directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <j...@apache.org>
Subject [jira] Assigned: (DIRSERVER-1002) stopping server without credentials results in NPE after server stops
Date Sat, 18 Aug 2007 07:38:31 GMT

     [ https://issues.apache.org/jira/browse/DIRSERVER-1002?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

David Jencks reassigned DIRSERVER-1002:
---------------------------------------

    Assignee: Alex Karasulu

Fixed in rev 567242 by immediately returning a DeadContext after shutting down the server.
 This is definitely not proper security but does avoid the pointless NPE.

Alex, please review, thanks!

> stopping server without credentials results in NPE after server stops
> ---------------------------------------------------------------------
>
>                 Key: DIRSERVER-1002
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1002
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 1.5.0
>            Reporter: David Jencks
>            Assignee: Alex Karasulu
>             Fix For: 1.5.1
>
>
> This code:
>         Properties env = new Properties();
>         env.putAll(new ShutdownConfiguration().toJndiEnvironment());
>         env.put( Context.INITIAL_CONTEXT_FACTORY, ServerContextFactory.class.getName()
);
>         //Shut it down
>         new InitialDirContext( env );
> results in, in AbstractContextFactory:
> line 115:
>             service.shutdown();
> which successfully shuts down the server without checking anything about authentication/authorization
> line 146:
>         Context context = service.getJndiContext( principalDn, principal, credential,
authentication, providerUrl );
> which calls DefaultDirectoryService...
>     public synchronized Context getJndiContext( LdapDN principalDn, String principal,
byte[] credential, 
>         String authentication, String rootDN ) throws NamingException
>     {
>         checkSecuritySettings( principal, credential, authentication );
>         if ( !started )
>         {
>             return new DeadContext();
>         }
> checkSecuritySettings gets to line 438:
>             if ( !startupConfiguration.isAllowAnonymousAccess() )
> which throws an NPE since the server is shut down, so startupConfiguration has been reset
to null.
> So there are a lot of questions I don't know the answers to that I'd need to know which
of the many ways to fix this would be most appropriate:
> - is this AbstractContextFactory accessed before or after all the server interceptors?
Or is it only accessed when no interceptors will be called?
> - is it appropriate to check security credentials and authorization to be able to shut
down the server from the same vm?
> - If so, what code should be checking this authentication and authorization, because
checkSecuritySettings doesn't check these, ever.
> I'd suspect the first step towards a solution would be to remove the checkSecuritySettings
method entirely, since AFAICT it currently serves only to pretend that some security checking
is happening.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message