[jira] Closed: (DIRSERVER-200) Attempting to bind as non-existent user causes infinite loop

[Emmanuel Lecharny (JIRA)]

     [ 
https://issues.apache.org/jira/browse/DIRSERVER-200?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emmanuel Lecharny closed DIRSERVER-200.
---------------------------------------


Closing all issues created in 2005 and before which are marked resolved

> Attempting to bind as non-existent user causes infinite loop
> ------------------------------------------------------------
>
>                 Key: DIRSERVER-200
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-200
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: ldap
>    Affects Versions: pre-1.0
>            Reporter: Luke Taylor
>             Fix For: pre-1.0
>
>
> If the following test method is added to the end of SimpleAuthenticationTest 
> in the core-tests module, the code goes into an infinite loop.
>     public void test11NonExistentUser()
>     {
>         Hashtable env = new Hashtable( configuration.toJndiEnvironment() );
>         env.put( Context.PROVIDER_URL, "ou=system" );
>         env.put( Context.SECURITY_PRINCIPAL, 
> "uid=idontexist,ou=users,ou=system" );
>         env.put( Context.SECURITY_CREDENTIALS, "test" );
>         env.put( Context.SECURITY_AUTHENTICATION, "simple" );
>         env.put( Context.INITIAL_CONTEXT_FACTORY, 
> "org.apache.ldap.server.jndi.CoreContextFactory" );
>         try {
>             new InitialContext( env );
>             fail("Authenticated as non-existent user");
>         } catch(Exception expected) {
>         }
>     }
> Line 139 of org.apache.ldap.server.jndi.ServerContext is
>         if ( ! nexusProxy.hasEntry( dn ) )
>         {
>             throw new NameNotFoundException( dn + " does not exist" );
>         }
> But the call to hasEntry(dn) results in an authenticate() call. 
> SimpleAuthenticator then performs a "lookup" operation on the given dn. When 
> the call reaches the ExceptionService, it calls assertHasEntry() on itself:
> line 372:
>         if ( !nextInterceptor.hasEntry( dn ) )
>         {
>             LdapNameNotFoundException e = null;
>             if ( msg != null )
>             {
>                 e = new LdapNameNotFoundException( msg + dn );
>             }
>             else
>             {
>                 e = new LdapNameNotFoundException( dn.toString() );
>             }
>             e.setResolvedName( proxy.getMatchedName( dn, false ) );
>             throw e;
>         }
> The hasEntry call here fails as expected. However, the subsequent call to 
> getMatchedName results in another call through the interceptor stack, another 
> authenticate(), another lookup from SimpleAuthenticator and then we're stuck.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.