From 594d7dc0035cd90e3faa469fdd1d5e178e0efae8 Mon Sep 17 00:00:00 2001
From: sin <sin@localhost>
Date: Tue, 23 Jan 2007 17:37:11 +0000
Subject: [PATCH] Bug# 428: Adding support for rejecting unauthenticated requests

---
 opends/src/server/org/opends/server/core/CoreConfigManager.java |  103 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 103 insertions(+), 0 deletions(-)

diff --git a/opends/src/server/org/opends/server/core/CoreConfigManager.java b/opends/src/server/org/opends/server/core/CoreConfigManager.java
index 7d8765b..fba2aa4 100644
--- a/opends/src/server/org/opends/server/core/CoreConfigManager.java
+++ b/opends/src/server/org/opends/server/core/CoreConfigManager.java
@@ -769,7 +769,40 @@
       DirectoryServer.setBindWithDNRequiresPassword(
                            DEFAULT_BIND_WITH_DN_REQUIRES_PW);
     }
+   // Determine whether an uauthenticated request should be rejected.
 
+    msgID = MSGID_CONFIG_CORE_DESCRIPTION_REJECT_UNAUTHENTICATED_REQUESTS;
+    BooleanConfigAttribute rejectRequestStub =
+    new BooleanConfigAttribute(ATTR_REJECT_UNAUTHENTICATED_REQ,
+                              getMessage(msgID), false);
+    try
+    {
+      BooleanConfigAttribute rejectRequestAttr=
+      (BooleanConfigAttribute)
+      configRoot.getConfigAttribute(rejectRequestStub);
+      if(rejectRequestAttr== null)
+      {
+        DirectoryServer.setRejectUnauthenticatedRequests(
+                       DEFAULT_REJECT_UNAUTHENTICATED_REQ);
+      }
+      else
+      {
+        DirectoryServer.setRejectUnauthenticatedRequests(
+                       rejectRequestAttr.activeValue());
+      }
+    }
+    catch (Exception e)
+    {
+      // An error occurred, but this should not be considered fatal.  Log an
+      // error message and use the default.
+      assert debugException(CLASS_NAME, "initializeCoreConfig", e);
+      logError(ErrorLogCategory.CONFIGURATION, ErrorLogSeverity.SEVERE_ERROR,
+         MSGID_CONFIG_CORE_REJECT_UNAUTHENTICATED_REQUESTS_INVALID,
+         String.valueOf(configEntryDN.toString()), String.valueOf(e));
+
+      DirectoryServer.setRejectUnauthenticatedRequests(
+                       DEFAULT_REJECT_UNAUTHENTICATED_REQ);
+    }
 
     DirectoryServer.registerConfigurableComponent(this);
   }
@@ -1641,6 +1674,30 @@
     }
 
 
+    // See if the entry specifies whether unauthenticated requests should be
+    // rejected.
+    msgID = MSGID_CONFIG_CORE_DESCRIPTION_REJECT_UNAUTHENTICATED_REQUESTS;
+    BooleanConfigAttribute rejectRequestStub =
+    new BooleanConfigAttribute(ATTR_REJECT_UNAUTHENTICATED_REQ,
+                              getMessage(msgID), false);
+    try
+    {
+      BooleanConfigAttribute rejectRequestAttr=
+          (BooleanConfigAttribute)
+              configEntry.getConfigAttribute(rejectRequestStub);
+    }
+    catch (Exception e)
+    {
+      assert debugException(CLASS_NAME, "hasAcceptableConfiguration", e);
+
+      // An error occurred, so the provided value must not be valid.
+      msgID = MSGID_CONFIG_CORE_REJECT_UNAUTHENTICATED_REQUESTS_INVALID;
+      unacceptableReasons.add(getMessage(msgID, configEntry.getDN().toString(),
+                                         String.valueOf(e)));
+      configIsAcceptable = false;
+    }
+
+
     // Get the DN of the default password policy configuration entry.  It must
     // be provided, and the DN must be associated with a valid password policy.
     msgID = MSGID_CONFIG_CORE_DESCRIPTION_DEFAULT_PWPOLICY_DN;
@@ -2289,6 +2346,41 @@
     }
 
 
+    // Determine whether an uauthenticated request should be rejected.
+
+    boolean rejectUnauthenticatedReq = DEFAULT_REJECT_UNAUTHENTICATED_REQ;
+    msgID = MSGID_CONFIG_CORE_DESCRIPTION_REJECT_UNAUTHENTICATED_REQUESTS;
+    BooleanConfigAttribute rejectRequestStub =
+    new BooleanConfigAttribute(ATTR_REJECT_UNAUTHENTICATED_REQ,
+                              getMessage(msgID), false);
+    try
+    {
+      BooleanConfigAttribute rejectRequestAttr=
+      (BooleanConfigAttribute)
+      configEntry.getConfigAttribute(rejectRequestStub);
+      if(rejectRequestAttr!= null)
+      {
+        rejectUnauthenticatedReq = rejectRequestAttr.pendingValue();
+      }
+    }
+    catch (Exception e)
+    {
+       assert debugException(CLASS_NAME, "applyNewConfiguration", e);
+
+      // An error occurred, so we will not allow this configuration change to
+      // take place.
+      if (resultCode == ResultCode.SUCCESS)
+      {
+        resultCode = ResultCode.INVALID_ATTRIBUTE_SYNTAX;
+      }
+
+      msgID = MSGID_CONFIG_CORE_REJECT_UNAUTHENTICATED_REQUESTS_INVALID;
+      resultMessages.add(getMessage(msgID, configEntry.getDN().toString(),
+                                    String.valueOf(e)));
+    }
+
+
+
     // Ge the DN of the default password policy configuration entry.
     DN defaultPWPolicyDN = null;
     msgID = MSGID_CONFIG_CORE_DESCRIPTION_DEFAULT_PWPOLICY_DN;
@@ -2485,6 +2577,17 @@
                                       String.valueOf(defaultPWPolicyDN),
                                       configEntryDN.toString()));
       }
+
+
+      DirectoryServer.setRejectUnauthenticatedRequests(
+                        rejectUnauthenticatedReq);
+      if (detailedResults)
+      {
+        resultMessages.add(getMessage(MSGID_CONFIG_SET_ATTRIBUTE,
+                                      ATTR_REJECT_UNAUTHENTICATED_REQ,
+                                      String.valueOf(rejectUnauthenticatedReq),
+                                      configEntryDN.toString()));
+      }
     }
 
 

--
Gitblit v1.10.0