From 1c1400a568940232bff55fa95094716b87fc8d9a Mon Sep 17 00:00:00 2001
From: Jean-Noel Rouvignac <jean-noel.rouvignac@forgerock.com>
Date: Fri, 06 Dec 2013 16:13:01 +0000
Subject: [PATCH] OPENDJ-1088 (CR-2677) Wrong error message and result code when deleting branch as a user with insufficient access rights

---
 opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendBindOperation.java |   25 ++++++++-----------------
 1 files changed, 8 insertions(+), 17 deletions(-)

diff --git a/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendBindOperation.java b/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendBindOperation.java
index d3dacb6..94e9500 100644
--- a/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendBindOperation.java
+++ b/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendBindOperation.java
@@ -388,23 +388,18 @@
    * @throws  DirectoryException  If there is a problem with any of the
    *                              controls.
    */
-  private void handleRequestControls()
-          throws DirectoryException
+  private void handleRequestControls() throws DirectoryException
   {
+    LocalBackendWorkflowElement.removeAllDisallowedControls(bindDN, this);
+
     List<Control> requestControls = getRequestControls();
-    if ((requestControls != null) && (! requestControls.isEmpty()))
+    if (requestControls != null && !requestControls.isEmpty())
     {
       for (int i=0; i < requestControls.size(); i++)
       {
         Control c   = requestControls.get(i);
         String  oid = c.getOID();
 
-        if (!LocalBackendWorkflowElement.isControlAllowed(bindDN, this, c))
-        {
-          // Skip disallowed non-critical controls.
-          continue;
-        }
-
         if (oid.equals(OID_AUTHZID_REQUEST))
         {
           returnAuthzID = true;
@@ -415,7 +410,6 @@
         }
 
         // NYI -- Add support for additional controls.
-
         else if (c.isCritical())
         {
           throw new DirectoryException(
@@ -520,7 +514,6 @@
         PasswordPolicy policy = pwPolicyState.getAuthenticationPolicy();
 
         AttributeType pwType = policy.getPasswordAttribute();
-
         List<Attribute> pwAttr = userEntry.getAttribute(pwType);
         if ((pwAttr == null) || (pwAttr.isEmpty()))
         {
@@ -652,8 +645,7 @@
    * @throws  DirectoryException  If a problem occurs that should cause the bind
    *                              operation to fail.
    */
-  protected boolean processAnonymousSimpleBind()
-          throws DirectoryException
+  protected boolean processAnonymousSimpleBind() throws DirectoryException
   {
     // If the server is in lockdown mode, then fail.
     if (DirectoryServer.lockdownMode())
@@ -663,8 +655,8 @@
     }
 
     // If there is a bind DN, then see whether that is acceptable.
-    if (DirectoryServer.bindWithDNRequiresPassword() &&
-        ((bindDN != null) && (! bindDN.isNullDN())))
+    if (DirectoryServer.bindWithDNRequiresPassword()
+        && bindDN != null && !bindDN.isNullDN())
     {
       throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM,
                                    ERR_BIND_DN_BUT_NO_PASSWORD.get());
@@ -693,8 +685,7 @@
    * @throws  DirectoryException  If a problem occurs that should cause the bind
    *                              operation to fail.
    */
-  private boolean processSASLBind()
-          throws DirectoryException
+  private boolean processSASLBind() throws DirectoryException
   {
     // Get the appropriate authentication handler for this request based
     // on the SASL mechanism.  If there is none, then fail.

--
Gitblit v1.10.0