From 594d7dc0035cd90e3faa469fdd1d5e178e0efae8 Mon Sep 17 00:00:00 2001
From: sin <sin@localhost>
Date: Tue, 23 Jan 2007 17:37:11 +0000
Subject: [PATCH] Bug# 428: Adding support for rejecting unauthenticated requests
---
opends/src/server/org/opends/server/core/DirectoryServer.java | 70 +++++++++++++++++++++++++++++++++++
1 files changed, 70 insertions(+), 0 deletions(-)
diff --git a/opends/src/server/org/opends/server/core/DirectoryServer.java b/opends/src/server/org/opends/server/core/DirectoryServer.java
index f9bb224..280134a 100644
--- a/opends/src/server/org/opends/server/core/DirectoryServer.java
+++ b/opends/src/server/org/opends/server/core/DirectoryServer.java
@@ -255,6 +255,9 @@
// Indicates whether the server is currently in the process of shutting down.
private boolean shuttingDown;
+ // Indicates whether the server should reject unauthenticated requests.
+ private boolean rejectUnauthenticatedRequests;
+
// The certificate mapper used to establish a mapping between client
// certificates and user entries.
private CertificateMapper certificateMapper;
@@ -6647,6 +6650,41 @@
}
+ //Reject or accept the unauthenticated requests based on the configuration
+ // settings.
+ if(directoryServer.rejectUnauthenticatedRequests &&
+ !clientConnection.getAuthenticationInfo().isAuthenticated())
+ {
+ switch(operation.getOperationType())
+ {
+ case ADD:
+ case COMPARE:
+ case DELETE:
+ case SEARCH:
+ case MODIFY:
+ case MODIFY_DN:
+ int msgID = MSGID_REJECT_UNAUTHENTICATED_OPERATION;
+ String message = getMessage(msgID);
+ throw new DirectoryException(
+ ResultCode.UNWILLING_TO_PERFORM,message,msgID);
+ case EXTENDED:
+ ExtendedOperation extOp = (ExtendedOperation) operation;
+ String requestOID = extOp.getRequestOID();
+ if (!((requestOID != null) &&
+ requestOID.equals(OID_START_TLS_REQUEST)))
+ {
+ msgID = MSGID_REJECT_UNAUTHENTICATED_OPERATION;
+ message = getMessage(msgID);
+ throw new DirectoryException(
+ ResultCode.UNWILLING_TO_PERFORM,message,msgID);
+ }
+ break;
+
+ }
+
+ }
+
+
// If the associated user is required to change their password before
// continuing, then make sure the associated operation is one that could
// result in the password being changed. If not, then reject it.
@@ -7559,6 +7597,38 @@
/**
+ * Indicates whether an unauthenticated request should be rejected.
+ *
+ * @return <CODE>true</CODE>if an unauthenticated request should be
+ * rejected, or <CODE>false</CODE>f if not.
+ */
+ public static boolean rejectUnauthenticatedRequests()
+ {
+ assert debugEnter(CLASS_NAME, "rejectUnauthenticatedRequests");
+
+ return directoryServer.rejectUnauthenticatedRequests;
+ }
+
+ /**
+ * Specifies whether an unauthenticated request should be rejected.
+ *
+ * @param rejectUnauthenticatedRequests Indicates whether an
+ * unauthenticated request should
+ * be rejected.
+ */
+ public static void setRejectUnauthenticatedRequests(boolean
+ rejectUnauthenticatedRequests)
+ {
+ assert debugEnter(CLASS_NAME, "rejectUnauthenticatedRequests",
+ String.valueOf(rejectUnauthenticatedRequests));
+
+ directoryServer.rejectUnauthenticatedRequests =
+ rejectUnauthenticatedRequests;
+ }
+
+
+
+ /**
* Retrieves the DN of the configuration entry with which this alert generator
* is associated.
*
--
Gitblit v1.10.0