modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/LdapLoginModule.java | 16 +++- modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManagerBean.java | 17 +--- modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/test/ldap/FakeLdapContext.java | 37 ++++------ 3 files changed, 39 insertions(+), 31 deletions(-)
New commits: commit cb7bdca5eb624e5064dc0e4191e63b01e4877829 Author: Larry O'Leary loleary@redhat.com Date: Wed Jul 17 16:32:05 2013 +0200
BZ 981015 - Ldap auth failed if DN contained a backslash (cherry-picked from commit 01cd91b130f563ba62cd96a46f2cb3a2ac567a48)
BZ 981015: Fix test failures introduced by commit 01cd91b - findLdapUserDetails was appending baseDN twice during fallback code - FakeLdapContext contained some lazy escaping on the mock group entries (cherry picked from commit 567aee7f81c6aa0f7680d4f394cccb1974705320)
diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/LdapLoginModule.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/LdapLoginModule.java index 3de303c..38af750 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/LdapLoginModule.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/LdapLoginModule.java @@ -23,6 +23,7 @@ import java.util.Iterator; import java.util.Properties; import java.util.Map.Entry;
+import javax.naming.CompositeName; import javax.naming.Context; import javax.naming.NamingEnumeration; import javax.naming.directory.SearchControls; @@ -189,7 +190,18 @@ public class LdapLoginModule extends UsernamePasswordLoginModule { SearchResult si = (SearchResult) answer.next();
// Construct the UserDN - String userDN = si.getName() + "," + baseDNs[x]; + String userDN = null; + + try { + userDN = si.getNameInNamespace(); + } catch (UnsupportedOperationException use) { + userDN = new CompositeName(si.getName()).get(0); + if (si.isRelative()) { + userDN += "," + baseDNs[x]; + } + } + + log.debug("Using LDAP userDN=" + userDN);
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN); ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, inputPassword); @@ -204,7 +216,7 @@ public class LdapLoginModule extends UsernamePasswordLoginModule { // If we try all the BaseDN's and have not found a match, return false return false; } catch (Exception e) { - log.info("Failed to validate password: " + e.getMessage()); + log.info("Failed to validate password for [" + userName + "]: " + e.getMessage()); return false; } } diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManagerBean.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManagerBean.java index eeeb4fc..f828950 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManagerBean.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManagerBean.java @@ -1,6 +1,6 @@ /* * RHQ Management Platform - * Copyright (C) 2005-2011 Red Hat, Inc. + * Copyright (C) 2005-2013 Red Hat, Inc. * All rights reserved. * * This program is free software; you can redistribute it and/or modify @@ -13,8 +13,8 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * along with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */
package org.rhq.enterprise.server.resource.group; @@ -31,6 +31,7 @@ import java.util.Set;
import javax.ejb.EJB; import javax.ejb.Stateless; +import javax.naming.CompositeName; import javax.naming.Context; import javax.naming.NamingEnumeration; import javax.naming.NamingException; @@ -322,14 +323,10 @@ public class LdapGroupManagerBean implements LdapGroupManagerLocal { try { userDN = si.getNameInNamespace(); } catch (UnsupportedOperationException use) { - userDN = si.getName(); - if (userDN.startsWith(""")) { - userDN = userDN.substring(1, userDN.length()); + userDN = new CompositeName(si.getName()).get(0); + if (si.isRelative()) { + userDN += "," + baseDNs[x]; } - if (userDN.endsWith(""")) { - userDN = userDN.substring(0, userDN.length() - 1); - } - userDN = userDN + "," + baseDNs[x]; } userDetails.put("dn", userDN);
diff --git a/modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/test/ldap/FakeLdapContext.java b/modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/test/ldap/FakeLdapContext.java index dad31ce..2ae6265 100644 --- a/modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/test/ldap/FakeLdapContext.java +++ b/modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/test/ldap/FakeLdapContext.java @@ -99,7 +99,6 @@ public class FakeLdapContext implements LdapContext { try { return new FakeNamingEnumeration<SearchResult>(ldapTestData.getSearchResults(attributes)); } catch (Exception e) { - // TODO Auto-generated catch block e.printStackTrace(); return null; } @@ -516,12 +515,12 @@ public class FakeLdapContext implements LdapContext { attr = new BasicAttribute("member"); attr.add("cn=Robert Smith,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Cannon\, Brett,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); - attr.add("cn=Charles H\\Samlin,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); + attr.add("cn=Charles H\Samlin,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Craig \#1 Sellers,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Beverly \+1 Balanger,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Bethany \<Stuart\> Wallace,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Zachory S\; Balanger,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); - attr.add("cn=Allen \"The Hammer\" Callen,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); + attr.add("cn=Allen "The Hammer" Callen,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Sam Not \= Smitherson,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=\ Billy The Kiddough\ ,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=System/Integration API,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); @@ -557,12 +556,12 @@ public class FakeLdapContext implements LdapContext { attr = new BasicAttribute("member"); attr.add("cn=John Smith,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Dr. Greg Hause\, MD,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); - attr.add("cn=Cindy\\Cynthia Groober,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); + attr.add("cn=Cindy\Cynthia Groober,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Biff \# Rogers,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Steven \+2 Reed,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Lisa \<The Great\> Toller,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Homer J Simpsonite\; III,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); - attr.add("cn=Jessica \"Crouching Tiger\" Mathers,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); + attr.add("cn=Jessica "Crouching Tiger" Mathers,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Hope \= Rein,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=\ Sue Ferguson\ ,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Phil/Susan Carlson,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); @@ -598,12 +597,12 @@ public class FakeLdapContext implements LdapContext { attr = new BasicAttribute("member"); attr.add("cn=Sheri Smith,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Walsh\, Brad,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); - attr.add("cn=Jim\\James Kirk,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); + attr.add("cn=Jim\James Kirk,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Sandra \# Phillips,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=William Tell Overture \+1,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Craig \<Bison\> Allen,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Walter T Fredrick\; The Second,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); - attr.add("cn=Stanley \"Short\" Mein,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); + attr.add("cn=Stanley "Short" Mein,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=Noah \= Sadler,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=\ Stuart Smiley\ ,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); attr.add("cn=System/Integration API 2,ou=users,dc=test,dc=rhq,dc=redhat,dc=com"); @@ -984,7 +983,7 @@ public class FakeLdapContext implements LdapContext { attr.add("User with backslash (\) in 'cn' in the RHQ Admin Group"); attrs.put(attr);
- sr = new SearchResult("cn=Charles H\\Samlin,ou=users", null, null, attrs, true); + sr = new SearchResult("cn=Charles H\Samlin,ou=users", null, null, attrs, true); this.add(sr);
// dn: cn=Cindy\Cynthia Groober,ou=users,dc=test,dc=rhq,dc=redhat,dc=com @@ -1033,7 +1032,7 @@ public class FakeLdapContext implements LdapContext { attr.add("User with backslash (\) in 'cn' in the JBoss Admin Group"); attrs.put(attr);
- sr = new SearchResult("cn=Cindy\\Cynthia Groober,ou=users", null, null, attrs, true); + sr = new SearchResult("cn=Cindy\Cynthia Groober,ou=users", null, null, attrs, true); this.add(sr);
// dn: cn=Jim\James Kirk,ou=users,dc=test,dc=rhq,dc=redhat,dc=com @@ -1082,7 +1081,7 @@ public class FakeLdapContext implements LdapContext { attr.add("User with backslash (\) in 'cn' in the JBoss Monitor Group"); attrs.put(attr);
- sr = new SearchResult("cn=Jim\\James Kirk,ou=users", null, null, attrs, true); + sr = new SearchResult("cn=Jim\James Kirk,ou=users", null, null, attrs, true); this.add(sr);
// dn: cn=Craig #1 Sellers,ou=users,dc=test,dc=rhq,dc=redhat,dc=com @@ -1675,7 +1674,7 @@ public class FakeLdapContext implements LdapContext { null, attrs, true); this.add(sr);
- // dn: cn=Allen "The Hammer" Callen,ou=users,dc=test,dc=rhq,dc=redhat,dc=com + // dn: cn=Allen "The Hammer" Callen,ou=users,dc=test,dc=rhq,dc=redhat,dc=com attrs = new BasicAttributes();
attr = new BasicAttribute("baseName"); @@ -1721,11 +1720,11 @@ public class FakeLdapContext implements LdapContext { attr.add("User with quote (") in 'cn' in the RHQ Admin Group"); attrs.put(attr);
- sr = new SearchResult("cn=Allen \"The Hammer\" Callen,ou=users", "javax.naming.directory.DirContext", + sr = new SearchResult("cn=Allen "The Hammer" Callen,ou=users", "javax.naming.directory.DirContext", null, attrs, true); this.add(sr);
- // dn: cn=Jessica "Crouching Tiger" Mathers,ou=users,dc=test,dc=rhq,dc=redhat,dc=com + // dn: cn=Jessica "Crouching Tiger" Mathers,ou=users,dc=test,dc=rhq,dc=redhat,dc=com attrs = new BasicAttributes();
attr = new BasicAttribute("baseName"); @@ -1771,11 +1770,11 @@ public class FakeLdapContext implements LdapContext { attr.add("User with quote (") in 'cn' in the JBoss Admin Group"); attrs.put(attr);
- sr = new SearchResult("cn=Jessica \"Crouching Tiger\" Mathers,ou=users", + sr = new SearchResult("cn=Jessica "Crouching Tiger" Mathers,ou=users", "javax.naming.directory.DirContext", null, attrs, true); this.add(sr);
- // dn: cn=Stanley "Short" Mein,ou=users,dc=test,dc=rhq,dc=redhat,dc=com + // dn: cn=Stanley "Short" Mein,ou=users,dc=test,dc=rhq,dc=redhat,dc=com attrs = new BasicAttributes();
attr = new BasicAttribute("baseName"); @@ -1821,7 +1820,7 @@ public class FakeLdapContext implements LdapContext { attr.add("User with quote (") in 'cn' in the JBoss Monitor Group"); attrs.put(attr);
- sr = new SearchResult("cn=Stanley \"Short\" Mein,ou=users", null, null, attrs, true); + sr = new SearchResult("cn=Stanley "Short" Mein,ou=users", null, null, attrs, true); this.add(sr);
// dn: cn=Sam Not = Smitherson,ou=users,dc=test,dc=rhq,dc=redhat,dc=com @@ -2160,7 +2159,7 @@ public class FakeLdapContext implements LdapContext { attr.add("User with slash (/) in 'cn' in the RHQ Admin Group"); attrs.put(attr);
- sr = new SearchResult("cn=System/Integration API,ou=users", null, null, attrs, true); + sr = new SearchResult("cn=System\/Integration API,ou=users", null, null, attrs, true); this.add(sr);
// dn: cn=Phil/Susan Carlson,ou=users,dc=test,dc=rhq,dc=redhat,dc=com @@ -2209,7 +2208,7 @@ public class FakeLdapContext implements LdapContext { attr.add("User with slash (/) in 'cn' in the JBoss Admin Group"); attrs.put(attr);
- sr = new SearchResult("cn=Phil/Susan Carlson,ou=users", null, null, attrs, true); + sr = new SearchResult("cn=Phil\/Susan Carlson,ou=users", null, null, attrs, true); this.add(sr);
// dn: cn=System/Integration API 2,ou=users,dc=test,dc=rhq,dc=redhat,dc=com @@ -2254,7 +2253,7 @@ public class FakeLdapContext implements LdapContext { attr.add("User with slash (/) in 'cn' in the JBoss Monitor Group"); attrs.put(attr);
- sr = new SearchResult("cn=System/Integration API 2,ou=users", null, null, attrs, true); + sr = new SearchResult("cn=System\/Integration API 2,ou=users", null, null, attrs, true); this.add(sr);
// dn: cn=Lee -Fast- Croutche,ou=users,dc=test,dc=rhq,dc=redhat,dc=com
rhq-commits@lists.fedorahosted.org