From d32701cbbd093b1dc62a88892364c50efdab752f Mon Sep 17 00:00:00 2001 From: "Shawn O. Pearce" Date: Thu, 31 May 2012 09:12:44 -0700 Subject: [PATCH] Fix NPE in LdapRealm caused by non-LDAP users Servers that are connected to LDAP but have non-LDAP user accounts created by `gerrit create-account` (e.g. batch role accounts for build systems) were crashing with a NullPointerException when the LdapRealm tried to discover which LDAP groups the non-LDAP user was a member of in the directory. If there is no LDAP identity for the user account, use an empty set of groups as the LDAP contribution to the GroupMembership. Change-Id: Ibd918a8705481e4b6bd2f34500fa79fa0d5f43a4 --- .../gerrit/server/auth/ldap/LdapRealm.java | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java index c79b7c5fef..ac46128ae4 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java @@ -17,6 +17,7 @@ package com.google.gerrit.server.auth.ldap; import static com.google.gerrit.reviewdb.client.AccountExternalId.SCHEME_GERRIT; import com.google.common.base.Optional; +import com.google.common.base.Strings; import com.google.common.cache.CacheLoader; import com.google.common.cache.LoadingCache; import com.google.common.collect.Iterables; @@ -269,10 +270,14 @@ class LdapRealm implements Realm { public GroupMembership groups(final AccountState who) { String id = findId(who.getExternalIds()); Set groups; - try { - groups = membershipCache.get(id); - } catch (ExecutionException e) { - log.warn(String.format("Cannot lookup groups for %s in LDAP", id), e); + if (id != null) { + try { + groups = membershipCache.get(id); + } catch (ExecutionException e) { + log.warn(String.format("Cannot lookup groups for %s in LDAP", id), e); + groups = Collections.emptySet(); + } + } else { groups = Collections.emptySet(); } return groupMembershipFactory.create(Iterables.concat( @@ -291,6 +296,9 @@ class LdapRealm implements Realm { @Override public Account.Id lookup(String accountName) { + if (Strings.isNullOrEmpty(accountName)) { + return null; + } try { Optional id = usernameCache.get(accountName); return id != null ? id.orNull() : null;