[tomcat] branch 7.0.x updated: BZ 64011: JNDIRealm no longer authenticates to LDAP

[michaelo]

This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/7.0.x by this push:
     new 6174d33  BZ 64011: JNDIRealm no longer authenticates to LDAP
6174d33 is described below

commit 6174d33d27ff8cdd0c203728c3a12fb079ef4eb2
Author: Michael Osipov <micha...@apache.org>
AuthorDate: Sat Jan 4 14:44:52 2020 +0100

    BZ 64011: JNDIRealm no longer authenticates to LDAP
---
 java/org/apache/catalina/realm/JNDIRealm.java | 17 +++++++++++++++++
 java/org/apache/catalina/realm/RealmBase.java |  3 ++-
 webapps/docs/changelog.xml                    |  4 ++++
 3 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/catalina/realm/JNDIRealm.java 
b/java/org/apache/catalina/realm/JNDIRealm.java
index aadbc0c..53df26a 100644
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -63,6 +63,7 @@ import javax.net.ssl.SSLSocketFactory;
 
 import org.apache.catalina.LifecycleException;
 import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSName;
 
 /**
  * <p>Implementation of <strong>Realm</strong> that works with a directory
@@ -2314,6 +2315,22 @@ public class JNDIRealm extends RealmBase {
     }
 
     @Override
+    protected Principal getPrincipal(GSSName gssName,
+            GSSCredential gssCredential) {
+        String name = gssName.toString();
+
+        if (isStripRealmForGss()) {
+            int i = name.indexOf('@');
+            if (i > 0) {
+                // Zero so we don't leave a zero length name
+                name = name.substring(0, i);
+            }
+        }
+
+        return getPrincipal(name, gssCredential);
+    }
+
+    @Override
     protected Principal getPrincipal(String username,
             GSSCredential gssCredential) {
 
diff --git a/java/org/apache/catalina/realm/RealmBase.java 
b/java/org/apache/catalina/realm/RealmBase.java
index ab89596..6601cf5 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -1410,7 +1410,8 @@ public abstract class RealmBase extends 
LifecycleMBeanBase implements GSSRealm {
      * @param gssCredential the GSS credential of the principal
      * @return the principal associated with the given user name.
      */
-    protected Principal getPrincipal(GSSName gssName, GSSCredential 
gssCredential) {
+    protected Principal getPrincipal(GSSName gssName,
+            GSSCredential gssCredential) {
         String name = gssName.toString();
 
         if (isStripRealmForGss()) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index e19e125..db2a11d 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -84,6 +84,10 @@
         from Tomcat 7.0.x some time after 2020-12-31. (markt)
       </scode>
       <fix>
+        <bug>64011</bug>: <code>JNDIRealm</code> no longer authenticates to 
LDAP.
+        (michaelo)
+      </fix>
+      <fix>
         <bug>64023</bug>: Skip null-valued session attributes when 
deserializing
         sessions. (schultz)
       </fix>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org