Skip to content

Commit

Permalink
[FIXED JENKINS-9519]
Browse files Browse the repository at this point in the history 
if the check fails miserably, report the error accordingly.
  • Loading branch information
@kohsuke
kohsuke committed Jan 5, 2012
1 parent 5ef902b commit 0d95525
Show file tree
Hide file tree
Showing 2 changed files with 38 additions and 29 deletions.
3 changes: 3 additions & 0 deletions changelog.html
View file
Expand Up @@ -55,6 +55,9 @@
<!-- Record your changes in the trunk here. -->
<div id="trunk" style="display:none"><!--=TRUNK-BEGIN=-->
<ul class=image>
<li class=bug>
Failure to check the username/groupname in the matrix security shouldn't hide the user name
(<a href="https://issues.jenkins-ci.org/browse/JENKINS-9519">issue 9519</a>)
<li class=bug>
Fixed a hash DoS vulnerability.
(<a href="http://www.ocert.org/advisories/ocert-2011-003.html">SECURITY-22</a>)
Expand Down
64 changes: 35 additions & 29 deletions core/src/main/java/hudson/security/GlobalMatrixAuthorizationStrategy.java
View file
Expand Up @@ -300,37 +300,43 @@ public FormValidation doCheckName_(String value, AccessControlled subject, Permi
return FormValidation.respond(Kind.OK, makeImg("user.png") +ev);

try {
sr.loadUserByUsername(v);
return FormValidation.respond(Kind.OK, makeImg("person.png")+ev);
} catch (UserMayOrMayNotExistException e) {
// undecidable, meaning the user may exist
return FormValidation.respond(Kind.OK, ev);
} catch (UsernameNotFoundException e) {
// fall through next
} catch (DataAccessException e) {
// fall through next
} catch (AuthenticationException e) {
// other seemingly unexpected error.
return FormValidation.error(e,"Failed to test the validity of the user name "+v);
}
try {
sr.loadUserByUsername(v);
return FormValidation.respond(Kind.OK, makeImg("person.png")+ev);
} catch (UserMayOrMayNotExistException e) {
// undecidable, meaning the user may exist
return FormValidation.respond(Kind.OK, ev);
} catch (UsernameNotFoundException e) {
// fall through next
} catch (DataAccessException e) {
// fall through next
} catch (AuthenticationException e) {
// other seemingly unexpected error.
return FormValidation.error(e,"Failed to test the validity of the user name "+v);
}

try {
sr.loadGroupByGroupname(v);
return FormValidation.respond(Kind.OK, makeImg("user.png") +ev);
} catch (UserMayOrMayNotExistException e) {
// undecidable, meaning the group may exist
return FormValidation.respond(Kind.OK, ev);
} catch (UsernameNotFoundException e) {
// fall through next
} catch (DataAccessException e) {
// fall through next
} catch (AuthenticationException e) {
// other seemingly unexpected error.
return FormValidation.error(e,"Failed to test the validity of the group name "+v);
}
try {
sr.loadGroupByGroupname(v);
return FormValidation.respond(Kind.OK, makeImg("user.png") +ev);
} catch (UserMayOrMayNotExistException e) {
// undecidable, meaning the group may exist
return FormValidation.respond(Kind.OK, ev);
} catch (UsernameNotFoundException e) {
// fall through next
} catch (DataAccessException e) {
// fall through next
} catch (AuthenticationException e) {
// other seemingly unexpected error.
return FormValidation.error(e,"Failed to test the validity of the group name "+v);
}

// couldn't find it. it doesn't exist
return FormValidation.respond(Kind.ERROR, makeImg("error.png") +ev);
// couldn't find it. it doesn't exist
return FormValidation.respond(Kind.ERROR, makeImg("error.png") +ev);
} catch (Exception e) {
// if the check fails miserably, we still want the user to be able to see the name of the user,
// so use 'ev' as the message
return FormValidation.error(e,ev);
}
}

private String makeImg(String gif) {
Expand Down

0 comments on commit 0d95525

Please sign in to comment.