OPENDJ-948 (CR-1873) unauthorized disclosure of directory contents
Fixing the build. Fixed a test for replication conflict resolution.
AccessControlHandler.java:
In canDiscloseInformation(), allow to disclose information only for internal operations (internal has a broader meaning here than Operation.isInternalOperation()).
| | |
|---|
| | | } |
|---|
| | | if (entry == null) |
|---|
| | | { |
|---|
| | | // no such entry exist, let's be safe and forbid any info disclosure. |
|---|
| | | return false; |
|---|
| | | // no such entry exist, only disclose underlying information if it is an |
|---|
| | | // internal (broad meaning) operation, otherwise let's be safe and forbid |
|---|
| | | // any info disclosure for external operations. |
|---|
| | | // This will avoid breaking conflicts resolution in replication |
|---|
| | | return operation.isInternalOperation() |
|---|
| | | || operation.isSynchronizationOperation() |
|---|
| | | || operation.isInnerOperation(); |
|---|
| | | } |
|---|
| | | return maySend(operation, new SearchResultEntry(entry, operation |
|---|
| | | .getResponseControls())); |
|---|
