From 6bea4c909a3dbf8a3b5ffd84c96506bb298403ac Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Sat, 03 Feb 2007 00:30:16 +0000
Subject: [PATCH] Update the proxied authorization control code to require that the controls have a criticality of "true" as per the specification in RFC 4370.

---
 opendj-sdk/opends/src/server/org/opends/server/messages/ProtocolMessages.java |   30 +++++++++++++++++++++++++++++-
 1 files changed, 29 insertions(+), 1 deletions(-)

diff --git a/opendj-sdk/opends/src/server/org/opends/server/messages/ProtocolMessages.java b/opendj-sdk/opends/src/server/org/opends/server/messages/ProtocolMessages.java
index e8f2593..969de8d 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/messages/ProtocolMessages.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/messages/ProtocolMessages.java
@@ -22,7 +22,7 @@
  * CDDL HEADER END
  *
  *
- *      Portions Copyright 2006 Sun Microsystems, Inc.
+ *      Portions Copyright 2006-2007 Sun Microsystems, Inc.
  */
 package org.opends.server.messages;
 
@@ -4210,6 +4210,24 @@
 
 
   /**
+   * The message ID for the message that will be used if a proxied auth V1
+   * control is not marked critical.  This does not take any arguments.
+   */
+  public static final int MSGID_PROXYAUTH1_CONTROL_NOT_CRITICAL =
+       CATEGORY_MASK_PROTOCOL | SEVERITY_MASK_MILD_ERROR | 388;
+
+
+
+  /**
+   * The message ID for the message that will be used if a proxied auth V2
+   * control is not marked critical.  This does not take any arguments.
+   */
+  public static final int MSGID_PROXYAUTH2_CONTROL_NOT_CRITICAL =
+       CATEGORY_MASK_PROTOCOL | SEVERITY_MASK_MILD_ERROR | 389;
+
+
+
+  /**
    * Associates a set of generic messages with the message IDs defined in this
    * class.
    */
@@ -5654,6 +5672,11 @@
                     "decode the control value:  %s.");
 
 
+    registerMessage(MSGID_PROXYAUTH1_CONTROL_NOT_CRITICAL,
+                    "Unwilling to process the request because it contains a " +
+                    "proxied authorization V1 control which is not marked " +
+                    "critical.  The proxied authorization control must " +
+                    "always have a criticality of \"true\".");
     registerMessage(MSGID_PROXYAUTH1_NO_CONTROL_VALUE,
                     "Cannot decode the provided proxied authorization V1 " +
                     "control because it does not have a value.");
@@ -5677,6 +5700,11 @@
                     "is not allowed by the password policy configuration.");
 
 
+    registerMessage(MSGID_PROXYAUTH2_CONTROL_NOT_CRITICAL,
+                    "Unwilling to process the request because it contains a " +
+                    "proxied authorization V2 control which is not marked " +
+                    "critical.  The proxied authorization control must " +
+                    "always have a criticality of \"true\".");
     registerMessage(MSGID_PROXYAUTH2_NO_CONTROL_VALUE,
                     "Cannot decode the provided proxied authorization V2 " +
                     "control because it does not have a value.");

--
Gitblit v1.10.0