[tomcat] 07/10: Expanded tests to cover nested roles and fix escaping issues in search
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit d3407672774e372fae8b5898d55f85d16f22b972
Author: Mark Thomas
AuthorDate: Tue Apr 13 12:54:24 2021 +0100
Expanded tests to cover nested roles and fix escaping issues in search
---
java/org/apache/catalina/realm/JNDIRealm.java | 9 --
.../catalina/realm/TestJNDIRealmIntegration.java | 34 +-
2 files changed, 40 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/catalina/realm/JNDIRealm.java
b/java/org/apache/catalina/realm/JNDIRealm.java
index 7598539..437e9a9 100644
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -1969,8 +1969,13 @@ public class JNDIRealm extends RealmBase {
Map newThisRound = new HashMap<>(); // Stores
the groups we find in this iteration
for (Entry group : newGroups.entrySet()) {
-filter = connection.roleFormat.format(new String[] {
doFilterEscaping(group.getKey()),
-group.getValue(), group.getValue() });
+// Group key is already value escaped if required
+// Group value is not value escaped
+// Everything needs to be filter escaped
+filter = connection.roleFormat.format(new String[] {
+doFilterEscaping(group.getKey()),
+
doFilterEscaping(doAttributeValueEscaping(group.getValue())),
+
doFilterEscaping(doAttributeValueEscaping(group.getValue())) });
if (containerLog.isTraceEnabled()) {
containerLog.trace("Perform a nested group search with
base "+ roleBase +
diff --git a/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
b/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
index 8302e47..cf47369 100644
--- a/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
+++ b/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
@@ -52,7 +52,7 @@ public class TestJNDIRealmIntegration {
private static InMemoryDirectoryServer ldapServer;
-@Parameterized.Parameters(name = "{index}: user[{3}], pwd[{4}]")
+@Parameterized.Parameters(name = "{index}: user[{4}], pwd[{5}]")
public static Collection parameters() {
List parameterSets = new ArrayList<>();
for (String roleSearch : new String[] { ROLE_SEARCH_A, ROLE_SEARCH_B,
ROLE_SEARCH_C }) {
@@ -71,6 +71,8 @@ public class TestJNDIRealmIntegration {
"t;", "test", new String[] {"TestGroup"} });
parameterSets.add(new Object[] { userPattern, userSearch, userBase,
roleSearch,
"t*", "test", new String[] {"TestGroup"} });
+parameterSets.add(new Object[] { userPattern, userSearch, userBase,
roleSearch,
+"t=", "test", new String[] {"TestGroup*3"} });
}
@@ -102,6 +104,7 @@ public class TestJNDIRealmIntegration {
realm.setRoleName("cn");
realm.setRoleBase("ou=people,dc=example,dc=com");
realm.setRoleSearch(realmConfigRoleSearch);
+realm.setRoleNested(true);
GenericPrincipal p = (GenericPrincipal) realm.authenticate(username,
credentials);
@@ -178,6 +181,17 @@ public class TestJNDIRealmIntegration {
result = conn.processOperation(addUserTestAsterisk);
Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());
+AddRequest addUserTestEquals = new AddRequest(
+"dn: cn=t\\=,ou=people,dc=example,dc=com",
+"objectClass: top",
+"objectClass: person",
+"objectClass: organizationalPerson",
+"cn: t=",
+"sn: Tequals",
+"userPassword: test");
+result = conn.processOperation(addUserTestEquals);
+Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());
+
AddRequest addGroupTest = new AddRequest(
"dn: cn=TestGroup,ou=people,dc=example,dc=com",
"objectClass: top",
@@ -188,6 +202,24 @@ public class TestJNDIRealmIntegration {
"member: cn=t\\*,ou=people,dc=example,dc=com");
result = conn.processOperation(addGroupTest);
Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());
+
+AddRequest addGroupTest2 = new AddRequest(
+"dn: cn=Test\\Group*3,ou=people,dc=example,dc=com",
+"objectClass: top",
+"objectClass: groupOfNames",
+"cn: Test>Group*3",
+"member: cn=Test\\
[tomcat] 07/10: Expanded tests to cover nested roles and fix escaping issues in search
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit b5585a9e5d4fec020cc5ebadb82f899fae22bc43
Author: Mark Thomas
AuthorDate: Tue Apr 13 12:54:24 2021 +0100
Expanded tests to cover nested roles and fix escaping issues in search
---
java/org/apache/catalina/realm/JNDIRealm.java | 9 --
.../catalina/realm/TestJNDIRealmIntegration.java | 34 +-
2 files changed, 40 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/catalina/realm/JNDIRealm.java
b/java/org/apache/catalina/realm/JNDIRealm.java
index 3e494c1..1c11f8c 100644
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -1961,8 +1961,13 @@ public class JNDIRealm extends RealmBase {
Map newThisRound = new HashMap<>(); // Stores
the groups we find in this iteration
for (Entry group : newGroups.entrySet()) {
-filter = connection.roleFormat.format(new String[] {
doFilterEscaping(group.getKey()),
-group.getValue(), group.getValue() });
+// Group key is already value escaped if required
+// Group value is not value escaped
+// Everything needs to be filter escaped
+filter = connection.roleFormat.format(new String[] {
+doFilterEscaping(group.getKey()),
+
doFilterEscaping(doAttributeValueEscaping(group.getValue())),
+
doFilterEscaping(doAttributeValueEscaping(group.getValue())) });
if (containerLog.isTraceEnabled()) {
containerLog.trace("Perform a nested group search with
base "+ roleBase +
diff --git a/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
b/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
index 8302e47..cf47369 100644
--- a/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
+++ b/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
@@ -52,7 +52,7 @@ public class TestJNDIRealmIntegration {
private static InMemoryDirectoryServer ldapServer;
-@Parameterized.Parameters(name = "{index}: user[{3}], pwd[{4}]")
+@Parameterized.Parameters(name = "{index}: user[{4}], pwd[{5}]")
public static Collection parameters() {
List parameterSets = new ArrayList<>();
for (String roleSearch : new String[] { ROLE_SEARCH_A, ROLE_SEARCH_B,
ROLE_SEARCH_C }) {
@@ -71,6 +71,8 @@ public class TestJNDIRealmIntegration {
"t;", "test", new String[] {"TestGroup"} });
parameterSets.add(new Object[] { userPattern, userSearch, userBase,
roleSearch,
"t*", "test", new String[] {"TestGroup"} });
+parameterSets.add(new Object[] { userPattern, userSearch, userBase,
roleSearch,
+"t=", "test", new String[] {"TestGroup*3"} });
}
@@ -102,6 +104,7 @@ public class TestJNDIRealmIntegration {
realm.setRoleName("cn");
realm.setRoleBase("ou=people,dc=example,dc=com");
realm.setRoleSearch(realmConfigRoleSearch);
+realm.setRoleNested(true);
GenericPrincipal p = (GenericPrincipal) realm.authenticate(username,
credentials);
@@ -178,6 +181,17 @@ public class TestJNDIRealmIntegration {
result = conn.processOperation(addUserTestAsterisk);
Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());
+AddRequest addUserTestEquals = new AddRequest(
+"dn: cn=t\\=,ou=people,dc=example,dc=com",
+"objectClass: top",
+"objectClass: person",
+"objectClass: organizationalPerson",
+"cn: t=",
+"sn: Tequals",
+"userPassword: test");
+result = conn.processOperation(addUserTestEquals);
+Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());
+
AddRequest addGroupTest = new AddRequest(
"dn: cn=TestGroup,ou=people,dc=example,dc=com",
"objectClass: top",
@@ -188,6 +202,24 @@ public class TestJNDIRealmIntegration {
"member: cn=t\\*,ou=people,dc=example,dc=com");
result = conn.processOperation(addGroupTest);
Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());
+
+AddRequest addGroupTest2 = new AddRequest(
+"dn: cn=Test\\Group*3,ou=people,dc=example,dc=com",
+"objectClass: top",
+"objectClass: groupOfNames",
+"cn: Test>Group*3",
+"member: cn=Test\\
[tomcat] 07/10: Expanded tests to cover nested roles and fix escaping issues in search
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit bd4d1fbe9146dff4714130594afd668406a6a5ef
Author: Mark Thomas
AuthorDate: Tue Apr 13 12:54:24 2021 +0100
Expanded tests to cover nested roles and fix escaping issues in search
---
java/org/apache/catalina/realm/JNDIRealm.java | 9 --
.../catalina/realm/TestJNDIRealmIntegration.java | 34 +-
2 files changed, 40 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/catalina/realm/JNDIRealm.java
b/java/org/apache/catalina/realm/JNDIRealm.java
index 59a56d8..4f61ad6 100644
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -1961,8 +1961,13 @@ public class JNDIRealm extends RealmBase {
Map newThisRound = new HashMap<>(); // Stores
the groups we find in this iteration
for (Entry group : newGroups.entrySet()) {
-filter = connection.roleFormat.format(new String[] {
doFilterEscaping(group.getKey()),
-group.getValue(), group.getValue() });
+// Group key is already value escaped if required
+// Group value is not value escaped
+// Everything needs to be filter escaped
+filter = connection.roleFormat.format(new String[] {
+doFilterEscaping(group.getKey()),
+
doFilterEscaping(doAttributeValueEscaping(group.getValue())),
+
doFilterEscaping(doAttributeValueEscaping(group.getValue())) });
if (containerLog.isTraceEnabled()) {
containerLog.trace("Perform a nested group search with
base "+ roleBase +
diff --git a/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
b/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
index 8302e47..cf47369 100644
--- a/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
+++ b/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
@@ -52,7 +52,7 @@ public class TestJNDIRealmIntegration {
private static InMemoryDirectoryServer ldapServer;
-@Parameterized.Parameters(name = "{index}: user[{3}], pwd[{4}]")
+@Parameterized.Parameters(name = "{index}: user[{4}], pwd[{5}]")
public static Collection parameters() {
List parameterSets = new ArrayList<>();
for (String roleSearch : new String[] { ROLE_SEARCH_A, ROLE_SEARCH_B,
ROLE_SEARCH_C }) {
@@ -71,6 +71,8 @@ public class TestJNDIRealmIntegration {
"t;", "test", new String[] {"TestGroup"} });
parameterSets.add(new Object[] { userPattern, userSearch, userBase,
roleSearch,
"t*", "test", new String[] {"TestGroup"} });
+parameterSets.add(new Object[] { userPattern, userSearch, userBase,
roleSearch,
+"t=", "test", new String[] {"TestGroup*3"} });
}
@@ -102,6 +104,7 @@ public class TestJNDIRealmIntegration {
realm.setRoleName("cn");
realm.setRoleBase("ou=people,dc=example,dc=com");
realm.setRoleSearch(realmConfigRoleSearch);
+realm.setRoleNested(true);
GenericPrincipal p = (GenericPrincipal) realm.authenticate(username,
credentials);
@@ -178,6 +181,17 @@ public class TestJNDIRealmIntegration {
result = conn.processOperation(addUserTestAsterisk);
Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());
+AddRequest addUserTestEquals = new AddRequest(
+"dn: cn=t\\=,ou=people,dc=example,dc=com",
+"objectClass: top",
+"objectClass: person",
+"objectClass: organizationalPerson",
+"cn: t=",
+"sn: Tequals",
+"userPassword: test");
+result = conn.processOperation(addUserTestEquals);
+Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());
+
AddRequest addGroupTest = new AddRequest(
"dn: cn=TestGroup,ou=people,dc=example,dc=com",
"objectClass: top",
@@ -188,6 +202,24 @@ public class TestJNDIRealmIntegration {
"member: cn=t\\*,ou=people,dc=example,dc=com");
result = conn.processOperation(addGroupTest);
Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());
+
+AddRequest addGroupTest2 = new AddRequest(
+"dn: cn=Test\\Group*3,ou=people,dc=example,dc=com",
+"objectClass: top",
+"objectClass: groupOfNames",
+"cn: Test>Group*3",
+"member: cn=Test\\
