funkman 2003/12/12 13:31:56
Modified: catalina/src/share/org/apache/catalina/realm JNDIRealm.java
catalina/src/test/org/apache/catalina/realm
JNDIRealmTestCase.java
Log:
BZ 23190 16541
Make JNDIRealm escape search filters
Patch by Jeff Tulley jtulley AT novell dot com
Revision Changes Path
1.16 +51 -4
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
Index: JNDIRealm.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- JNDIRealm.java 4 Sep 2003 19:59:47 -0000 1.15
+++ JNDIRealm.java 12 Dec 2003 21:31:56 -0000 1.16
@@ -90,6 +90,7 @@
import org.apache.catalina.util.StringManager;
import org.apache.catalina.util.Base64;
+
/**
* <p>Implementation of <strong>Realm</strong> that works with a directory
* server accessed via the Java Naming and Directory Interface (JNDI) APIs.
@@ -1340,6 +1341,7 @@
// Set up parameters for an appropriate search
String filter = roleFormat.format(new String[] { dn, username });
+ filter = doRFC2254Encoding(filter);
SearchControls controls = new SearchControls();
if (roleSubtree)
controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
@@ -1671,6 +1673,51 @@
return null;
}
+
+
+ /**
+ * Given an LDAP search string, returns the string with certain characters
+ * escaped according to RFC 2254 guidelines.
+ * The character mapping is as follows:
+ * char -> Replacement
+ * ---------------------------
+ * * -> \2a
+ * ( -> \28
+ * ) -> \29
+ * \ -> \5c
+ * \0 -> \00
+ * @param inString string to escape according to RFC 2254 guidelines
+ * @return
+ */
+ protected String doRFC2254Encoding(String inString) {
+ StringBuffer buf = new StringBuffer(inString.length());
+ for (int i = 0; i < inString.length(); i++) {
+ char c = inString.charAt(i);
+ switch (c) {
+ case '\\':
+ buf.append("\\5c");
+ break;
+ case '*':
+ buf.append("\\2a");
+ break;
+ case '(':
+ buf.append("\\28");
+ break;
+ case ')':
+ buf.append("\\29");
+ break;
+ case '\0':
+ buf.append("\\00");
+ break;
+ default:
+ buf.append(c);
+ break;
+ }
+ }
+ return buf.toString();
+ }
+
+
}
// ------------------------------------------------------ Private Classes
1.2 +69 -2
jakarta-tomcat-4.0/catalina/src/test/org/apache/catalina/realm/JNDIRealmTestCase.java
Index: JNDIRealmTestCase.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/test/org/apache/catalina/realm/JNDIRealmTestCase.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- JNDIRealmTestCase.java 4 Sep 2003 19:59:47 -0000 1.1
+++ JNDIRealmTestCase.java 12 Dec 2003 21:31:56 -0000 1.2
@@ -247,6 +247,73 @@
assertStringArraysEquals(expected, actual);
}
+
+ public void testRFC2254EncodingEmptyString() {
+ JNDIRealm realm = new JNDIRealm();
+ String actual = realm.doRFC2254Encoding("");
+ Assert.assertEquals("empty", "", actual);
+ }
+
+ public void testRFC2254EncodingNoChange() {
+ JNDIRealm realm = new JNDIRealm();
+ String actual = realm.doRFC2254Encoding("cn=aname,o=acontext");
+ Assert.assertEquals("no change", "cn=aname,o=acontext", actual);
+ }
+
+ public void testRFC2254EncodingAsterisk() {
+ JNDIRealm realm = new JNDIRealm();
+ String actual = realm.doRFC2254Encoding("cn=some*name,o=somecontext");
+ Assert.assertEquals("asterisk", "cn=some\\2aname,o=somecontext", actual);
+ }
+
+ public void testRFC2254EncodingAsteriskAtEnd() {
+ JNDIRealm realm = new JNDIRealm();
+ String actual = realm.doRFC2254Encoding("cn=somename,o=somecontext*");
+ Assert.assertEquals("asterisk", "cn=somename,o=somecontext\\2a", actual);
+ }
+
+ public void testRFC2254EncodingAsteriskAtBeginning() {
+ JNDIRealm realm = new JNDIRealm();
+ String actual = realm.doRFC2254Encoding("cn=*somename,o=somecontext");
+ Assert.assertEquals("asterisk", "cn=\\2asomename,o=somecontext", actual);
+ }
+
+ public void testRFC2254EncodingOpenParen() {
+ JNDIRealm realm = new JNDIRealm();
+ String actual = realm.doRFC2254Encoding("cn=somena(me,o=somecontext");
+ Assert.assertEquals("asterisk", "cn=somena\\28me,o=somecontext", actual);
+ }
+
+ public void testRFC2254EncodingCloseParen() {
+ JNDIRealm realm = new JNDIRealm();
+ String actual = realm.doRFC2254Encoding("cn=somename,o=some)context");
+ Assert.assertEquals("asterisk", "cn=somename,o=some\\29context", actual);
+ }
+
+ public void testRFC2254EncodingSlash() {
+ JNDIRealm realm = new JNDIRealm();
+ String actual = realm.doRFC2254Encoding("cn=s\\omename,o=somecontext");
+ Assert.assertEquals("asterisk", "cn=s\\5comename,o=somecontext", actual);
+ }
+
+ public void testRFC2254EncodingNul() {
+ JNDIRealm realm = new JNDIRealm();
+ String actual = realm.doRFC2254Encoding("cn=so\0mename,o=somecontext");
+ Assert.assertEquals("asterisk", "cn=so\\00mename,o=somecontext", actual);
+ }
+
+ public void testRFC2254EncodingTwoCharsInARow() {
+ JNDIRealm realm = new JNDIRealm();
+ String actual = realm.doRFC2254Encoding("cn=so\\\\mename,o=somecontext");
+ Assert.assertEquals("asterisk", "cn=so\\5c\\5cmename,o=somecontext",
actual);
+ }
+
+ public void testRFC2254EncodingAllEncodedChars() {
+ JNDIRealm realm = new JNDIRealm();
+ String actual =
realm.doRFC2254Encoding("cn=so\\*()\0\\mename,o=somecontext");
+ Assert.assertEquals("asterisk",
"cn=so\\5c\\2a\\28\\29\\00\\5cmename,o=somecontext", actual);
+ }
+
public void assertStringArraysEquals(String[] expected, String[] actual) {
Assert.assertTrue("not null", actual != null);
Assert.assertEquals("array count is wrong", expected.length, actual.length);
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
