f640109f9b
- Fix NPE in JNDIRealm, when userRoleAttribute is not set (bsc#1193569) - Added patch: * tomcat-9.0-NPE-JNDIRealm.patch OBS-URL: https://build.opensuse.org/request/show/939130 OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=230
124 lines
6.5 KiB
Diff
124 lines
6.5 KiB
Diff
Index: apache-tomcat-9.0.43-src/java/org/apache/catalina/realm/JNDIRealm.java
|
|
===================================================================
|
|
--- apache-tomcat-9.0.43-src.orig/java/org/apache/catalina/realm/JNDIRealm.java
|
|
+++ apache-tomcat-9.0.43-src/java/org/apache/catalina/realm/JNDIRealm.java
|
|
@@ -2805,6 +2805,9 @@ public class JNDIRealm extends RealmBase
|
|
* @return String the escaped/encoded result
|
|
*/
|
|
protected String doFilterEscaping(String inString) {
|
|
+ if (inString == null) {
|
|
+ return null;
|
|
+ }
|
|
StringBuilder buf = new StringBuilder(inString.length());
|
|
for (int i = 0; i < inString.length(); i++) {
|
|
char c = inString.charAt(i);
|
|
@@ -2897,6 +2900,9 @@ public class JNDIRealm extends RealmBase
|
|
* @return The string representation of the attribute value
|
|
*/
|
|
protected String doAttributeValueEscaping(String input) {
|
|
+ if (input == null) {
|
|
+ return null;
|
|
+ }
|
|
int len = input.length();
|
|
StringBuilder result = new StringBuilder();
|
|
|
|
Index: apache-tomcat-9.0.43-src/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
|
|
===================================================================
|
|
--- apache-tomcat-9.0.43-src.orig/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
|
|
+++ apache-tomcat-9.0.43-src/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
|
|
@@ -56,26 +56,33 @@ public class TestJNDIRealmIntegration {
|
|
@Parameterized.Parameters(name = "{index}: user[{5}], pwd[{6}]")
|
|
public static Collection<Object[]> parameters() {
|
|
List<Object[]> parameterSets = new ArrayList<>();
|
|
- for (String roleSearch : new String[] { ROLE_SEARCH_A, ROLE_SEARCH_B, ROLE_SEARCH_C }) {
|
|
- addUsers(USER_PATTERN, null, null, roleSearch, ROLE_BASE, parameterSets);
|
|
- addUsers(null, USER_SEARCH, USER_BASE, roleSearch, ROLE_BASE, parameterSets);
|
|
+ for (String userRoleAttribute : new String[] { "cn", null }) {
|
|
+ for (String roleSearch : new String[] { ROLE_SEARCH_A, ROLE_SEARCH_B, ROLE_SEARCH_C }) {
|
|
+ if (userRoleAttribute != null) {
|
|
+ addUsers(USER_PATTERN, null, null, roleSearch, ROLE_BASE, userRoleAttribute, parameterSets);
|
|
+ addUsers(null, USER_SEARCH, USER_BASE, roleSearch, ROLE_BASE, userRoleAttribute, parameterSets);
|
|
+ }
|
|
+ }
|
|
+ parameterSets.add(new Object[] { "cn={0},ou=s\\;ub,ou=people,dc=example,dc=com", null, null, ROLE_SEARCH_A,
|
|
+ "{3},ou=people,dc=example,dc=com", "testsub", "test", new String[] { "TestGroup4" },
|
|
+ userRoleAttribute });
|
|
}
|
|
- parameterSets.add(new Object[] { "cn={0},ou=s\\;ub,ou=people,dc=example,dc=com", null, null, ROLE_SEARCH_A,
|
|
- "{3},ou=people,dc=example,dc=com", "testsub", "test", new String[] {"TestGroup4"} });
|
|
return parameterSets;
|
|
}
|
|
|
|
|
|
private static void addUsers(String userPattern, String userSearch, String userBase, String roleSearch,
|
|
- String roleBase, List<Object[]> parameterSets) {
|
|
+ String roleBase, String userRoleAttribute, List<Object[]> parameterSets) {
|
|
parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch, roleBase,
|
|
- "test", "test", new String[] {"TestGroup"} });
|
|
+ "test", "test", new String[] {"TestGroup"}, userRoleAttribute });
|
|
parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch, roleBase,
|
|
- "t;", "test", new String[] {"TestGroup"} });
|
|
+ "t;", "test", new String[] {"TestGroup"}, userRoleAttribute });
|
|
parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch, roleBase,
|
|
- "t*", "test", new String[] {"TestGroup"} });
|
|
+ "t*", "test", new String[] {"TestGroup"}, userRoleAttribute });
|
|
parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch, roleBase,
|
|
- "t=", "test", new String[] {"Test<Group*2", "Test>Group*3"} });
|
|
+ "t=", "test", new String[] {"Test<Group*2", "Test>Group*3"}, userRoleAttribute });
|
|
+ parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch, roleBase,
|
|
+ "norole", "test", new String[0], userRoleAttribute });
|
|
}
|
|
|
|
|
|
@@ -95,6 +102,8 @@ public class TestJNDIRealmIntegration {
|
|
public String credentials;
|
|
@Parameter(7)
|
|
public String[] groups;
|
|
+ @Parameter(8)
|
|
+ public String realmConfigUserRoleAttribute;
|
|
|
|
@Test
|
|
public void testAuthenication() throws Exception {
|
|
@@ -105,7 +114,7 @@ public class TestJNDIRealmIntegration {
|
|
realm.setUserPattern(realmConfigUserPattern);
|
|
realm.setUserSearch(realmConfigUserSearch);
|
|
realm.setUserBase(realmConfigUserBase);
|
|
- realm.setUserRoleAttribute("cn");
|
|
+ realm.setUserRoleAttribute(realmConfigUserRoleAttribute);
|
|
realm.setRoleName("cn");
|
|
realm.setRoleBase(realmConfigRoleBase);
|
|
realm.setRoleSearch(realmConfigRoleSearch);
|
|
@@ -197,6 +206,17 @@ public class TestJNDIRealmIntegration {
|
|
result = conn.processOperation(addUserTestEquals);
|
|
Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());
|
|
|
|
+ AddRequest addUserNoRole = new AddRequest(
|
|
+ "dn: cn=norole,ou=people,dc=example,dc=com",
|
|
+ "objectClass: top",
|
|
+ "objectClass: person",
|
|
+ "objectClass: organizationalPerson",
|
|
+ "cn: norole",
|
|
+ "sn: No Role",
|
|
+ "userPassword: test");
|
|
+ result = conn.processOperation(addUserNoRole);
|
|
+ Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());
|
|
+
|
|
AddRequest addGroupTest = new AddRequest(
|
|
"dn: cn=TestGroup,ou=people,dc=example,dc=com",
|
|
"objectClass: top",
|
|
Index: apache-tomcat-9.0.43-src/webapps/docs/changelog.xml
|
|
===================================================================
|
|
--- apache-tomcat-9.0.43-src.orig/webapps/docs/changelog.xml
|
|
+++ apache-tomcat-9.0.43-src/webapps/docs/changelog.xml
|
|
@@ -107,6 +107,10 @@
|
|
<subsection name="Catalina">
|
|
<changelog>
|
|
<fix>
|
|
+ <bug>63508</bug>: NPE in JNDIRealm when no <code>userRoleAttribute</code>
|
|
+ is given. (fschumacher)
|
|
+ </fix>
|
|
+ <fix>
|
|
<bug>65106</bug>: Fix the ConfigFileLoader handling of file URIs when
|
|
running under a security manager on some JREs. (markt)
|
|
</fix>
|