You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ak...@apache.org on 2006/08/03 07:42:06 UTC
svn commit: r428245 - in /directory/trunks/apacheds: protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/BindHandler.java server-unit/src/test/java/org/apache/directory/server/IllegalLDAPVersionBindITest.java

Author: akarasulu
Date: Wed Aug  2 22:42:05 2006
New Revision: 428245

URL: http://svn.apache.org/viewvc?rev=428245&view=rev
Log:
DIRSERVER-632 fix to only use LDAPv3 for binds

Added:
    directory/trunks/apacheds/server-unit/src/test/java/org/apache/directory/server/IllegalLDAPVersionBindITest.java
Modified:
    directory/trunks/apacheds/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/BindHandler.java

Modified: directory/trunks/apacheds/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/BindHandler.java
URL: http://svn.apache.org/viewvc/directory/trunks/apacheds/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/BindHandler.java?rev=428245&r1=428244&r2=428245&view=diff
==============================================================================
--- directory/trunks/apacheds/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/BindHandler.java (original)
+++ directory/trunks/apacheds/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/BindHandler.java Wed Aug  2 22:42:05 2006
@@ -61,8 +61,15 @@
         LdapContext ctx;
         BindRequest req = ( BindRequest ) request;
         LdapResult result = req.getResultResponse().getLdapResult();
-        Hashtable env = SessionRegistry.getSingleton().getEnvironmentByCopy();
-
+        
+        if ( !req.getVersion3() )
+        {
+            result.setResultCode( ResultCodeEnum.PROTOCOLERROR );
+            result.setErrorMessage( "Only LDAP v3 is supported" );
+            session.write( req.getResultResponse() );
+            return;
+        }
+        
         // if the bind request is not simple then we freak: no strong auth yet
         if ( !req.isSimple() )
         {
@@ -73,6 +80,7 @@
         }
 
         // clone the environment first then add the required security settings
+        Hashtable env = SessionRegistry.getSingleton().getEnvironmentByCopy();
         byte[] creds = req.getCredentials();
         env.put( Context.SECURITY_PRINCIPAL, req.getName() );
         env.put( Context.SECURITY_CREDENTIALS, creds );

Added: directory/trunks/apacheds/server-unit/src/test/java/org/apache/directory/server/IllegalLDAPVersionBindITest.java
URL: http://svn.apache.org/viewvc/directory/trunks/apacheds/server-unit/src/test/java/org/apache/directory/server/IllegalLDAPVersionBindITest.java?rev=428245&view=auto
==============================================================================
--- directory/trunks/apacheds/server-unit/src/test/java/org/apache/directory/server/IllegalLDAPVersionBindITest.java (added)
+++ directory/trunks/apacheds/server-unit/src/test/java/org/apache/directory/server/IllegalLDAPVersionBindITest.java Wed Aug  2 22:42:05 2006
@@ -0,0 +1,65 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.directory.server;
+
+
+import netscape.ldap.LDAPConnection;
+import netscape.ldap.LDAPException;
+
+import org.apache.directory.server.unit.AbstractServerTest;
+
+
+/**
+ * If one tries to connect with an illegal LDAP protocol version, 
+ * no error occurs but should.  This is for 
+ * <a href="http://issues.apache.org/jira/browse/DIRSERVER-632">DIRSERVER-632</a>.
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev: $
+ */
+public class IllegalLDAPVersionBindITest extends AbstractServerTest
+{
+    static final String HOST = "localhost";
+    static final String USER = "uid=admin,ou=system";
+    static final String PASSWORD = "secret";
+
+    private LDAPConnection con = null;
+
+
+    public void testConnectWithIllegalLDAPVersion() throws LDAPException
+    {
+        int LDAP_VERSION = 4; // illegal
+
+        try
+        {
+            con = new LDAPConnection();
+            con.connect( LDAP_VERSION, HOST, port, USER, PASSWORD );
+            fail( "try to connect with illegal version number should fail" );
+        }
+        catch ( LDAPException e )
+        {
+            assertEquals( "statuscode", LDAPException.PROTOCOL_ERROR, e.getLDAPResultCode() );
+        }
+        finally
+        {
+            if ( con.isConnected() )
+            {
+                con.disconnect();
+            }
+        }
+    }
+}