help.
> ... Server will still not start up!
> :: Workaround Steps ::
> 1) Comment out Authorization bean entry in server.xml (ok)
> 2) Restarted server (ok (whew!))
> 3) Connect to and fix bad ACI Entry using LDAP Studio (ok)
> 4) Stop the server (ok)
> 5) Remove Comment of Authorization bean entry in server.xml (ok)
> 6) Restarted server (ok)
> ... YeeeHaaa - Server started without any problems =)
> Notes:
> - See ApacheDS March 2007 Users mailing list thread titled "[ApacheDS Authorization]
HELP - Server will no longer start"

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message