external-software/github_OpenIdentityPlatform_OpenDJ.git

Update the client connection code to ensure that any attempt to change the ...

neil_a_wilson

18.41.2007 7269ae01fdc8953b1b568c06b1dd6b80f94d8e83

 opendj-sdk/opends/src/server/org/opends/server/api/ClientConnection.java

@@ -618,7 +618,7 @@
  {
    if (authenticationInfo == null)
    {
      authenticationInfo = new AuthenticationInfo();
      setAuthenticationInfo(new AuthenticationInfo());
    }

    authenticationInfo.setMustChangePassword(mustChangePassword);
@@ -881,22 +881,22 @@
      if ((authZEntry == null) ||
          (! authZEntry.getDN().equals(authNEntry.getDN())))
      {
        authenticationInfo =
             authenticationInfo.duplicate(newEntry, authZEntry);
        setAuthenticationInfo(
             authenticationInfo.duplicate(newEntry, authZEntry));
        updatePrivileges(newEntry, authenticationInfo.isRoot());
      }
      else
      {
        authenticationInfo =
             authenticationInfo.duplicate(newEntry, newEntry);
        setAuthenticationInfo(
             authenticationInfo.duplicate(newEntry, newEntry));
        updatePrivileges(newEntry, authenticationInfo.isRoot());
      }
    }
    else if ((authZEntry != null) &&
             (authZEntry.getDN().equals(oldEntry.getDN())))
    {
      authenticationInfo =
           authenticationInfo.duplicate(authNEntry, newEntry);
      setAuthenticationInfo(
           authenticationInfo.duplicate(authNEntry, newEntry));
    }
  }

@@ -910,7 +910,7 @@
   */
  public void setUnauthenticated()
  {
    this.authenticationInfo = new AuthenticationInfo();
    setAuthenticationInfo(new AuthenticationInfo());
    this.sizeLimit          = DirectoryServer.getSizeLimit();
    this.timeLimit          = DirectoryServer.getTimeLimit();
  }

 opendj-sdk/opends/src/server/org/opends/server/core/AuthenticatedUsers.java

@@ -59,9 +59,6 @@
public class AuthenticatedUsers
       implements ChangeNotificationListener
{



  // The mapping between authenticated user DNs and the associated client
  // connection objects.
  private ConcurrentHashMap<DN,CopyOnWriteArraySet<ClientConnection>>
@@ -130,6 +127,24 @@


  /**
   * Retrieves the set of client connections authenticated as the specified
   * user.  This method is only intended for internal testing use and should not
   * be called for any other purpose.
   *
   * @param  userDN  The DN of the user for which to retrieve the corresponding
   *                 set of client connections.
   *
   * @return  The set of client connections authenticated as the specified user,
   *          or {@code null} if there are none.
   */
  synchronized CopyOnWriteArraySet<ClientConnection> get(DN userDN)
  {
    return userMap.get(userDN);
  }



  /**
   * Performs any processing that may be required after an add
   * operation.
   *

 opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/core/BindOperationTestCase.java

@@ -1857,5 +1857,67 @@
                                new ASN1OctetString("wrongpassword"));
    assertEquals(bindOperation.getResultCode(), ResultCode.INVALID_CREDENTIALS);
  }



  /**
   * Tests to ensure that performing multiple binds on a client connection will
   * cause the connection to no longer be associated with the previous identity.
   * This helps provide coverage for issue #1392.
   *
   * @throws  Exception
   */
  @Test()
  public void testRebindClearsAuthInfo()
         throws Exception
  {
    TestCaseUtils.initializeTestBackend(true);
    TestCaseUtils.addEntry(
      "dn: uid=rebind.test,o=test",
      "objectClass: top",
      "objectClass: person",
      "objectClass: organizationalPerson",
      "objectClass: inetOrgPerson",
      "uid: rebind.test",
      "givenName: Rebind",
      "sn: Test",
      "cn: Rebind Test",
      "userPassword: password");
    String dnString = "uid=rebind.test,o=test";
    DN userDN = DN.decode(dnString);

    Socket s = new Socket("127.0.0.1", (int) TestCaseUtils.getServerLdapPort());
    ASN1Reader r = new ASN1Reader(s);
    ASN1Writer w = new ASN1Writer(s);
    r.setIOTimeout(6000);

    BindRequestProtocolOp bindRequest =
         new BindRequestProtocolOp(new ASN1OctetString(dnString),
                                   3, new ASN1OctetString("password"));
    LDAPMessage message = new LDAPMessage(1, bindRequest);
    w.writeElement(message.encode());

    message = LDAPMessage.decode(r.readElement().decodeAsSequence());
    BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
    assertEquals(bindResponse.getResultCode(), 0);

    assertNotNull(DirectoryServer.getAuthenticatedUsers().get(userDN));
    assertEquals(DirectoryServer.getAuthenticatedUsers().get(userDN).size(),
                 1);

    bindRequest = new BindRequestProtocolOp(
                           new ASN1OctetString("cn=Directory Manager"), 3,
                           new ASN1OctetString("password"));
    message = new LDAPMessage(1, bindRequest);
    w.writeElement(message.encode());

    message = LDAPMessage.decode(r.readElement().decodeAsSequence());
    bindResponse = message.getBindResponseProtocolOp();
    assertEquals(bindResponse.getResultCode(), 0);

    assertNull(DirectoryServer.getAuthenticatedUsers().get(userDN));

    s.close();
  }
}

			@@ -618,7 +618,7 @@
			{
			if (authenticationInfo == null)
			{
			authenticationInfo = new AuthenticationInfo();
			setAuthenticationInfo(new AuthenticationInfo());
			}

			authenticationInfo.setMustChangePassword(mustChangePassword);
			@@ -881,22 +881,22 @@
			if ((authZEntry == null) \|\|
			(! authZEntry.getDN().equals(authNEntry.getDN())))
			{
			authenticationInfo =
			authenticationInfo.duplicate(newEntry, authZEntry);
			setAuthenticationInfo(
			authenticationInfo.duplicate(newEntry, authZEntry));
			updatePrivileges(newEntry, authenticationInfo.isRoot());
			}
			else
			{
			authenticationInfo =
			authenticationInfo.duplicate(newEntry, newEntry);
			setAuthenticationInfo(
			authenticationInfo.duplicate(newEntry, newEntry));
			updatePrivileges(newEntry, authenticationInfo.isRoot());
			}
			}
			else if ((authZEntry != null) &&
			(authZEntry.getDN().equals(oldEntry.getDN())))
			{
			authenticationInfo =
			authenticationInfo.duplicate(authNEntry, newEntry);
			setAuthenticationInfo(
			authenticationInfo.duplicate(authNEntry, newEntry));
			}
			}

			@@ -910,7 +910,7 @@
			*/
			public void setUnauthenticated()
			{
			this.authenticationInfo = new AuthenticationInfo();
			setAuthenticationInfo(new AuthenticationInfo());
			this.sizeLimit = DirectoryServer.getSizeLimit();
			this.timeLimit = DirectoryServer.getTimeLimit();
			}

			@@ -59,9 +59,6 @@
			public class AuthenticatedUsers
			implements ChangeNotificationListener
			{



			// The mapping between authenticated user DNs and the associated client
			// connection objects.
			private ConcurrentHashMap<DN,CopyOnWriteArraySet<ClientConnection>>
			@@ -130,6 +127,24 @@


			/**
			* Retrieves the set of client connections authenticated as the specified
			* user. This method is only intended for internal testing use and should not
			* be called for any other purpose.
			*
			* @param userDN The DN of the user for which to retrieve the corresponding
			* set of client connections.
			*
			* @return The set of client connections authenticated as the specified user,
			* or {@code null} if there are none.
			*/
			synchronized CopyOnWriteArraySet<ClientConnection> get(DN userDN)
			{
			return userMap.get(userDN);
			}



			/**
			* Performs any processing that may be required after an add
			* operation.
			*

			@@ -1857,5 +1857,67 @@
			new ASN1OctetString("wrongpassword"));
			assertEquals(bindOperation.getResultCode(), ResultCode.INVALID_CREDENTIALS);
			}



			/**
			* Tests to ensure that performing multiple binds on a client connection will
			* cause the connection to no longer be associated with the previous identity.
			* This helps provide coverage for issue #1392.
			*
			* @throws Exception
			*/
			@Test()
			public void testRebindClearsAuthInfo()
			throws Exception
			{
			TestCaseUtils.initializeTestBackend(true);
			TestCaseUtils.addEntry(
			"dn: uid=rebind.test,o=test",
			"objectClass: top",
			"objectClass: person",
			"objectClass: organizationalPerson",
			"objectClass: inetOrgPerson",
			"uid: rebind.test",
			"givenName: Rebind",
			"sn: Test",
			"cn: Rebind Test",
			"userPassword: password");
			String dnString = "uid=rebind.test,o=test";
			DN userDN = DN.decode(dnString);

			Socket s = new Socket("127.0.0.1", (int) TestCaseUtils.getServerLdapPort());
			ASN1Reader r = new ASN1Reader(s);
			ASN1Writer w = new ASN1Writer(s);
			r.setIOTimeout(6000);

			BindRequestProtocolOp bindRequest =
			new BindRequestProtocolOp(new ASN1OctetString(dnString),
			3, new ASN1OctetString("password"));
			LDAPMessage message = new LDAPMessage(1, bindRequest);
			w.writeElement(message.encode());

			message = LDAPMessage.decode(r.readElement().decodeAsSequence());
			BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
			assertEquals(bindResponse.getResultCode(), 0);

			assertNotNull(DirectoryServer.getAuthenticatedUsers().get(userDN));
			assertEquals(DirectoryServer.getAuthenticatedUsers().get(userDN).size(),
			1);

			bindRequest = new BindRequestProtocolOp(
			new ASN1OctetString("cn=Directory Manager"), 3,
			new ASN1OctetString("password"));
			message = new LDAPMessage(1, bindRequest);
			w.writeElement(message.encode());

			message = LDAPMessage.decode(r.readElement().decodeAsSequence());
			bindResponse = message.getBindResponseProtocolOp();
			assertEquals(bindResponse.getResultCode(), 0);

			assertNull(DirectoryServer.getAuthenticatedUsers().get(userDN));

			s.close();
			}
			}