From 50eecfac301a49564cd88a2d8c180bbd72a6185d Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Sun, 04 Feb 2007 02:58:26 +0000
Subject: [PATCH] Update the process that SASL mechanisms use to set authentication info for the bind operation.  Previously, they were setting it directly in the client connection, which introduced the possibility that a failure in bind processing which occurred after the SASL credentials were validated could result in a case in which a failure was returned to the client but the associated connection could still be authenticated in the server.  SASL mechanism handlers will now set the authentication info in the bind operation and it will only be updated in the client connection if all processing associated with the bind operation is successful.

---
 opends/src/server/org/opends/server/extensions/GSSAPIStateInfo.java |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/opends/src/server/org/opends/server/extensions/GSSAPIStateInfo.java b/opends/src/server/org/opends/server/extensions/GSSAPIStateInfo.java
index 2234c3e..6d0f3b1 100644
--- a/opends/src/server/org/opends/server/extensions/GSSAPIStateInfo.java
+++ b/opends/src/server/org/opends/server/extensions/GSSAPIStateInfo.java
@@ -22,7 +22,7 @@
  * CDDL HEADER END
  *
  *
- *      Portions Copyright 2006 Sun Microsystems, Inc.
+ *      Portions Copyright 2006-2007 Sun Microsystems, Inc.
  */
 package org.opends.server.extensions;
 
@@ -432,7 +432,7 @@
     AuthenticationInfo authInfo =
          new AuthenticationInfo(userEntry.getDN(), SASL_MECHANISM_GSSAPI,
                                 DirectoryServer.isRootDN(userEntry.getDN()));
-    clientConnection.setAuthenticationInfo(authInfo);
+    bindOperation.setAuthenticationInfo(authInfo);
     bindOperation.setResultCode(ResultCode.SUCCESS);
 
     // FIXME -- If we're using integrity or confidentiality, then we can't do

--
Gitblit v1.10.0