You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2009/02/27 18:29:53 UTC
svn commit: r748610 -
/directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/BindHandler.java
Author: elecharny
Date: Fri Feb 27 17:29:53 2009
New Revision: 748610
URL: http://svn.apache.org/viewvc?rev=748610&view=rev
Log:
Replaced the user explicit message by a generic one to defeat a potential exploit. A malevolent user won't know if the bind failed because the password is incorrect or because the principalDN is non existent.
Modified:
directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/BindHandler.java
Modified: directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/BindHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/BindHandler.java?rev=748610&r1=748609&r2=748610&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/BindHandler.java (original)
+++ directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/BindHandler.java Fri Feb 27 17:29:53 2009
@@ -152,8 +152,9 @@
if ( principalEntry == null )
{
+ LOG.info( "The {} principalDN cannot be found in the server : bind failure.", bindRequest.getName() );
LdapResult result = bindRequest.getResultResponse().getLdapResult();
- result.setErrorMessage( "Bind principalDn has not been found in the server." );
+ result.setErrorMessage( "cannot bind the principalDn." );
result.setResultCode( ResultCodeEnum.INVALID_CREDENTIALS );
ldapSession.getIoSession().write( bindRequest.getResultResponse() );
return;
@@ -162,6 +163,7 @@
if (principalEntry.getOriginalEntry().contains( SchemaConstants.OBJECT_CLASS_AT,
SchemaConstants.REFERRAL_OC ) )
{
+ LOG.info( "Bind principalDn points to referral." );
LdapResult result = bindRequest.getResultResponse().getLdapResult();
result.setErrorMessage( "Bind principalDn points to referral." );
result.setResultCode( ResultCodeEnum.INVALID_CREDENTIALS );