Update the LDAP connection handler so that it will properly terminate the c...

neil_a_wilson

21.36.2007 23cb06fe1592c018cbf1e7303c60067cd5a7458e

Update the LDAP connection handler so that it will properly terminate the
client connection if a problem occurs while attempting to assign the connection
security provider for that connection.

OpenDS Issue Number:  1291

 opends/src/server/org/opends/server/messages/ProtocolMessages.java

@@ -4348,6 +4348,17 @@


  /**
   * The message ID for the message that will be used if an error occurs while
   * attempting to configure the connection security provider for a new
   * connection.  This takes a single argument, which is a string representation
   * of the exception that was caught.
   */
  public static final int MSGID_LDAP_CONNHANDLER_CANNOT_SET_SECURITY_PROVIDER =
       CATEGORY_MASK_PROTOCOL | SEVERITY_MASK_MILD_ERROR | 401;



  /**
   * Associates a set of generic messages with the message IDs defined in this
   * class.
   */
@@ -5230,6 +5241,10 @@
                    "The connection attempt from client %s to %s has been " +
                    "rejected because the client was not included in one of " +
                    "the allowed address ranges.");
    registerMessage(MSGID_LDAP_CONNHANDLER_CANNOT_SET_SECURITY_PROVIDER,
                    "An error occurred while attempting to configure the " +
                    "connection security provider for the client " +
                    "connection:  %s.");
    registerMessage(MSGID_LDAP_CONNHANDLER_UNABLE_TO_REGISTER_CLIENT,
                    "An internal error prevented the Directory Server from " +
                    "properly registering the client connection from %s to " +

 opends/src/server/org/opends/server/protocols/ldap/LDAPConnectionHandler.java

@@ -1485,11 +1485,29 @@
                  }
                  clientChannel.socket().setKeepAlive(useKeepAlive);
                  clientChannel.socket().setTcpNoDelay(useTCPNoDelay);
                  ConnectionSecurityProvider connectionSecurityProvider =
                       securityProvider.newInstance(clientConnection,
                                                    clientChannel);
                  clientConnection.setConnectionSecurityProvider(
                       connectionSecurityProvider);

                  try
                  {
                    ConnectionSecurityProvider connectionSecurityProvider =
                         securityProvider.newInstance(clientConnection,
                                                      clientChannel);
                    clientConnection.setConnectionSecurityProvider(
                         connectionSecurityProvider);
                  }
                  catch (Exception e)
                  {
                    if (debugEnabled())
                    {
                      debugCaught(DebugLogLevel.ERROR, e);
                    }

                    clientConnection.disconnect(
                         DisconnectReason.SECURITY_PROBLEM, false,
                         MSGID_LDAP_CONNHANDLER_CANNOT_SET_SECURITY_PROVIDER,
                         String.valueOf(e));
                    iterator.remove();
                    continue;
                  }


                  // Check to see if the core server rejected the connection