You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2015/04/22 01:32:53 UTC

svn commit: r1675209 - /directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java

Author: elecharny
Date: Tue Apr 21 23:32:53 2015
New Revision: 1675209

URL: http://svn.apache.org/r1675209
Log:
Check that the bindDn is a descendant of the delegateBaseDn attribute, otherwise simply don't authenticate

Modified:
    directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java

Modified: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java?rev=1675209&r1=1675208&r2=1675209&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java (original)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java Tue Apr 21 23:32:53 2015
@@ -229,6 +229,14 @@ public class DelegatingAuthenticator ext
             LOG.debug( "Authenticating {}", bindContext.getDn() );
         }
 
+        // First, check that the Bind DN is under the delegateBaseDn
+        Dn bindDn = bindContext.getDn();
+
+        if ( ( delegateBaseDn != null ) && ( !bindDn.isDescendantOf( delegateBaseDn ) ) )
+        {
+            return null;
+        }
+
         LdapConnectionConfig connectionConfig;
         LdapNetworkConnection ldapConnection;
 
@@ -272,21 +280,20 @@ public class DelegatingAuthenticator ext
             // Try to bind
             try
             {
-                ldapConnection.bind( bindContext.getDn(),
-                    Strings.utf8ToString( bindContext.getCredentials() ) );
+                ldapConnection.bind( bindDn, Strings.utf8ToString( bindContext.getCredentials() ) );
 
                 // no need to remain bound to delegate host
                 ldapConnection.unBind();
             }
             catch ( LdapException le )
             {
-                String message = I18n.err( I18n.ERR_230, bindContext.getDn().getName() );
+                String message = I18n.err( I18n.ERR_230, bindDn.getName() );
                 LOG.info( message );
                 throw new LdapAuthenticationException( message );
             }
 
             // Create the new principal
-            principal = new LdapPrincipal( getDirectoryService().getSchemaManager(), bindContext.getDn(),
+            principal = new LdapPrincipal( getDirectoryService().getSchemaManager(), bindDn,
                 AuthenticationLevel.SIMPLE,
                 bindContext.getCredentials() );
 
@@ -306,7 +313,7 @@ public class DelegatingAuthenticator ext
         catch ( LdapException e )
         {
             // Bad password ...
-            String message = I18n.err( I18n.ERR_230, bindContext.getDn().getName() );
+            String message = I18n.err( I18n.ERR_230, bindDn.getName() );
             LOG.info( message );
             throw new LdapAuthenticationException( message );
         }