From 3eaa39681e9b1baa434030c8472080ebce00f5bc Mon Sep 17 00:00:00 2001
From: Chris Ridd <chris.ridd@forgerock.com>
Date: Mon, 21 Sep 2015 08:48:02 +0000
Subject: [PATCH] OPENDJ-2280 Log specific messages for bind/StartTLS/SASL bind in progress
---
opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/core/ExtendedOperationBasis.java | 2
opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/protocols/ldap/LDAPClientConnection.java | 50 ++++++++++++++++---------
opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/api/ClientConnection.java | 33 +++++++++++++---
opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/core/BindOperationBasis.java | 2
opendj-sdk/opendj-server-legacy/src/messages/org/opends/messages/core.properties | 6 +++
5 files changed, 66 insertions(+), 27 deletions(-)
diff --git a/opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/api/ClientConnection.java b/opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/api/ClientConnection.java
index 06de38a..c509c38 100644
--- a/opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/api/ClientConnection.java
+++ b/opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/api/ClientConnection.java
@@ -93,11 +93,18 @@
protected AtomicBoolean saslBindInProgress;
/**
- * Indicates if a bind or start TLS request is currently in progress
- * on this client connection. If so, then no further socket reads
- * will occur until the request completes.
+ * Indicates if a bind request is currently in progress on this client
+ * connection. If so, then no further socket reads will occur until the
+ * request completes.
*/
- protected AtomicBoolean bindOrStartTLSInProgress;
+ protected AtomicBoolean bindInProgress;
+
+ /**
+ * Indicates if a Start TLS request is currently in progress on this client
+ * connection. If so, then no further socket reads will occur until the
+ * request completes.
+ */
+ protected AtomicBoolean startTLSInProgress;
/**
* Indicates whether any necessary finalization work has been done for this
@@ -139,7 +146,8 @@
authenticationInfo = new AuthenticationInfo();
saslAuthState = null;
saslBindInProgress = new AtomicBoolean(false);
- bindOrStartTLSInProgress = new AtomicBoolean(false);
+ bindInProgress = new AtomicBoolean(false);
+ startTLSInProgress = new AtomicBoolean(false);
sizeLimit = DirectoryServer.getSizeLimit();
timeLimit = DirectoryServer.getTimeLimit();
idleTimeLimit = DirectoryServer.getIdleTimeLimit();
@@ -1545,9 +1553,20 @@
* the socket again. This must be called after processing each
* bind request in a multistage SASL bind.
*/
- public void finishBindOrStartTLS()
+ public void finishBind()
{
- bindOrStartTLSInProgress.set(false);
+ bindInProgress.set(false);
+ }
+
+ /**
+ * Indicates a bind or start TLS request processing is finished
+ * and the client connection may start processing data read from
+ * the socket again. This must be called after processing each
+ * bind request in a multistage SASL bind.
+ */
+ public void finishStartTLS()
+ {
+ startTLSInProgress.set(false);
}
/**
diff --git a/opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/core/BindOperationBasis.java b/opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/core/BindOperationBasis.java
index 19eedfb..d713900 100644
--- a/opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/core/BindOperationBasis.java
+++ b/opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/core/BindOperationBasis.java
@@ -588,7 +588,7 @@
{
clientConnection.finishSaslBind();
}
- clientConnection.finishBindOrStartTLS();
+ clientConnection.finishBind();
invokePostResponsePlugins(workflowExecuted);
}
diff --git a/opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/core/ExtendedOperationBasis.java b/opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/core/ExtendedOperationBasis.java
index 496658d..0e6596b 100644
--- a/opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/core/ExtendedOperationBasis.java
+++ b/opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/core/ExtendedOperationBasis.java
@@ -424,7 +424,7 @@
if(requestOID.equals(OID_START_TLS_REQUEST))
{
- clientConnection.finishBindOrStartTLS();
+ clientConnection.finishStartTLS();
}
// Invoke the post-response extended plugins.
diff --git a/opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/protocols/ldap/LDAPClientConnection.java b/opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/protocols/ldap/LDAPClientConnection.java
index 5540d16..e469ab3 100644
--- a/opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/protocols/ldap/LDAPClientConnection.java
+++ b/opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/protocols/ldap/LDAPClientConnection.java
@@ -1537,7 +1537,7 @@
*/
int processDataRead()
{
- if (bindOrStartTLSInProgress.get())
+ if (bindInProgress.get() || startTLSInProgress.get())
{
// We should wait for the bind or startTLS to finish before
// reading any more data off the socket.
@@ -1618,12 +1618,17 @@
// terminated.
try
{
- if(bindOrStartTLSInProgress.get() ||
- (saslBindInProgress.get() &&
- message.getProtocolOpType() != OP_TYPE_BIND_REQUEST))
+ if (bindInProgress.get())
{
- throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION,
- ERR_ENQUEUE_BIND_IN_PROGRESS.get());
+ throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, ERR_ENQUEUE_BIND_IN_PROGRESS.get());
+ }
+ else if (startTLSInProgress.get())
+ {
+ throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, ERR_ENQUEUE_STARTTLS_IN_PROGRESS.get());
+ }
+ else if (saslBindInProgress.get() && message.getProtocolOpType() != OP_TYPE_BIND_REQUEST)
+ {
+ throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, ERR_ENQUEUE_SASLBIND_IN_PROGRESS.get());
}
boolean result;
@@ -1636,7 +1641,7 @@
result = processAddRequest(message, opControls);
return result;
case OP_TYPE_BIND_REQUEST:
- bindOrStartTLSInProgress.set(true);
+ bindInProgress.set(true);
if(message.getBindRequestProtocolOp().
getAuthenticationType() == AuthenticationType.SASL)
{
@@ -1645,7 +1650,7 @@
result = processBindRequest(message, opControls);
if(!result)
{
- bindOrStartTLSInProgress.set(false);
+ bindInProgress.set(false);
if(message.getBindRequestProtocolOp().
getAuthenticationType() == AuthenticationType.SASL)
{
@@ -1663,14 +1668,14 @@
if(message.getExtendedRequestProtocolOp().getOID().equals(
OID_START_TLS_REQUEST))
{
- bindOrStartTLSInProgress.set(true);
+ startTLSInProgress.set(true);
}
result = processExtendedRequest(message, opControls);
if(!result &&
message.getExtendedRequestProtocolOp().getOID().equals(
OID_START_TLS_REQUEST))
{
- bindOrStartTLSInProgress.set(false);
+ startTLSInProgress.set(false);
}
return result;
case OP_TYPE_MODIFY_REQUEST:
@@ -1727,7 +1732,7 @@
{
// LDAPv2 clients aren't allowed to send controls.
disconnect(DisconnectReason.PROTOCOL_ERROR, false,
- ERR_LDAPV2_CONTROLS_NOT_ALLOWED.get());
+ ERR_LDAPV2_CONTROLS_NOT_ALLOWED.get());
return false;
}
@@ -2594,18 +2599,27 @@
/** {@inheritDoc} */
@Override
- public void finishBindOrStartTLS()
+ public void finishBind()
+ {
+ if (this.saslPendingProvider != null)
+ {
+ enableSASL();
+ }
+
+ super.finishBind();
+ }
+
+
+
+ /** {@inheritDoc} */
+ @Override
+ public void finishStartTLS()
{
if(this.tlsPendingProvider != null)
{
enableTLS();
}
- if (this.saslPendingProvider != null)
- {
- enableSASL();
- }
-
- super.finishBindOrStartTLS();
+ super.finishStartTLS();
}
}
diff --git a/opendj-sdk/opendj-server-legacy/src/messages/org/opends/messages/core.properties b/opendj-sdk/opendj-server-legacy/src/messages/org/opends/messages/core.properties
index 27b3a31..d719528 100644
--- a/opendj-sdk/opendj-server-legacy/src/messages/org/opends/messages/core.properties
+++ b/opendj-sdk/opendj-server-legacy/src/messages/org/opends/messages/core.properties
@@ -881,6 +881,12 @@
ERR_ENQUEUE_BIND_IN_PROGRESS_501=A bind operation is currently in \
progress on the associated client connection. No other requests may be made \
on this client connection until the bind processing has completed
+ERR_ENQUEUE_STARTTLS_IN_PROGRESS_752=A StartTLS operation is currently in \
+ progress on the associated client connection. No other requests may be made \
+ on this client connection until the StartTLS processing has completed
+ERR_ENQUEUE_SASLBIND_IN_PROGRESS_753=A SASL bind operation is currently in \
+ progress on the associated client connection. No other requests may be made \
+ on this client connection until the SASL bind processing has completed
ERR_ENQUEUE_MUST_CHANGE_PASSWORD_502=%s must change their password \
before it will be allowed to request any other operations
ERR_PWPSTATE_CANNOT_DECODE_SUBENTRY_VALUE_AS_DN_504=An error occurred \
--
Gitblit v1.10.0