[tomcat] 08/10: Expand testing to cover substitution in roleBase. Fix bugs.

Tue, 13 Apr 2021 07:23:40 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 81f16b0a7186ed02efbfac336589d6cff28d1e89
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Apr 13 14:47:07 2021 +0100

    Expand testing to cover substitution in roleBase. Fix bugs.
    
    The code incorrectly referred to the original roleBase rather than the
    local version that includes the substituted value(s).
---
 java/org/apache/catalina/realm/JNDIRealm.java      |  4 +-
 .../catalina/realm/TestJNDIRealmIntegration.java   | 56 +++++++++++++++++-----
 2 files changed, 46 insertions(+), 14 deletions(-)

diff --git a/java/org/apache/catalina/realm/JNDIRealm.java 
b/java/org/apache/catalina/realm/JNDIRealm.java
index 4f61ad6..43e9ca8 100644
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -1927,7 +1927,7 @@ public class JNDIRealm extends RealmBase {
                 if (attrs == null) {
                     continue;
                 }
-                String dname = getDistinguishedName(connection.context, 
roleBase, result);
+                String dname = getDistinguishedName(connection.context, base, 
result);
                 String name = getAttributeValue(roleName, attrs);
                 if (name != null && dname != null) {
                     groupMap.put(dname, name);
@@ -1974,7 +1974,7 @@ public class JNDIRealm extends RealmBase {
                                 " and filter " + filter);
                     }
 
-                    results = searchAsUser(connection.context, user, roleBase, 
filter, controls, isRoleSearchAsUser());
+                    results = searchAsUser(connection.context, user, base, 
filter, controls, isRoleSearchAsUser());
 
                     try {
                         while (results.hasMore()) {
diff --git a/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java 
b/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
index cf47369..d019fc0 100644
--- a/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
+++ b/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
@@ -49,29 +49,32 @@ public class TestJNDIRealmIntegration {
     private static final String ROLE_SEARCH_A = "member={0}";
     private static final String ROLE_SEARCH_B = 
"member=cn={1},ou=people,dc=example,dc=com";
     private static final String ROLE_SEARCH_C = 
"member=cn={2},ou=people,dc=example,dc=com";
+    private static final String ROLE_BASE = "ou=people,dc=example,dc=com";
 
     private static InMemoryDirectoryServer ldapServer;
 
-    @Parameterized.Parameters(name = "{index}: user[{4}], pwd[{5}]")
+    @Parameterized.Parameters(name = "{index}: user[{5}], pwd[{6}]")
     public static Collection<Object[]> parameters() {
         List<Object[]> parameterSets = new ArrayList<>();
         for (String roleSearch : new String[] { ROLE_SEARCH_A, ROLE_SEARCH_B, 
ROLE_SEARCH_C }) {
-            addUsers(USER_PATTERN, null, null, roleSearch, parameterSets);
-            addUsers(null, USER_SEARCH, USER_BASE, roleSearch, parameterSets);
+            addUsers(USER_PATTERN, null, null, roleSearch, ROLE_BASE, 
parameterSets);
+            addUsers(null, USER_SEARCH, USER_BASE, roleSearch, ROLE_BASE, 
parameterSets);
         }
+        parameterSets.add(new Object[] { 
"cn={0},ou=sub,ou=people,dc=example,dc=com", null, null, ROLE_SEARCH_A,
+                "{3},ou=people,dc=example,dc=com", "testsub", "test", new 
String[] {"TestGroup4"} });
         return parameterSets;
     }
 
 
     private static void addUsers(String userPattern, String userSearch, String 
userBase, String roleSearch,
-            List<Object[]> parameterSets) {
-        parameterSets.add(new Object[] { userPattern, userSearch, userBase, 
roleSearch,
+            String roleBase, List<Object[]> parameterSets) {
+        parameterSets.add(new Object[] { userPattern, userSearch, userBase, 
roleSearch, roleBase,
                 "test", "test", new String[] {"TestGroup"} });
-        parameterSets.add(new Object[] { userPattern, userSearch, userBase, 
roleSearch,
+        parameterSets.add(new Object[] { userPattern, userSearch, userBase, 
roleSearch, roleBase,
                 "t;", "test", new String[] {"TestGroup"} });
-        parameterSets.add(new Object[] { userPattern, userSearch, userBase, 
roleSearch,
+        parameterSets.add(new Object[] { userPattern, userSearch, userBase, 
roleSearch, roleBase,
                 "t*", "test", new String[] {"TestGroup"} });
-        parameterSets.add(new Object[] { userPattern, userSearch, userBase, 
roleSearch,
+        parameterSets.add(new Object[] { userPattern, userSearch, userBase, 
roleSearch, roleBase,
                 "t=", "test", new String[] {"Test<Group*2", "Test>Group*3"} });
     }
 
@@ -85,10 +88,12 @@ public class TestJNDIRealmIntegration {
     @Parameter(3)
     public String realmConfigRoleSearch;
     @Parameter(4)
-    public String username;
+    public String realmConfigRoleBase;
     @Parameter(5)
-    public String credentials;
+    public String username;
     @Parameter(6)
+    public String credentials;
+    @Parameter(7)
     public String[] groups;
 
     @Test
@@ -102,7 +107,7 @@ public class TestJNDIRealmIntegration {
         realm.setUserBase(realmConfigUserBase);
         realm.setUserRoleAttribute("cn");
         realm.setRoleName("cn");
-        realm.setRoleBase("ou=people,dc=example,dc=com");
+        realm.setRoleBase(realmConfigRoleBase);
         realm.setRoleSearch(realmConfigRoleSearch);
         realm.setRoleNested(true);
 
@@ -171,7 +176,7 @@ public class TestJNDIRealmIntegration {
             Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());
 
             AddRequest addUserTestAsterisk = new AddRequest(
-                    "dn: cn=t\\*,ou=people,dc=example,dc=com",
+                    "dn: cn=t*,ou=people,dc=example,dc=com",
                     "objectClass: top",
                     "objectClass: person",
                     "objectClass: organizationalPerson",
@@ -220,6 +225,33 @@ public class TestJNDIRealmIntegration {
                     "member: cn=Test\\<Group*2,ou=people,dc=example,dc=com");
             result = conn.processOperation(addGroupTest3);
             Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());
+
+            AddRequest addPeopleSub = new AddRequest(
+                    "dn: ou=sub,ou=people,dc=example,dc=com",
+                    "objectClass: top",
+                    "objectClass: organizationalUnit");
+            result = conn.processOperation(addPeopleSub);
+            Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());
+
+            AddRequest addUserTestSub = new AddRequest(
+                    "dn: cn=testsub,ou=sub,ou=people,dc=example,dc=com",
+                    "objectClass: top",
+                    "objectClass: person",
+                    "objectClass: organizationalPerson",
+                    "cn: testsub",
+                    "sn: Testsub",
+                    "userPassword: test");
+            result = conn.processOperation(addUserTestSub);
+            Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());
+
+            AddRequest addGroupTest4 = new AddRequest(
+                    "dn: cn=TestGroup4,ou=sub,ou=people,dc=example,dc=com",
+                    "objectClass: top",
+                    "objectClass: groupOfNames",
+                    "cn: TestGroup4",
+                    "member: cn=testsub,ou=sub,ou=people,dc=example,dc=com");
+            result = conn.processOperation(addGroupTest4);
+            Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());
         }
     }
 

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to