You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@directory.apache.org by el...@apache.org on 2009/02/27 18:29:53 UTC

svn commit: r748610 - /directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/BindHandler.java

Author: elecharny
Date: Fri Feb 27 17:29:53 2009
New Revision: 748610

URL: http://svn.apache.org/viewvc?rev=748610&view=rev
Log:
Replaced the user explicit message by a generic one to defeat a potential exploit. A malevolent user won't know if the bind failed because the password is incorrect or because the principalDN is non existent.

Modified:
    directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/BindHandler.java

Modified: directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/BindHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/BindHandler.java?rev=748610&r1=748609&r2=748610&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/BindHandler.java (original)
+++ directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/BindHandler.java Fri Feb 27 17:29:53 2009
@@ -152,8 +152,9 @@
 
             if ( principalEntry == null )
             {
+                LOG.info( "The {} principalDN cannot be found in the server : bind failure.", bindRequest.getName() );
                 LdapResult result = bindRequest.getResultResponse().getLdapResult();
-                result.setErrorMessage( "Bind principalDn has not been found in the server." );
+                result.setErrorMessage( "cannot bind the principalDn." );
                 result.setResultCode( ResultCodeEnum.INVALID_CREDENTIALS );
                 ldapSession.getIoSession().write( bindRequest.getResultResponse() );
                 return;
@@ -162,6 +163,7 @@
             if (principalEntry.getOriginalEntry().contains( SchemaConstants.OBJECT_CLASS_AT, 
                      SchemaConstants.REFERRAL_OC ) )
             {
+                LOG.info( "Bind principalDn points to referral." );
                 LdapResult result = bindRequest.getResultResponse().getLdapResult();
                 result.setErrorMessage( "Bind principalDn points to referral." );
                 result.setResultCode( ResultCodeEnum.INVALID_CREDENTIALS );