Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
056163a2
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
3
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
056163a2
编写于
9月 04, 2017
作者:
V
vinnie
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
8178449: Improve LDAP logins
Reviewed-by: mullan, asmotrak
上级
9da1d6b7
变更
1
隐藏空白更改
内联
并排
Showing
1 changed file
with
59 addition
and
4 deletion
+59
-4
src/share/classes/com/sun/security/auth/module/LdapLoginModule.java
...classes/com/sun/security/auth/module/LdapLoginModule.java
+59
-4
未找到文件。
src/share/classes/com/sun/security/auth/module/LdapLoginModule.java
浏览文件 @
056163a2
...
...
@@ -751,7 +751,8 @@ public class LdapLoginModule implements LoginModule {
if
(
authFirst
||
authOnly
)
{
String
id
=
replaceUsernameToken
(
identityMatcher
,
authcIdentity
);
String
id
=
replaceUsernameToken
(
identityMatcher
,
authcIdentity
,
username
);
// Prepare to bind using user's username and password
ldapEnvironment
.
put
(
Context
.
SECURITY_CREDENTIALS
,
password
);
...
...
@@ -878,8 +879,13 @@ public class LdapLoginModule implements LoginModule {
}
try
{
NamingEnumeration
<
SearchResult
>
results
=
ctx
.
search
(
""
,
replaceUsernameToken
(
filterMatcher
,
userFilter
),
constraints
);
// Sanitize username and substitute into LDAP filter
String
canonicalUserFilter
=
replaceUsernameToken
(
filterMatcher
,
userFilter
,
escapeUsernameChars
());
NamingEnumeration
<
SearchResult
>
results
=
ctx
.
search
(
""
,
canonicalUserFilter
,
constraints
);
// Extract the distinguished name of the user's entry
// (Use the first entry if more than one is returned)
...
...
@@ -926,13 +932,62 @@ public class LdapLoginModule implements LoginModule {
}
}
/**
* Modify the supplied username to encode characters that must be escaped
* according to RFC 4515: LDAP: String Representation of Search Filters.
*
* The following characters are encoded as a backslash "\" (ASCII 0x5c)
* followed by the two hexadecimal digits representing the value of the
* escaped character:
* '*' (ASCII 0x2a)
* '(' (ASCII 0x28)
* ')' (ASCII 0x29)
* '\' (ASCII 0x5c)
* '\0'(ASCII 0x00)
*
* @return the modified username with its characters escaped as needed
*/
private
String
escapeUsernameChars
()
{
int
len
=
username
.
length
();
StringBuilder
escapedUsername
=
new
StringBuilder
(
len
+
16
);
for
(
int
i
=
0
;
i
<
len
;
i
++)
{
char
c
=
username
.
charAt
(
i
);
switch
(
c
)
{
case
'*'
:
escapedUsername
.
append
(
"\\\\2A"
);
break
;
case
'('
:
escapedUsername
.
append
(
"\\\\28"
);
break
;
case
')'
:
escapedUsername
.
append
(
"\\\\29"
);
break
;
case
'\\'
:
escapedUsername
.
append
(
"\\\\5C"
);
break
;
case
'\0'
:
escapedUsername
.
append
(
"\\\\00"
);
break
;
default
:
escapedUsername
.
append
(
c
);
}
}
return
escapedUsername
.
toString
();
}
/**
* Replace the username token
*
* @param matcher the replacement pattern
* @param string the target string
* @param username the supplied username
* @return the modified string
*/
private
String
replaceUsernameToken
(
Matcher
matcher
,
String
string
)
{
private
String
replaceUsernameToken
(
Matcher
matcher
,
String
string
,
String
username
)
{
return
matcher
!=
null
?
matcher
.
replaceAll
(
username
)
:
string
;
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录