Major Description
This code:
Properties env = new Properties();
env.putAll(new ShutdownConfiguration().toJndiEnvironment());
env.put( Context.INITIAL_CONTEXT_FACTORY, ServerContextFactory.class.getName() );
//Shut it down
new InitialDirContext( env );
results in, in AbstractContextFactory:
line 115:
service.shutdown();
which successfully shuts down the server without checking anything about authentication/authorization
line 146:
Context context = service.getJndiContext( principalDn, principal, credential, authentication, providerUrl );
which calls DefaultDirectoryService...
public synchronized Context getJndiContext( LdapDN principalDn, String principal, byte[] credential,
String authentication, String rootDN ) throws NamingException
{
checkSecuritySettings( principal, credential, authentication );
if ( !started )
{ return new DeadContext(); }checkSecuritySettings gets to line 438:
if ( !startupConfiguration.isAllowAnonymousAccess() )
which throws an NPE since the server is shut down, so startupConfiguration has been reset to null.
So there are a lot of questions I don't know the answers to that I'd need to know which of the many ways to fix this would be most appropriate:
- is this AbstractContextFactory accessed before or after all the server interceptors? Or is it only accessed when no interceptors will be called?
- is it appropriate to check security credentials and authorization to be able to shut down the server from the same vm?
- If so, what code should be checking this authentication and authorization, because checkSecuritySettings doesn't check these, ever.
I'd suspect the first step towards a solution would be to remove the checkSecuritySettings method entirely, since AFAICT it currently serves only to pretend that some security checking is happening.
Attachments
Issue Links
- is related to
-
DIRSERVER-1031 no credentials required to shut down server from in-vm
-
- Closed
-