directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r748610 - /directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/BindHandler.java
Date Fri, 27 Feb 2009 17:29:53 GMT
Author: elecharny
Date: Fri Feb 27 17:29:53 2009
New Revision: 748610

URL: http://svn.apache.org/viewvc?rev=748610&view=rev
Log:
Replaced the user explicit message by a generic one to defeat a potential exploit. A malevolent
user won't know if the bind failed because the password is incorrect or because the principalDN
is non existent.

Modified:
    directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/BindHandler.java

Modified: directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/BindHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/BindHandler.java?rev=748610&r1=748609&r2=748610&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/BindHandler.java
(original)
+++ directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/BindHandler.java
Fri Feb 27 17:29:53 2009
@@ -152,8 +152,9 @@
 
             if ( principalEntry == null )
             {
+                LOG.info( "The {} principalDN cannot be found in the server : bind failure.",
bindRequest.getName() );
                 LdapResult result = bindRequest.getResultResponse().getLdapResult();
-                result.setErrorMessage( "Bind principalDn has not been found in the server."
);
+                result.setErrorMessage( "cannot bind the principalDn." );
                 result.setResultCode( ResultCodeEnum.INVALID_CREDENTIALS );
                 ldapSession.getIoSession().write( bindRequest.getResultResponse() );
                 return;
@@ -162,6 +163,7 @@
             if (principalEntry.getOriginalEntry().contains( SchemaConstants.OBJECT_CLASS_AT,

                      SchemaConstants.REFERRAL_OC ) )
             {
+                LOG.info( "Bind principalDn points to referral." );
                 LdapResult result = bindRequest.getResultResponse().getLdapResult();
                 result.setErrorMessage( "Bind principalDn points to referral." );
                 result.setResultCode( ResultCodeEnum.INVALID_CREDENTIALS );



Mime
View raw message