From 139c40de1bc595ccd4b8ca952da9e2a37bc8a18e Mon Sep 17 00:00:00 2001
From: dugan <dugan@localhost>
Date: Wed, 05 Nov 2008 13:22:43 +0000
Subject: [PATCH] These fixes add confidentiality/integrity to the SASL GSSAPI and DIGEST-MD5 mechanisms. The issue links:

---
 opends/src/server/org/opends/server/protocols/ldap/LDAPClientConnection.java |   25 +++++++++++++++++++------
 1 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/opends/src/server/org/opends/server/protocols/ldap/LDAPClientConnection.java b/opends/src/server/org/opends/server/protocols/ldap/LDAPClientConnection.java
index 60e3443..c4e0248 100644
--- a/opends/src/server/org/opends/server/protocols/ldap/LDAPClientConnection.java
+++ b/opends/src/server/org/opends/server/protocols/ldap/LDAPClientConnection.java
@@ -59,7 +59,6 @@
 import org.opends.server.core.SearchOperation;
 import org.opends.server.core.SearchOperationBasis;
 import org.opends.server.core.UnbindOperationBasis;
-import org.opends.server.core.networkgroups.NetworkGroup;
 import org.opends.server.extensions.NullConnectionSecurityProvider;
 import org.opends.server.extensions.TLSCapableConnection;
 import org.opends.server.extensions.TLSConnectionSecurityProvider;
@@ -220,7 +219,9 @@
   // if StartTLS is requested.
   private TLSConnectionSecurityProvider tlsSecurityProvider;
 
-
+  //The SASL connection provider used if confidentiality/integrity is negotiated
+  //during a SASL bind (GSSAPI and DIGEST-MD5 only).
+  private ConnectionSecurityProvider saslSecurityProvider;
 
   /**
    * Creates a new LDAP client connection with the provided information.
@@ -237,9 +238,6 @@
 
 
     this.connectionHandler     = connectionHandler;
-    if (connectionHandler.isAdminConnectionHandler()) {
-      setNetworkGroup(NetworkGroup.getAdminNetworkGroup());
-    }
     this.clientChannel         = clientChannel;
     this.securityProvider      = null;
     this.clearSecurityProvider = null;
@@ -479,12 +477,27 @@
    */
   public ConnectionSecurityProvider getConnectionSecurityProvider()
   {
-    return securityProvider;
+      if(saslSecurityProvider != null && saslSecurityProvider.isActive())
+          securityProvider =  saslSecurityProvider;
+      return securityProvider;
   }
 
 
 
   /**
+   * Set the security provider to be used to process SASL (DIGEST-MD5, GSSAPI)
+   * confidentiality/integrity messages.
+   *
+   * @param secProvider The security provider to use.
+   */
+    public void
+    setSASLConnectionSecurityProvider(ConnectionSecurityProvider secProvider) {
+        saslSecurityProvider = secProvider;
+    }
+
+
+
+  /**
    * Specifies the connection security provider for this client connection.
    *
    * @param  securityProvider  The connection security provider to use for

--
Gitblit v1.10.0