From 6ba09995f311475e99c52f3a6d01c96bc58b01a6 Mon Sep 17 00:00:00 2001
From: sin <sin@localhost>
Date: Wed, 22 Apr 2009 19:54:10 +0000
Subject: [PATCH] issue# 2624:ldapsearch: wrong return code when no password provided
---
opendj-sdk/opends/src/server/org/opends/server/tools/LDAPSearch.java | 11 +++++++++++
opendj-sdk/opends/src/messages/messages/tools.properties | 2 ++
opendj-sdk/opends/src/server/org/opends/server/tools/LDAPModify.java | 11 +++++++++++
opendj-sdk/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendBindOperation.java | 2 +-
opendj-sdk/opends/src/server/org/opends/server/tools/LDAPCompare.java | 11 +++++++++++
opendj-sdk/opends/src/server/org/opends/server/tools/LDAPDelete.java | 11 +++++++++++
opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/core/BindOperationTestCase.java | 3 +--
7 files changed, 48 insertions(+), 3 deletions(-)
diff --git a/opendj-sdk/opends/src/messages/messages/tools.properties b/opendj-sdk/opends/src/messages/messages/tools.properties
index 1fe2395..93d1150 100644
--- a/opendj-sdk/opends/src/messages/messages/tools.properties
+++ b/opendj-sdk/opends/src/messages/messages/tools.properties
@@ -2489,3 +2489,5 @@
provided as argument. No schema check will be performed. If this is being \
called throught the '%s' command-line, verify that the script has not been \
modified
+INFO_LDAPAUTH_NON_EMPTY_PASSWORD_1676=You must provide a non-empty password \
+to continue
diff --git a/opendj-sdk/opends/src/server/org/opends/server/tools/LDAPCompare.java b/opendj-sdk/opends/src/server/org/opends/server/tools/LDAPCompare.java
index 35b6d14..90dfe29 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/tools/LDAPCompare.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/tools/LDAPCompare.java
@@ -777,6 +777,17 @@
out.print(INFO_LDAPAUTH_PASSWORD_PROMPT.get(bindDNValue));
char[] pwChars = PasswordReader.readPassword();
bindPasswordValue = new String(pwChars);
+ //As per rfc 4513(section-5.1.2) a client should avoid sending
+ //an empty password to the server.
+ while(pwChars.length==0)
+ {
+ err.println(wrapText(
+ INFO_LDAPAUTH_NON_EMPTY_PASSWORD.get(),
+ MAX_LINE_WIDTH));
+ out.print(INFO_LDAPAUTH_PASSWORD_PROMPT.get(bindDNValue));
+ pwChars = PasswordReader.readPassword();
+ }
+ bindPasswordValue = new String(pwChars);
} catch(Exception ex)
{
if (debugEnabled())
diff --git a/opendj-sdk/opends/src/server/org/opends/server/tools/LDAPDelete.java b/opendj-sdk/opends/src/server/org/opends/server/tools/LDAPDelete.java
index fceb1bf..0a070f8 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/tools/LDAPDelete.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/tools/LDAPDelete.java
@@ -653,6 +653,17 @@
out.print(INFO_LDAPAUTH_PASSWORD_PROMPT.get(bindDNValue));
char[] pwChars = PasswordReader.readPassword();
bindPasswordValue = new String(pwChars);
+ //As per rfc 4513(section-5.1.2) a client should avoid sending
+ //an empty password to the server.
+ while(pwChars.length==0)
+ {
+ err.println(wrapText(
+ INFO_LDAPAUTH_NON_EMPTY_PASSWORD.get(),
+ MAX_LINE_WIDTH));
+ out.print(INFO_LDAPAUTH_PASSWORD_PROMPT.get(bindDNValue));
+ pwChars = PasswordReader.readPassword();
+ }
+ bindPasswordValue = new String(pwChars);
} catch(Exception ex)
{
if (debugEnabled())
diff --git a/opendj-sdk/opends/src/server/org/opends/server/tools/LDAPModify.java b/opendj-sdk/opends/src/server/org/opends/server/tools/LDAPModify.java
index 38f9044..9501bd8 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/tools/LDAPModify.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/tools/LDAPModify.java
@@ -982,6 +982,17 @@
out.print(INFO_LDAPAUTH_PASSWORD_PROMPT.get(bindDNValue));
char[] pwChars = PasswordReader.readPassword();
bindPasswordValue = new String(pwChars);
+ //As per rfc 4513(section-5.1.2) a client should avoid sending
+ //an empty password to the server.
+ while(pwChars.length==0)
+ {
+ err.println(wrapText(
+ INFO_LDAPAUTH_NON_EMPTY_PASSWORD.get(),
+ MAX_LINE_WIDTH));
+ out.print(INFO_LDAPAUTH_PASSWORD_PROMPT.get(bindDNValue));
+ pwChars = PasswordReader.readPassword();
+ }
+ bindPasswordValue = new String(pwChars);
} catch(Exception ex)
{
if (debugEnabled())
diff --git a/opendj-sdk/opends/src/server/org/opends/server/tools/LDAPSearch.java b/opendj-sdk/opends/src/server/org/opends/server/tools/LDAPSearch.java
index 0db90e4..0257094 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/tools/LDAPSearch.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/tools/LDAPSearch.java
@@ -1233,6 +1233,17 @@
out.print(INFO_LDAPAUTH_PASSWORD_PROMPT.get(bindDNValue));
char[] pwChars = PasswordReader.readPassword();
bindPasswordValue = new String(pwChars);
+ //As per rfc 4513(section-5.1.2) a client should avoid sending
+ //an empty password to the server.
+ while(pwChars.length ==0)
+ {
+ err.println(wrapText(
+ INFO_LDAPAUTH_NON_EMPTY_PASSWORD.get(),
+ MAX_LINE_WIDTH));
+ out.print(INFO_LDAPAUTH_PASSWORD_PROMPT.get(bindDNValue));
+ pwChars = PasswordReader.readPassword();
+ }
+ bindPasswordValue = new String(pwChars);
} catch(Exception ex)
{
if (debugEnabled())
diff --git a/opendj-sdk/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendBindOperation.java b/opendj-sdk/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendBindOperation.java
index bd7b9b7..be86dcb 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendBindOperation.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendBindOperation.java
@@ -727,7 +727,7 @@
if (DirectoryServer.bindWithDNRequiresPassword() &&
((bindDN != null) && (! bindDN.isNullDN())))
{
- throw new DirectoryException(ResultCode.INAPPROPRIATE_AUTHENTICATION,
+ throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM,
ERR_BIND_DN_BUT_NO_PASSWORD.get());
}
diff --git a/opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/core/BindOperationTestCase.java b/opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/core/BindOperationTestCase.java
index b127eb9..c8e9610 100644
--- a/opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/core/BindOperationTestCase.java
+++ b/opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/core/BindOperationTestCase.java
@@ -36,7 +36,6 @@
import org.testng.annotations.Test;
import org.opends.server.TestCaseUtils;
-import org.opends.server.core.BindOperation;
import org.opends.server.plugins.DisconnectClientPlugin;
import org.opends.server.plugins.InvocationCounterPlugin;
import org.opends.server.plugins.ShortCircuitPlugin;
@@ -1771,7 +1770,7 @@
conn.processSimpleBind(ByteString.valueOf("cn=Directory Manager"),
ByteString.empty());
assertEquals(bindOperation.getResultCode(),
- ResultCode.INAPPROPRIATE_AUTHENTICATION);
+ ResultCode.UNWILLING_TO_PERFORM);
}
--
Gitblit v1.10.0