From f2a87ab4022947f0cd48715d7c37393f0ebfd60a Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Sat, 02 Jun 2007 00:27:17 +0000
Subject: [PATCH] Update the server to provide a lockdown mode.  This is a mode in which the server will only allow client connections over loopback interfaces and will reject requests from non-root users.  This can be used in cases where it would be helpful for the server to be online to address a problem, but there might be security risks in having it fully available (e.g., the server detects a malformed access control rule on startup, and we don't want to allow normal access to the server since that rule might be intended to prevent users from seeing sensitive information and not having it interpreted properly could be dangerous).

---
 opends/src/server/org/opends/server/core/BindOperation.java |   46 ++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 46 insertions(+), 0 deletions(-)

diff --git a/opends/src/server/org/opends/server/core/BindOperation.java b/opends/src/server/org/opends/server/core/BindOperation.java
index ce1f22a..3f780ed 100644
--- a/opends/src/server/org/opends/server/core/BindOperation.java
+++ b/opends/src/server/org/opends/server/core/BindOperation.java
@@ -1104,6 +1104,19 @@
           // to allow it.
           if ((simplePassword == null) || (simplePassword.value().length == 0))
           {
+            // If the server is in lockdown mode, then fail.
+            if (DirectoryServer.lockdownMode())
+            {
+              setResultCode(ResultCode.INVALID_CREDENTIALS);
+
+              int msgID = MSGID_BIND_REJECTED_LOCKDOWN_MODE;
+              setAuthFailureReason(msgID, getMessage(msgID));
+
+              processingStopTime = System.currentTimeMillis();
+              logBindResponse(this);
+              break bindProcessing;
+            }
+
             // If there is a bind DN, then see whether that is acceptable.
             if (DirectoryServer.bindWithDNRequiresPassword() &&
                 ((bindDN != null) && (! bindDN.isNullDN())))
@@ -1447,6 +1460,16 @@
               setResultCode(ResultCode.SUCCESS);
 
               boolean isRoot = DirectoryServer.isRootDN(userEntry.getDN());
+              if (DirectoryServer.lockdownMode() && (! isRoot))
+              {
+                setResultCode(ResultCode.INVALID_CREDENTIALS);
+
+                int msgID = MSGID_BIND_REJECTED_LOCKDOWN_MODE;
+                setAuthFailureReason(msgID, getMessage(msgID));
+
+                break bindProcessing;
+              }
+
               authInfo = new AuthenticationInfo(userEntry, simplePassword,
                                                 isRoot);
 
@@ -1727,6 +1750,29 @@
           saslHandler.processSASLBind(this);
 
 
+          // If the server is operating in lockdown mode, then we will need to
+          // ensure that the authentication was successful and performed as a
+          // root user to continue.
+          if (DirectoryServer.lockdownMode())
+          {
+            ResultCode resultCode = getResultCode();
+            if (resultCode != ResultCode.SASL_BIND_IN_PROGRESS)
+            {
+              if ((resultCode != ResultCode.SUCCESS) ||
+                  (saslAuthUserEntry == null) ||
+                  (! DirectoryServer.isRootDN(saslAuthUserEntry.getDN())))
+              {
+                setResultCode(ResultCode.INVALID_CREDENTIALS);
+
+                int msgID = MSGID_BIND_REJECTED_LOCKDOWN_MODE;
+                setAuthFailureReason(msgID, getMessage(msgID));
+
+                break bindProcessing;
+              }
+            }
+          }
+
+
           // Create the password policy state object.
           String userDNString;
           if (saslAuthUserEntry == null)

--
Gitblit v1.10.0