opendev/gerrit
Code Issues Proposed changes

Ensure proper escaping of LDAP group names

Browse Source 
There are some special characters which are allowed in LDAP names but which
must be escaped for JNDI. Details are available here:
http://java.sun.com/products/jndi/tutorial/beyond/names/syntax.html

If the LDAP group name is not escaped, a group containing such special
characters cannot be expanded and an error is written to the log file.

Signed-off-by: Edwin Kempin <edwin.kempin@gmail.com>
This commit is contained in:
Edwin Kempin
2010-10-07 16:00:18 +02:00
parent e5669acc57
commit 124d6863f8
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/Helper.java
View File

@@ -33,7 +33,9 @@ import java.util.List;
import java.util.Properties;
import java.util.Set;
import javax.naming.CompositeName;
import javax.naming.Context;
import javax.naming.Name;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
@@ -196,8 +198,9 @@ import javax.net.ssl.SSLSocketFactory;
// Recursively identify the groups it is a member of.
//
try {
final Name compositeGroupName = new CompositeName().add(groupDN);
final Attribute in =
ctx.getAttributes(groupDN).get(schema.accountMemberField);
ctx.getAttributes(compositeGroupName).get(schema.accountMemberField);
if (in != null) {
final NamingEnumeration<?> groups = in.getAll();
while (groups.hasMore()) {