Ejemplo n.º 1
0
 private boolean invokePreOpPlugins() {
   executePostOpPlugins = true;
   PluginResult.PreOperation preOpResult = pluginConfigManager.invokePreOperationBindPlugins(this);
   if (!preOpResult.continueProcessing()) {
     setResultCode(preOpResult.getResultCode());
     appendErrorMessage(preOpResult.getErrorMessage());
     setMatchedDN(preOpResult.getMatchedDN());
     setReferralURLs(preOpResult.getReferralURLs());
     return false;
   } else {
     return true;
   }
 }
Ejemplo n.º 2
0
  /**
   * Process this bind operation in a local backend.
   *
   * @param wfe The local backend work-flow element.
   */
  public void processLocalBind(LocalBackendWorkflowElement wfe) {
    this.backend = wfe.getBackend();

    // Initialize a number of variables for use during the bind processing.
    clientConnection = getClientConnection();
    returnAuthzID = false;
    executePostOpPlugins = false;
    sizeLimit = DirectoryServer.getSizeLimit();
    timeLimit = DirectoryServer.getTimeLimit();
    lookthroughLimit = DirectoryServer.getLookthroughLimit();
    idleTimeLimit = DirectoryServer.getIdleTimeLimit();
    bindDN = getBindDN();
    saslMechanism = getSASLMechanism();
    authPolicyState = null;
    pwPolicyErrorType = null;
    pwPolicyControlRequested = false;
    isGraceLogin = false;
    isFirstWarning = false;
    mustChangePassword = false;
    pwPolicyWarningType = null;
    pwPolicyWarningValue = -1;
    pluginConfigManager = DirectoryServer.getPluginConfigManager();

    processBind();

    // Update the user's account with any password policy changes that may be
    // required.
    try {
      if (authPolicyState != null) {
        authPolicyState.finalizeStateAfterBind();
      }
    } catch (DirectoryException de) {
      logger.traceException(de);

      setResponseData(de);
    }

    // Invoke the post-operation bind plugins.
    if (executePostOpPlugins) {
      PluginResult.PostOperation postOpResult =
          pluginConfigManager.invokePostOperationBindPlugins(this);
      if (!postOpResult.continueProcessing()) {
        setResultCode(postOpResult.getResultCode());
        appendErrorMessage(postOpResult.getErrorMessage());
        setMatchedDN(postOpResult.getMatchedDN());
        setReferralURLs(postOpResult.getReferralURLs());
      }
    }

    // Update the authentication information for the user.
    AuthenticationInfo authInfo = getAuthenticationInfo();
    if (getResultCode() == ResultCode.SUCCESS && authInfo != null) {
      clientConnection.setAuthenticationInfo(authInfo);
      clientConnection.setSizeLimit(sizeLimit);
      clientConnection.setTimeLimit(timeLimit);
      clientConnection.setIdleTimeLimit(idleTimeLimit);
      clientConnection.setLookthroughLimit(lookthroughLimit);
      clientConnection.setMustChangePassword(mustChangePassword);

      if (returnAuthzID) {
        addResponseControl(new AuthorizationIdentityResponseControl(authInfo.getAuthorizationDN()));
      }
    }

    // See if we need to send a password policy control to the client.  If so,
    // then add it to the response.
    if (getResultCode() == ResultCode.SUCCESS) {
      if (pwPolicyControlRequested) {
        PasswordPolicyResponseControl pwpControl =
            new PasswordPolicyResponseControl(
                pwPolicyWarningType, pwPolicyWarningValue, pwPolicyErrorType);
        addResponseControl(pwpControl);
      } else {
        if (pwPolicyErrorType == PasswordPolicyErrorType.PASSWORD_EXPIRED) {
          addResponseControl(new PasswordExpiredControl());
        } else if (pwPolicyWarningType == PasswordPolicyWarningType.TIME_BEFORE_EXPIRATION) {
          addResponseControl(new PasswordExpiringControl(pwPolicyWarningValue));
        } else if (mustChangePassword) {
          addResponseControl(new PasswordExpiredControl());
        }
      }
    } else {
      if (pwPolicyControlRequested) {
        PasswordPolicyResponseControl pwpControl =
            new PasswordPolicyResponseControl(
                pwPolicyWarningType, pwPolicyWarningValue, pwPolicyErrorType);
        addResponseControl(pwpControl);
      } else {
        if (pwPolicyErrorType == PasswordPolicyErrorType.PASSWORD_EXPIRED) {
          addResponseControl(new PasswordExpiredControl());
        }
      }
    }
  }
Ejemplo n.º 3
0
  private void acceptConnection(SocketChannel clientChannel) throws DirectoryException {
    try {
      clientChannel.socket().setKeepAlive(currentConfig.isUseTCPKeepAlive());
      clientChannel.socket().setTcpNoDelay(currentConfig.isUseTCPNoDelay());
    } catch (SocketException se) {
      // TCP error occurred because connection reset/closed? In any case,
      // just close it and ignore.
      // See http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6378870
      close(clientChannel);
    }

    // Check to see if the core server rejected the
    // connection (e.g., already too many connections
    // established).
    LDAPClientConnection clientConnection =
        new LDAPClientConnection(this, clientChannel, getProtocol());
    if (clientConnection.getConnectionID() < 0) {
      clientConnection.disconnect(
          DisconnectReason.ADMIN_LIMIT_EXCEEDED, true, ERR_CONNHANDLER_REJECTED_BY_SERVER.get());
      return;
    }

    InetAddress clientAddr = clientConnection.getRemoteAddress();
    // Check to see if the client is on the denied list.
    // If so, then reject it immediately.
    if (!deniedClients.isEmpty() && AddressMask.matchesAny(deniedClients, clientAddr)) {
      clientConnection.disconnect(
          DisconnectReason.CONNECTION_REJECTED,
          currentConfig.isSendRejectionNotice(),
          ERR_CONNHANDLER_DENIED_CLIENT.get(
              clientConnection.getClientHostPort(), clientConnection.getServerHostPort()));
      return;
    }
    // Check to see if there is an allowed list and if
    // there is whether the client is on that list. If
    // not, then reject the connection.
    if (!allowedClients.isEmpty() && !AddressMask.matchesAny(allowedClients, clientAddr)) {
      clientConnection.disconnect(
          DisconnectReason.CONNECTION_REJECTED,
          currentConfig.isSendRejectionNotice(),
          ERR_CONNHANDLER_DISALLOWED_CLIENT.get(
              clientConnection.getClientHostPort(), clientConnection.getServerHostPort()));
      return;
    }

    // If we've gotten here, then we'll take the
    // connection so invoke the post-connect plugins and
    // register the client connection with a request
    // handler.
    try {
      PluginConfigManager pluginManager = DirectoryServer.getPluginConfigManager();
      PluginResult.PostConnect pluginResult =
          pluginManager.invokePostConnectPlugins(clientConnection);
      if (!pluginResult.continueProcessing()) {
        clientConnection.disconnect(
            pluginResult.getDisconnectReason(),
            pluginResult.sendDisconnectNotification(),
            pluginResult.getErrorMessage());
        return;
      }

      LDAPRequestHandler requestHandler = requestHandlers[requestHandlerIndex++];
      if (requestHandlerIndex >= numRequestHandlers) {
        requestHandlerIndex = 0;
      }
      requestHandler.registerClient(clientConnection);
    } catch (Exception e) {
      logger.traceException(e);

      LocalizableMessage message =
          INFO_CONNHANDLER_UNABLE_TO_REGISTER_CLIENT.get(
              clientConnection.getClientHostPort(),
              clientConnection.getServerHostPort(),
              getExceptionMessage(e));
      logger.debug(message);

      clientConnection.disconnect(
          DisconnectReason.SERVER_ERROR, currentConfig.isSendRejectionNotice(), message);
    }
  }