From 23cb06fe1592c018cbf1e7303c60067cd5a7458e Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Wed, 21 Mar 2007 04:36:37 +0000
Subject: [PATCH] Update the LDAP connection handler so that it will properly terminate the client connection if a problem occurs while attempting to assign the connection security provider for that connection.
---
opends/src/server/org/opends/server/messages/ProtocolMessages.java | 15 +++++++++++++++
opends/src/server/org/opends/server/protocols/ldap/LDAPConnectionHandler.java | 28 +++++++++++++++++++++++-----
2 files changed, 38 insertions(+), 5 deletions(-)
diff --git a/opends/src/server/org/opends/server/messages/ProtocolMessages.java b/opends/src/server/org/opends/server/messages/ProtocolMessages.java
index 6d6a2b5..09c2150 100644
--- a/opends/src/server/org/opends/server/messages/ProtocolMessages.java
+++ b/opends/src/server/org/opends/server/messages/ProtocolMessages.java
@@ -4348,6 +4348,17 @@
/**
+ * The message ID for the message that will be used if an error occurs while
+ * attempting to configure the connection security provider for a new
+ * connection. This takes a single argument, which is a string representation
+ * of the exception that was caught.
+ */
+ public static final int MSGID_LDAP_CONNHANDLER_CANNOT_SET_SECURITY_PROVIDER =
+ CATEGORY_MASK_PROTOCOL | SEVERITY_MASK_MILD_ERROR | 401;
+
+
+
+ /**
* Associates a set of generic messages with the message IDs defined in this
* class.
*/
@@ -5230,6 +5241,10 @@
"The connection attempt from client %s to %s has been " +
"rejected because the client was not included in one of " +
"the allowed address ranges.");
+ registerMessage(MSGID_LDAP_CONNHANDLER_CANNOT_SET_SECURITY_PROVIDER,
+ "An error occurred while attempting to configure the " +
+ "connection security provider for the client " +
+ "connection: %s.");
registerMessage(MSGID_LDAP_CONNHANDLER_UNABLE_TO_REGISTER_CLIENT,
"An internal error prevented the Directory Server from " +
"properly registering the client connection from %s to " +
diff --git a/opends/src/server/org/opends/server/protocols/ldap/LDAPConnectionHandler.java b/opends/src/server/org/opends/server/protocols/ldap/LDAPConnectionHandler.java
index 4eaf805..554f2dd 100644
--- a/opends/src/server/org/opends/server/protocols/ldap/LDAPConnectionHandler.java
+++ b/opends/src/server/org/opends/server/protocols/ldap/LDAPConnectionHandler.java
@@ -1485,11 +1485,29 @@
}
clientChannel.socket().setKeepAlive(useKeepAlive);
clientChannel.socket().setTcpNoDelay(useTCPNoDelay);
- ConnectionSecurityProvider connectionSecurityProvider =
- securityProvider.newInstance(clientConnection,
- clientChannel);
- clientConnection.setConnectionSecurityProvider(
- connectionSecurityProvider);
+
+ try
+ {
+ ConnectionSecurityProvider connectionSecurityProvider =
+ securityProvider.newInstance(clientConnection,
+ clientChannel);
+ clientConnection.setConnectionSecurityProvider(
+ connectionSecurityProvider);
+ }
+ catch (Exception e)
+ {
+ if (debugEnabled())
+ {
+ debugCaught(DebugLogLevel.ERROR, e);
+ }
+
+ clientConnection.disconnect(
+ DisconnectReason.SECURITY_PROBLEM, false,
+ MSGID_LDAP_CONNHANDLER_CANNOT_SET_SECURITY_PROVIDER,
+ String.valueOf(e));
+ iterator.remove();
+ continue;
+ }
// Check to see if the core server rejected the connection
--
Gitblit v1.10.0