From f7036e50348484f4daf39f9e8457de602ab83939 Mon Sep 17 00:00:00 2001
From: coulbeck <coulbeck@localhost>
Date: Tue, 28 Aug 2007 15:54:13 +0000
Subject: [PATCH] Changes for replication security issues 511, 512, 608.
---
opends/src/server/org/opends/server/replication/protocol/ServerStartMessage.java | 37 +++++++++++++++++++++++++++++++++++--
1 files changed, 35 insertions(+), 2 deletions(-)
diff --git a/opends/src/server/org/opends/server/replication/protocol/ServerStartMessage.java b/opends/src/server/org/opends/server/replication/protocol/ServerStartMessage.java
index a046356..693223f 100644
--- a/opends/src/server/org/opends/server/replication/protocol/ServerStartMessage.java
+++ b/opends/src/server/org/opends/server/replication/protocol/ServerStartMessage.java
@@ -63,6 +63,12 @@
private long heartbeatInterval = 0;
/**
+ * Whether to continue using SSL to encrypt messages after the start
+ * messages have been exchanged.
+ */
+ private boolean sslEncryption;
+
+ /**
* Create a new ServerStartMessage.
*
* @param serverId The serverId of the server for which the ServerStartMessage
@@ -76,13 +82,16 @@
* @param heartbeatInterval The requested heartbeat interval.
* @param serverState The state of this server.
* @param protocolVersion The replication protocol version of the creator.
+ * @param sslEncryption Whether to continue using SSL to encrypt messages
+ * after the start messages have been exchanged.
*/
public ServerStartMessage(short serverId, DN baseDn, int maxReceiveDelay,
int maxReceiveQueue, int maxSendDelay,
int maxSendQueue, int windowSize,
long heartbeatInterval,
ServerState serverState,
- short protocolVersion)
+ short protocolVersion,
+ boolean sslEncryption)
{
super(protocolVersion);
@@ -94,7 +103,7 @@
this.maxSendQueue = maxSendQueue;
this.windowSize = windowSize;
this.heartbeatInterval = heartbeatInterval;
-
+ this.sslEncryption = sslEncryption;
this.serverState = serverState;
try
@@ -194,6 +203,13 @@
pos += length +1;
/*
+ * read the sslEncryption setting
+ */
+ length = getNextLength(in, pos);
+ sslEncryption = Boolean.valueOf(new String(in, pos, length, "UTF-8"));
+ pos += length +1;
+
+ /*
* read the ServerState
*/
serverState = new ServerState(in, pos, in.length-1);
@@ -308,6 +324,8 @@
String.valueOf(windowSize).getBytes("UTF-8");
byte[] byteHeartbeatInterval =
String.valueOf(heartbeatInterval).getBytes("UTF-8");
+ byte[] byteSSLEncryption =
+ String.valueOf(sslEncryption).getBytes("UTF-8");
byte[] byteServerState = serverState.getBytes();
int length = byteDn.length + 1 + byteServerId.length + 1 +
@@ -318,6 +336,7 @@
byteMaxSendQueue.length + 1 +
byteWindowSize.length + 1 +
byteHeartbeatInterval.length + 1 +
+ byteSSLEncryption.length + 1 +
byteServerState.length + 1;
/* encode the header in a byte[] large enough to also contain the mods */
@@ -342,6 +361,8 @@
pos = addByteArray(byteHeartbeatInterval, resultByteArray, pos);
+ pos = addByteArray(byteSSLEncryption, resultByteArray, pos);
+
pos = addByteArray(byteServerState, resultByteArray, pos);
return resultByteArray;
@@ -373,4 +394,16 @@
{
return heartbeatInterval;
}
+
+ /**
+ * Get the SSL encryption value for the ldap server that created the
+ * message.
+ *
+ * @return The SSL encryption value for the ldap server that created the
+ * message.
+ */
+ public boolean getSSLEncryption()
+ {
+ return sslEncryption;
+ }
}
--
Gitblit v1.10.0