Expanded tests to cover nested roles and fix escaping issues in search · apache/tomcat@b5585a9 · GitHub
Skip to content

Commit

Permalink
Expanded tests to cover nested roles and fix escaping issues in search
Browse files Browse the repository at this point in the history
  • Loading branch information
markt-asf committed Apr 13, 2021
1 parent e500674 commit b5585a9
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 3 deletions.
9 changes: 7 additions & 2 deletions java/org/apache/catalina/realm/JNDIRealm.java
Original file line number Diff line number Diff line change
Expand Up @@ -1961,8 +1961,13 @@ protected List<String> getRoles(JNDIConnection connection, User user) throws Nam
Map<String, String> newThisRound = new HashMap<>(); // Stores the groups we find in this iteration

for (Entry<String, String> group : newGroups.entrySet()) {
filter = connection.roleFormat.format(new String[] { doFilterEscaping(group.getKey()),
group.getValue(), group.getValue() });
// Group key is already value escaped if required
// Group value is not value escaped
// Everything needs to be filter escaped
filter = connection.roleFormat.format(new String[] {
doFilterEscaping(group.getKey()),
doFilterEscaping(doAttributeValueEscaping(group.getValue())),
doFilterEscaping(doAttributeValueEscaping(group.getValue())) });

if (containerLog.isTraceEnabled()) {
containerLog.trace("Perform a nested group search with base "+ roleBase +
Expand Down
34 changes: 33 additions & 1 deletion test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ public class TestJNDIRealmIntegration {

private static InMemoryDirectoryServer ldapServer;

@Parameterized.Parameters(name = "{index}: user[{3}], pwd[{4}]")
@Parameterized.Parameters(name = "{index}: user[{4}], pwd[{5}]")
public static Collection<Object[]> parameters() {
List<Object[]> parameterSets = new ArrayList<>();
for (String roleSearch : new String[] { ROLE_SEARCH_A, ROLE_SEARCH_B, ROLE_SEARCH_C }) {
Expand All @@ -71,6 +71,8 @@ private static void addUsers(String userPattern, String userSearch, String userB
"t;", "test", new String[] {"TestGroup"} });
parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch,
"t*", "test", new String[] {"TestGroup"} });
parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch,
"t=", "test", new String[] {"Test<Group*2", "Test>Group*3"} });
}


Expand Down Expand Up @@ -102,6 +104,7 @@ public void testAuthenication() throws Exception {
realm.setRoleName("cn");
realm.setRoleBase("ou=people,dc=example,dc=com");
realm.setRoleSearch(realmConfigRoleSearch);
realm.setRoleNested(true);

GenericPrincipal p = (GenericPrincipal) realm.authenticate(username, credentials);

Expand Down Expand Up @@ -178,6 +181,17 @@ public static void createLDAP() throws Exception {
result = conn.processOperation(addUserTestAsterisk);
Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());

AddRequest addUserTestEquals = new AddRequest(
"dn: cn=t\\=,ou=people,dc=example,dc=com",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"cn: t=",
"sn: Tequals",
"userPassword: test");
result = conn.processOperation(addUserTestEquals);
Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());

AddRequest addGroupTest = new AddRequest(
"dn: cn=TestGroup,ou=people,dc=example,dc=com",
"objectClass: top",
Expand All @@ -188,6 +202,24 @@ public static void createLDAP() throws Exception {
"member: cn=t\\*,ou=people,dc=example,dc=com");
result = conn.processOperation(addGroupTest);
Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());

AddRequest addGroupTest2 = new AddRequest(
"dn: cn=Test\\<Group*2,ou=people,dc=example,dc=com",
"objectClass: top",
"objectClass: groupOfNames",
"cn: Test<Group*2",
"member: cn=t\\=,ou=people,dc=example,dc=com");
result = conn.processOperation(addGroupTest2);
Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());

AddRequest addGroupTest3 = new AddRequest(
"dn: cn=Test\\>Group*3,ou=people,dc=example,dc=com",
"objectClass: top",
"objectClass: groupOfNames",
"cn: Test>Group*3",
"member: cn=Test\\<Group*2,ou=people,dc=example,dc=com");
result = conn.processOperation(addGroupTest3);
Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());
}
}

Expand Down

0 comments on commit b5585a9

Please sign in to comment.