From 1112197854c0922ba9a48acbb986b3f20d743c8f Mon Sep 17 00:00:00 2001
From: Matthew Swift <matthew.swift@forgerock.com>
Date: Thu, 10 May 2012 11:28:13 +0000
Subject: [PATCH] Fix OPENDJ-475: Incorrect behaviour/result code regarding non-critical controls
---
opends/src/server/org/opends/server/core/ExtendedOperationBasis.java | 24 +++++++++++++++++-------
1 files changed, 17 insertions(+), 7 deletions(-)
diff --git a/opends/src/server/org/opends/server/core/ExtendedOperationBasis.java b/opends/src/server/org/opends/server/core/ExtendedOperationBasis.java
index 0aeb4ae..d0d0c50 100644
--- a/opends/src/server/org/opends/server/core/ExtendedOperationBasis.java
+++ b/opends/src/server/org/opends/server/core/ExtendedOperationBasis.java
@@ -23,7 +23,7 @@
*
*
* Copyright 2006-2010 Sun Microsystems, Inc.
- * Portions copyright 2011 ForgeRock AS.
+ * Portions copyright 2011-2012 ForgeRock AS.
*/
package org.opends.server.core;
import org.opends.messages.MessageBuilder;
@@ -419,13 +419,23 @@
try
{
if (!AccessControlConfigManager.getInstance()
- .getAccessControlHandler().isAllowed(
- this.getAuthorizationDN(), this, c))
+ .getAccessControlHandler()
+ .isAllowed(getAuthorizationDN(), this, c))
{
- setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);
- appendErrorMessage(ERR_CONTROL_INSUFFICIENT_ACCESS_RIGHTS
- .get(c.getOID()));
- return;
+ // As per RFC 4511 4.1.11.
+ if (c.isCritical())
+ {
+ setResultCode(ResultCode.UNAVAILABLE_CRITICAL_EXTENSION);
+ appendErrorMessage(ERR_CONTROL_INSUFFICIENT_ACCESS_RIGHTS
+ .get(c.getOID()));
+ }
+ else
+ {
+ // We don't want to process this non-critical control, so
+ // remove it.
+ removeRequestControl(c);
+ continue;
+ }
}
}
catch (DirectoryException e)
--
Gitblit v1.10.0