directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <j...@apache.org>
Subject [jira] Closed: (DIRSERVER-200) Attempting to bind as non-existent user causes infinite loop
Date Sat, 21 Apr 2007 11:22:15 GMT

     [ https://issues.apache.org/jira/browse/DIRSERVER-200?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Emmanuel Lecharny closed DIRSERVER-200.
---------------------------------------


Closing all issues created in 2005 and before which are marked resolved

> Attempting to bind as non-existent user causes infinite loop
> ------------------------------------------------------------
>
>                 Key: DIRSERVER-200
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-200
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: ldap
>    Affects Versions: pre-1.0
>            Reporter: Luke Taylor
>             Fix For: pre-1.0
>
>
> If the following test method is added to the end of SimpleAuthenticationTest in the core-tests
module, the code goes into an infinite loop.
>     public void test11NonExistentUser()
>     {
>         Hashtable env = new Hashtable( configuration.toJndiEnvironment() );
>         env.put( Context.PROVIDER_URL, "ou=system" );
>         env.put( Context.SECURITY_PRINCIPAL, "uid=idontexist,ou=users,ou=system" );
>         env.put( Context.SECURITY_CREDENTIALS, "test" );
>         env.put( Context.SECURITY_AUTHENTICATION, "simple" );
>         env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.ldap.server.jndi.CoreContextFactory"
);
>         try {
>             new InitialContext( env );
>             fail("Authenticated as non-existent user");
>         } catch(Exception expected) {
>         }
>     }
> Line 139 of org.apache.ldap.server.jndi.ServerContext is
>         if ( ! nexusProxy.hasEntry( dn ) )
>         {
>             throw new NameNotFoundException( dn + " does not exist" );
>         }
> But the call to hasEntry(dn) results in an authenticate() call. SimpleAuthenticator then
performs a "lookup" operation on the given dn. When the call reaches the ExceptionService,
it calls assertHasEntry() on itself:
> line 372:
>         if ( !nextInterceptor.hasEntry( dn ) )
>         {
>             LdapNameNotFoundException e = null;
>             if ( msg != null )
>             {
>                 e = new LdapNameNotFoundException( msg + dn );
>             }
>             else
>             {
>                 e = new LdapNameNotFoundException( dn.toString() );
>             }
>             e.setResolvedName( proxy.getMatchedName( dn, false ) );
>             throw e;
>         }
> The hasEntry call here fails as expected. However, the subsequent call to getMatchedName
results in another call through the interceptor stack, another authenticate(), another lookup
from SimpleAuthenticator and then we're stuck.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message