You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2015/04/22 01:32:53 UTC
svn commit: r1675209 -
/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java
Author: elecharny
Date: Tue Apr 21 23:32:53 2015
New Revision: 1675209
URL: http://svn.apache.org/r1675209
Log:
Check that the bindDn is a descendant of the delegateBaseDn attribute, otherwise simply don't authenticate
Modified:
directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java
Modified: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java?rev=1675209&r1=1675208&r2=1675209&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java (original)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java Tue Apr 21 23:32:53 2015
@@ -229,6 +229,14 @@ public class DelegatingAuthenticator ext
LOG.debug( "Authenticating {}", bindContext.getDn() );
}
+ // First, check that the Bind DN is under the delegateBaseDn
+ Dn bindDn = bindContext.getDn();
+
+ if ( ( delegateBaseDn != null ) && ( !bindDn.isDescendantOf( delegateBaseDn ) ) )
+ {
+ return null;
+ }
+
LdapConnectionConfig connectionConfig;
LdapNetworkConnection ldapConnection;
@@ -272,21 +280,20 @@ public class DelegatingAuthenticator ext
// Try to bind
try
{
- ldapConnection.bind( bindContext.getDn(),
- Strings.utf8ToString( bindContext.getCredentials() ) );
+ ldapConnection.bind( bindDn, Strings.utf8ToString( bindContext.getCredentials() ) );
// no need to remain bound to delegate host
ldapConnection.unBind();
}
catch ( LdapException le )
{
- String message = I18n.err( I18n.ERR_230, bindContext.getDn().getName() );
+ String message = I18n.err( I18n.ERR_230, bindDn.getName() );
LOG.info( message );
throw new LdapAuthenticationException( message );
}
// Create the new principal
- principal = new LdapPrincipal( getDirectoryService().getSchemaManager(), bindContext.getDn(),
+ principal = new LdapPrincipal( getDirectoryService().getSchemaManager(), bindDn,
AuthenticationLevel.SIMPLE,
bindContext.getCredentials() );
@@ -306,7 +313,7 @@ public class DelegatingAuthenticator ext
catch ( LdapException e )
{
// Bad password ...
- String message = I18n.err( I18n.ERR_230, bindContext.getDn().getName() );
+ String message = I18n.err( I18n.ERR_230, bindDn.getName() );
LOG.info( message );
throw new LdapAuthenticationException( message );
}