From 50eecfac301a49564cd88a2d8c180bbd72a6185d Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Sun, 04 Feb 2007 02:58:26 +0000
Subject: [PATCH] Update the process that SASL mechanisms use to set authentication info for the bind operation.  Previously, they were setting it directly in the client connection, which introduced the possibility that a failure in bind processing which occurred after the SASL credentials were validated could result in a case in which a failure was returned to the client but the associated connection could still be authenticated in the server.  SASL mechanism handlers will now set the authentication info in the bind operation and it will only be updated in the client connection if all processing associated with the bind operation is successful.

---
 opends/src/server/org/opends/server/core/BindOperation.java |   39 ++++++++++++++++++++++++++++++++++++++-
 1 files changed, 38 insertions(+), 1 deletions(-)

diff --git a/opends/src/server/org/opends/server/core/BindOperation.java b/opends/src/server/org/opends/server/core/BindOperation.java
index b814d82..fa694e4 100644
--- a/opends/src/server/org/opends/server/core/BindOperation.java
+++ b/opends/src/server/org/opends/server/core/BindOperation.java
@@ -113,6 +113,9 @@
   // The server SASL credentials provided to the client in the response.
   private ASN1OctetString serverSASLCredentials;
 
+  // The authentication info for this bind operation.
+  private AuthenticationInfo authInfo;
+
   // The authentication type used for this bind operation.
   private AuthenticationType authType;
 
@@ -751,6 +754,40 @@
 
 
   /**
+   * Retrieves the authentication info that resulted from processing this bind
+   * operation.  It will only be valid if the bind processing was successful.
+   *
+   * @return  The authentication info that resulted from processing this bind
+   *          operation.
+   */
+  public final AuthenticationInfo getAuthenticationInfo()
+  {
+    assert debugEnter(CLASS_NAME, "getAuthenticationInfo");
+
+    return authInfo;
+  }
+
+
+
+  /**
+   * Specifies the authentication info that resulted from processing this bind
+   * operation.  This method must only be called by SASL mechanism handlers
+   * during the course of processing the {@code processSASLBind} method.
+   *
+   * @param  authInfo  The authentication info that resulted from processing
+   *                   this bind operation.
+   */
+  public final void setAuthenticationInfo(AuthenticationInfo authInfo)
+  {
+    assert debugEnter(CLASS_NAME, "setAuthenticationInfo",
+                      String.valueOf(authInfo));
+
+    this.authInfo = authInfo;
+  }
+
+
+
+  /**
    * {@inheritDoc}
    */
   @Override()
@@ -979,7 +1016,7 @@
     // Wipe out any existing authentication for the client connection and create
     // a placeholder that will be used if the bind is successful.
     clientConnection.setUnauthenticated();
-    AuthenticationInfo authInfo = null;
+    authInfo = null;
 
 
     // Abandon any operations that may be in progress for the client.

--
Gitblit v1.10.0