mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
parent: e84a18c9 | patch | commit | ignore whitespace
Jean-Noël Rouvignac
13.48.2016 d219cba0ae3f8b69e5f68eb542974f0319304803 
OPENDJ-3095 Upgrade: uninstallation of replicated server throws a NPE

The problem happened because the connection is defaulted to the adminUID, but the password is null.

3.0.0 code handled this gracefully although it was reporting an error while running uninstall.
3.5.0 code fails with a NPE on the call to password.toCharArray().

The fix consists in propagating differently the bind DN/password information
and in treating null bindDN or null password to be an anonymous bind.
2 files modified
37 ■■■■ changed files
opendj-server-legacy/src/main/java/org/opends/admin/ads/util/ConnectionUtils.java 6 ●●●● patch | view | raw | blame | history
opendj-server-legacy/src/main/java/org/opends/admin/ads/util/ConnectionWrapper.java 31 ●●●●● patch | view | raw | blame | history 
 opendj-server-legacy/src/main/java/org/opends/admin/ads/util/ConnectionUtils.java


@@ -176,13 +176,9 @@


    env.put("java.naming.ldap.factory.socket",


        org.opends.admin.ads.util.TrustedSocketFactory.class.getName());




    if (dn != null)


    if (dn != null && pwd != null)


    {


      env.put(Context.SECURITY_PRINCIPAL, dn);


    }




    if (pwd != null)


    {


      env.put(Context.SECURITY_CREDENTIALS, pwd);


    }






 opendj-server-legacy/src/main/java/org/opends/admin/ads/util/ConnectionWrapper.java


@@ -41,7 +41,6 @@


import org.forgerock.opendj.ldap.LdapException;


import org.forgerock.opendj.ldap.SSLContextBuilder;


import org.forgerock.opendj.ldap.requests.Requests;


import org.forgerock.opendj.ldap.requests.SimpleBindRequest;


import org.forgerock.opendj.server.config.client.RootCfgClient;


import org.forgerock.util.Options;


import org.opends.admin.ads.util.PreferredConnection.Type;


@@ -157,7 +156,7 @@


    this.keyManager = keyManager;




    final Options options = toOptions(connectionType, bindDn, bindPwd, connectTimeout, trustManager, keyManager);


    ldapContext = createAdministrativeContext(options);


    ldapContext = createAdministrativeContext(options, bindDn, bindPwd);


    connectionFactory = new LDAPConnectionFactory(hostPort.getHost(), hostPort.getPort(), options);


    connection = buildConnection();


  }


@@ -168,14 +167,22 @@


    final boolean isStartTls = START_TLS.equals(connectionType);


    final boolean isLdaps = LDAPS.equals(connectionType);




    Options options = Options.defaultOptions();


    options.set(CONNECT_TIMEOUT, duration(connectTimeout, TimeUnit.MILLISECONDS));


    Options options = Options.defaultOptions()


        .set(CONNECT_TIMEOUT, duration(connectTimeout, TimeUnit.MILLISECONDS));


    if (isLdaps || isStartTls)


    {


      options.set(SSL_CONTEXT, getSSLContext(trustManager, keyManager))


             .set(SSL_USE_STARTTLS, isStartTls);


    }


    options.set(AUTHN_BIND_REQUEST, Requests.newSimpleBindRequest(bindDn, bindPwd.toCharArray()));


    if (bindDn != null && bindPwd != null)


    {


      options.set(AUTHN_BIND_REQUEST, Requests.newSimpleBindRequest(bindDn, bindPwd.toCharArray()));


    }


    else


    {


      final String traceString = "Anonymous ConnectionWrapper: tried connecting with bindDN=" + bindDn;


      options.set(AUTHN_BIND_REQUEST, Requests.newAnonymousSASLBindRequest(traceString));


    }


    return options;


  }




@@ -183,7 +190,8 @@


  {


    try


    {


      return new SSLContextBuilder().setTrustManager(trustManager != null ? trustManager : new BlindTrustManager())


      return new SSLContextBuilder()


          .setTrustManager(trustManager != null ? trustManager : new BlindTrustManager())


          .setKeyManager(keyManager).getSSLContext();


    }


    catch (GeneralSecurityException e)


@@ -192,9 +200,10 @@


    }


  }




  private InitialLdapContext createAdministrativeContext(Options options) throws NamingException


  private InitialLdapContext createAdministrativeContext(Options options, String bindDn, String bindPwd)


      throws NamingException


  {


    final InitialLdapContext ctx = createAdministrativeContext0(options);


    final InitialLdapContext ctx = createAdministrativeContext0(options, bindDn, bindPwd);


    if (!connectedAsAdministrativeUser(ctx))


    {


      throw new NoPermissionException(ERR_NOT_ADMINISTRATIVE_USER.get().toString());


@@ -202,14 +211,12 @@


    return ctx;


  }




  private InitialLdapContext createAdministrativeContext0(Options options) throws NamingException


  private InitialLdapContext createAdministrativeContext0(Options options, String bindDn, String bindPwd)


      throws NamingException


  {


    SSLContext sslContext = options.get(SSL_CONTEXT);


    boolean useSSL = sslContext != null;


    boolean useStartTLS = options.get(SSL_USE_STARTTLS);


    SimpleBindRequest bindRequest = (SimpleBindRequest) options.get(AUTHN_BIND_REQUEST);


    String bindDn = bindRequest.getName();


    String bindPwd = new String(bindRequest.getPassword());


    final String ldapUrl = getLDAPUrl(getHostPort(), useSSL);


    if (useSSL)


    {