[jira] Reopened: (DIRLDAP-79) Attempting to bind as non-existent user causes infinite loop

Thu, 19 Jan 2006 14:37:04 -0800 

     [ http://issues.apache.org/jira/browse/DIRLDAP-79?page=all ]
     
Emmanuel Lecharny reopened DIRLDAP-79:
--------------------------------------


bad link to DIRLDAP-86

> Attempting to bind as non-existent user causes infinite loop
> ------------------------------------------------------------
>
>          Key: DIRLDAP-79
>          URL: http://issues.apache.org/jira/browse/DIRLDAP-79
>      Project: Directory LDAP
>         Type: Bug
>     Reporter: Luke Taylor

>
> If the following test method is added to the end of SimpleAuthenticationTest 
> in the core-tests module, the code goes into an infinite loop.
>     public void test11NonExistentUser()
>     {
>         Hashtable env = new Hashtable( configuration.toJndiEnvironment() );
>         env.put( Context.PROVIDER_URL, "ou=system" );
>         env.put( Context.SECURITY_PRINCIPAL, 
> "uid=idontexist,ou=users,ou=system" );
>         env.put( Context.SECURITY_CREDENTIALS, "test" );
>         env.put( Context.SECURITY_AUTHENTICATION, "simple" );
>         env.put( Context.INITIAL_CONTEXT_FACTORY, 
> "org.apache.ldap.server.jndi.CoreContextFactory" );
>         try {
>             new InitialContext( env );
>             fail("Authenticated as non-existent user");
>         } catch(Exception expected) {
>         }
>     }
> Line 139 of org.apache.ldap.server.jndi.ServerContext is
>         if ( ! nexusProxy.hasEntry( dn ) )
>         {
>             throw new NameNotFoundException( dn + " does not exist" );
>         }
> But the call to hasEntry(dn) results in an authenticate() call. 
> SimpleAuthenticator then performs a "lookup" operation on the given dn. When 
> the call reaches the ExceptionService, it calls assertHasEntry() on itself:
> line 372:
>         if ( !nextInterceptor.hasEntry( dn ) )
>         {
>             LdapNameNotFoundException e = null;
>             if ( msg != null )
>             {
>                 e = new LdapNameNotFoundException( msg + dn );
>             }
>             else
>             {
>                 e = new LdapNameNotFoundException( dn.toString() );
>             }
>             e.setResolvedName( proxy.getMatchedName( dn, false ) );
>             throw e;
>         }
> The hasEntry call here fails as expected. However, the subsequent call to 
> getMatchedName results in another call through the interceptor stack, another 
> authenticate(), another lookup from SimpleAuthenticator and then we're stuck.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

Reply via email to