private boolean invokePreOpPlugins() {
executePostOpPlugins = true;
PluginResult.PreOperation preOpResult = pluginConfigManager.invokePreOperationBindPlugins(this);
if (!preOpResult.continueProcessing()) {
setResultCode(preOpResult.getResultCode());
appendErrorMessage(preOpResult.getErrorMessage());
setMatchedDN(preOpResult.getMatchedDN());
setReferralURLs(preOpResult.getReferralURLs());
return false;
} else {
return true;
}
}
/**
* Process this bind operation in a local backend.
*
* @param wfe The local backend work-flow element.
*/
public void processLocalBind(LocalBackendWorkflowElement wfe) {
this.backend = wfe.getBackend();
// Initialize a number of variables for use during the bind processing.
clientConnection = getClientConnection();
returnAuthzID = false;
executePostOpPlugins = false;
sizeLimit = DirectoryServer.getSizeLimit();
timeLimit = DirectoryServer.getTimeLimit();
lookthroughLimit = DirectoryServer.getLookthroughLimit();
idleTimeLimit = DirectoryServer.getIdleTimeLimit();
bindDN = getBindDN();
saslMechanism = getSASLMechanism();
authPolicyState = null;
pwPolicyErrorType = null;
pwPolicyControlRequested = false;
isGraceLogin = false;
isFirstWarning = false;
mustChangePassword = false;
pwPolicyWarningType = null;
pwPolicyWarningValue = -1;
pluginConfigManager = DirectoryServer.getPluginConfigManager();
processBind();
// Update the user's account with any password policy changes that may be
// required.
try {
if (authPolicyState != null) {
authPolicyState.finalizeStateAfterBind();
}
} catch (DirectoryException de) {
logger.traceException(de);
setResponseData(de);
}
// Invoke the post-operation bind plugins.
if (executePostOpPlugins) {
PluginResult.PostOperation postOpResult =
pluginConfigManager.invokePostOperationBindPlugins(this);
if (!postOpResult.continueProcessing()) {
setResultCode(postOpResult.getResultCode());
appendErrorMessage(postOpResult.getErrorMessage());
setMatchedDN(postOpResult.getMatchedDN());
setReferralURLs(postOpResult.getReferralURLs());
}
}
// Update the authentication information for the user.
AuthenticationInfo authInfo = getAuthenticationInfo();
if (getResultCode() == ResultCode.SUCCESS && authInfo != null) {
clientConnection.setAuthenticationInfo(authInfo);
clientConnection.setSizeLimit(sizeLimit);
clientConnection.setTimeLimit(timeLimit);
clientConnection.setIdleTimeLimit(idleTimeLimit);
clientConnection.setLookthroughLimit(lookthroughLimit);
clientConnection.setMustChangePassword(mustChangePassword);
if (returnAuthzID) {
addResponseControl(new AuthorizationIdentityResponseControl(authInfo.getAuthorizationDN()));
}
}
// See if we need to send a password policy control to the client. If so,
// then add it to the response.
if (getResultCode() == ResultCode.SUCCESS) {
if (pwPolicyControlRequested) {
PasswordPolicyResponseControl pwpControl =
new PasswordPolicyResponseControl(
pwPolicyWarningType, pwPolicyWarningValue, pwPolicyErrorType);
addResponseControl(pwpControl);
} else {
if (pwPolicyErrorType == PasswordPolicyErrorType.PASSWORD_EXPIRED) {
addResponseControl(new PasswordExpiredControl());
} else if (pwPolicyWarningType == PasswordPolicyWarningType.TIME_BEFORE_EXPIRATION) {
addResponseControl(new PasswordExpiringControl(pwPolicyWarningValue));
} else if (mustChangePassword) {
addResponseControl(new PasswordExpiredControl());
}
}
} else {
if (pwPolicyControlRequested) {
PasswordPolicyResponseControl pwpControl =
new PasswordPolicyResponseControl(
pwPolicyWarningType, pwPolicyWarningValue, pwPolicyErrorType);
addResponseControl(pwpControl);
} else {
if (pwPolicyErrorType == PasswordPolicyErrorType.PASSWORD_EXPIRED) {
addResponseControl(new PasswordExpiredControl());
}
}
}
}
private void acceptConnection(SocketChannel clientChannel) throws DirectoryException {
try {
clientChannel.socket().setKeepAlive(currentConfig.isUseTCPKeepAlive());
clientChannel.socket().setTcpNoDelay(currentConfig.isUseTCPNoDelay());
} catch (SocketException se) {
// TCP error occurred because connection reset/closed? In any case,
// just close it and ignore.
// See http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6378870
close(clientChannel);
}
// Check to see if the core server rejected the
// connection (e.g., already too many connections
// established).
LDAPClientConnection clientConnection =
new LDAPClientConnection(this, clientChannel, getProtocol());
if (clientConnection.getConnectionID() < 0) {
clientConnection.disconnect(
DisconnectReason.ADMIN_LIMIT_EXCEEDED, true, ERR_CONNHANDLER_REJECTED_BY_SERVER.get());
return;
}
InetAddress clientAddr = clientConnection.getRemoteAddress();
// Check to see if the client is on the denied list.
// If so, then reject it immediately.
if (!deniedClients.isEmpty() && AddressMask.matchesAny(deniedClients, clientAddr)) {
clientConnection.disconnect(
DisconnectReason.CONNECTION_REJECTED,
currentConfig.isSendRejectionNotice(),
ERR_CONNHANDLER_DENIED_CLIENT.get(
clientConnection.getClientHostPort(), clientConnection.getServerHostPort()));
return;
}
// Check to see if there is an allowed list and if
// there is whether the client is on that list. If
// not, then reject the connection.
if (!allowedClients.isEmpty() && !AddressMask.matchesAny(allowedClients, clientAddr)) {
clientConnection.disconnect(
DisconnectReason.CONNECTION_REJECTED,
currentConfig.isSendRejectionNotice(),
ERR_CONNHANDLER_DISALLOWED_CLIENT.get(
clientConnection.getClientHostPort(), clientConnection.getServerHostPort()));
return;
}
// If we've gotten here, then we'll take the
// connection so invoke the post-connect plugins and
// register the client connection with a request
// handler.
try {
PluginConfigManager pluginManager = DirectoryServer.getPluginConfigManager();
PluginResult.PostConnect pluginResult =
pluginManager.invokePostConnectPlugins(clientConnection);
if (!pluginResult.continueProcessing()) {
clientConnection.disconnect(
pluginResult.getDisconnectReason(),
pluginResult.sendDisconnectNotification(),
pluginResult.getErrorMessage());
return;
}
LDAPRequestHandler requestHandler = requestHandlers[requestHandlerIndex++];
if (requestHandlerIndex >= numRequestHandlers) {
requestHandlerIndex = 0;
}
requestHandler.registerClient(clientConnection);
} catch (Exception e) {
logger.traceException(e);
LocalizableMessage message =
INFO_CONNHANDLER_UNABLE_TO_REGISTER_CLIENT.get(
clientConnection.getClientHostPort(),
clientConnection.getServerHostPort(),
getExceptionMessage(e));
logger.debug(message);
clientConnection.disconnect(
DisconnectReason.SERVER_ERROR, currentConfig.isSendRejectionNotice(), message);
}
}
