From b66654ad0e12d83f17b2e84422fefbaf31509e86 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Sat, 02 Jun 2007 00:27:17 +0000
Subject: [PATCH] Update the server to provide a lockdown mode.  This is a mode in which the server will only allow client connections over loopback interfaces and will reject requests from non-root users.  This can be used in cases where it would be helpful for the server to be online to address a problem, but there might be security risks in having it fully available (e.g., the server detects a malformed access control rule on startup, and we don't want to allow normal access to the server since that rule might be intended to prevent users from seeing sensitive information and not having it interpreted properly could be dangerous).

---
 opendj-sdk/opends/src/server/org/opends/server/protocols/ldap/LDAPConnectionHandler.java |   20 ++++++++++----------
 1 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/opendj-sdk/opends/src/server/org/opends/server/protocols/ldap/LDAPConnectionHandler.java b/opendj-sdk/opends/src/server/org/opends/server/protocols/ldap/LDAPConnectionHandler.java
index 979bc32..a6dbc80 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/protocols/ldap/LDAPConnectionHandler.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/protocols/ldap/LDAPConnectionHandler.java
@@ -931,6 +931,16 @@
                       .accept();
                   LDAPClientConnection clientConnection =
                     new LDAPClientConnection(this, clientChannel);
+
+                  // Check to see if the core server rejected the
+                  // connection (e.g., already too many connections
+                  // established).
+                  if (clientConnection.getConnectionID() < 0) {
+                    // The connection will have already been closed.
+                    iterator.remove();
+                    continue;
+                  }
+
                   InetAddress clientAddr = clientConnection
                       .getRemoteAddress();
                   // Check to see if the client is on the denied list.
@@ -994,16 +1004,6 @@
                     continue;
                   }
 
-
-                  // Check to see if the core server rejected the
-                  // connection (e.g., already too many connections
-                  // established).
-                  if (clientConnection.getConnectionID() < 0) {
-                    // The connection will have already been closed.
-                    iterator.remove();
-                    continue;
-                  }
-
                   // If we've gotten here, then we'll take the
                   // connection so invoke the post-connect plugins and
                   // register the client connection with a request

--
Gitblit v1.10.0