Skip to content
Permalink
Browse files
[JENKINS-34426] Fix to handle SECURITY-243 (#34)
  • Loading branch information
fbelzunc committed May 19, 2016
1 parent 3862baf commit 57f4d97b7b14985272427e461c7d19d90a98fbd4
Showing 2 changed files with 21 additions and 2 deletions.
@@ -229,6 +229,7 @@ private List<SocketInfo> obtainLDAPServers(String domainName) throws Authenticat
public UserDetails retrieveUser(final String username, final String password, final String domainName, final List<SocketInfo> ldapServers) {
UserDetails userDetails;
try {
final ActiveDirectoryUserDetail[] cacheMiss = new ActiveDirectoryUserDetail[1];
userDetails = userCache.get(username, new Callable<UserDetails>() {
public UserDetails call() throws AuthenticationException {
DirContext context;
@@ -312,11 +313,12 @@ public UserDetails call() throws AuthenticationException {
Set<GrantedAuthority> groups = resolveGroups(domainDN, dnFormatted, context);
groups.add(SecurityRealm.AUTHENTICATED_AUTHORITY);

return new ActiveDirectoryUserDetail(username, password, true, true, true, true, groups.toArray(new GrantedAuthority[groups.size()]),
cacheMiss[0] = new ActiveDirectoryUserDetail(username, password, true, true, true, true, groups.toArray(new GrantedAuthority[groups.size()]),
getStringAttribute(user, "displayName"),
getStringAttribute(user, "mail"),
getStringAttribute(user, "telephoneNumber")
).updateUserInfo();
);
return cacheMiss[0];
} catch (NamingException e) {
if (anonymousBind && e.getMessage().contains("successful bind must be completed") && e.getMessage().contains("000004DC")) {
// sometimes (or always?) anonymous bind itself will succeed but the actual query will fail.
@@ -331,6 +333,9 @@ public UserDetails call() throws AuthenticationException {
}
}
});
if (cacheMiss[0] != null) {
cacheMiss[0].updateUserInfo();
}
} catch (UncheckedExecutionException e) {
Throwable t = e.getCause();
if (t instanceof AuthenticationException) {
@@ -24,6 +24,7 @@
package hudson.plugins.active_directory;

import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
@@ -177,6 +178,19 @@ public static long getSerialVersionUID() {
* Gets the corresponding {@link hudson.model.User} object.
*/
public hudson.model.User getJenkinsUser() {
try { // TODO 1.651.2+ remove reflection
return (hudson.model.User) hudson.model.User.class.getMethod("getById", String.class, boolean.class).invoke(null, getUsername(), true);
} catch (InvocationTargetException e) {
if (e.getCause() instanceof RuntimeException) {
throw (RuntimeException)e.getCause();
}
// Only RuntimeException is expected
LOGGER.log(Level.WARNING, String.format("There was a problem obtaining the Jenkins user %s by Id", getUsername()), e);
} catch (NoSuchMethodException e) {
// fine, older baseline
} catch (Exception e) { // unexpected
LOGGER.log(Level.WARNING, String.format("There was a problem obtaining the Jenkins user %s by Id", getUsername()), e);
}
return hudson.model.User.get(getUsername());
}

0 comments on commit 57f4d97

Please sign in to comment.