From 6de8daee4940c4450c9b434be85231583fe67f69 Mon Sep 17 00:00:00 2001
From: aefimov <unknown>
Date: Mon, 24 Apr 2017 22:53:32 +0300
Subject: [PATCH] 8176067: Proper directory lookup processing Reviewed-by:
 weijun

---
 .../classes/com/sun/jndi/ldap/LdapClient.java |  3 ++-
 .../classes/com/sun/jndi/ldap/LdapCtx.java    | 24 ++++++++++++++++---
 .../sun/jndi/ldap/LdapReferralException.java  |  5 ++--
 .../provider/certpath/ldap/LDAPCertStore.java |  4 ++--
 4 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/src/share/classes/com/sun/jndi/ldap/LdapClient.java b/src/share/classes/com/sun/jndi/ldap/LdapClient.java
index f6b42d341..d3cdbc2f8 100644
--- a/src/share/classes/com/sun/jndi/ldap/LdapClient.java
+++ b/src/share/classes/com/sun/jndi/ldap/LdapClient.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -1233,6 +1233,7 @@ public final class LdapClient implements PooledConnection {
     static final int LDAP_REF_FOLLOW = 0x01;            // follow referrals
     static final int LDAP_REF_THROW = 0x02;             // throw referral ex.
     static final int LDAP_REF_IGNORE = 0x03;            // ignore referrals
+    static final int LDAP_REF_FOLLOW_SCHEME = 0x04;     // follow referrals of the same scheme
 
     static final String LDAP_URL = "ldap://";           // LDAPv3
     static final String LDAPS_URL = "ldaps://";         // LDAPv3
diff --git a/src/share/classes/com/sun/jndi/ldap/LdapCtx.java b/src/share/classes/com/sun/jndi/ldap/LdapCtx.java
index 79630f53e..4a76771e1 100644
--- a/src/share/classes/com/sun/jndi/ldap/LdapCtx.java
+++ b/src/share/classes/com/sun/jndi/ldap/LdapCtx.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -2413,6 +2413,9 @@ final public class LdapCtx extends ComponentDirContext
         // First determine the referral mode
         if (ref != null) {
             switch (ref) {
+                case "follow-scheme":
+                    handleReferrals = LdapClient.LDAP_REF_FOLLOW_SCHEME;
+                    break;
                 case "follow":
                     handleReferrals = LdapClient.LDAP_REF_FOLLOW;
                     break;
@@ -2975,8 +2978,23 @@ final public class LdapCtx extends ComponentDirContext
             r = new LdapReferralException(resolvedName, resolvedObj, remainName,
                 msg, envprops, fullDN, handleReferrals, reqCtls);
             // only one set of URLs is present
-            r.setReferralInfo(res.referrals == null ? null :
-                    res.referrals.elementAt(0), false);
+            Vector<String> refs;
+            if (res.referrals == null) {
+                refs = null;
+            } else if (handleReferrals == LdapClient.LDAP_REF_FOLLOW_SCHEME) {
+                refs = new Vector<>();
+                for (String s : res.referrals.elementAt(0)) {
+                    if (s.startsWith("ldap:")) {
+                        refs.add(s);
+                    }
+                }
+                if (refs.isEmpty()) {
+                    refs = null;
+                }
+            } else {
+                refs = res.referrals.elementAt(0);
+            }
+            r.setReferralInfo(refs, false);
 
             if (hopCount > 1) {
                 r.setHopCount(hopCount);
diff --git a/src/share/classes/com/sun/jndi/ldap/LdapReferralException.java b/src/share/classes/com/sun/jndi/ldap/LdapReferralException.java
index 1058d9dd9..0870ab75a 100644
--- a/src/share/classes/com/sun/jndi/ldap/LdapReferralException.java
+++ b/src/share/classes/com/sun/jndi/ldap/LdapReferralException.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -117,7 +117,8 @@ final public class LdapReferralException extends
 
         // If following referral, request controls are passed to referral ctx
         this.reqCtls =
-            (handleReferrals == LdapClient.LDAP_REF_FOLLOW ? reqCtls : null);
+            (handleReferrals == LdapClient.LDAP_REF_FOLLOW ||
+                    handleReferrals == LdapClient.LDAP_REF_FOLLOW_SCHEME ? reqCtls : null);
     }
 
     /**
diff --git a/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java b/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java
index 5a24a694b..ba3e4d60c 100644
--- a/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java
+++ b/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -265,7 +265,7 @@ public final class LDAPCertStore extends CertStoreSpi {
              */
             Hashtable<?,?> currentEnv = ctx.getEnvironment();
             if (currentEnv.get(Context.REFERRAL) == null) {
-                ctx.addToEnvironment(Context.REFERRAL, "follow");
+                ctx.addToEnvironment(Context.REFERRAL, "follow-scheme");
             }
         } catch (NamingException e) {
             if (debug != null) {
-- 
GitLab