0N/A * The contents of this file are subject to the terms of the 0N/A * Common Development and Distribution License, Version 1.0 only 0N/A * (the "License"). You may not use this file except in compliance 0N/A * You can obtain a copy of the license at 0N/A * See the License for the specific language governing permissions 0N/A * and limitations under the License. 0N/A * When distributing Covered Code, include this CDDL HEADER in each 0N/A * file and include the License file at 0N/A * add the following below this CDDL HEADER, with the fields enclosed 873N/A * by brackets "[]" replaced with your own identifying information: 0N/A * Portions Copyright [yyyy] [name of copyright owner] 5023N/A * Copyright 2006-2010 Sun Microsystems, Inc. 6023N/A * Portions Copyright 2010-2013 ForgeRock AS. 4134N/A * This class defines an LDAP client connection, which is a type of 4134N/A * client connection that will be accepted by an instance of the LDAP 4134N/A * connection handler and have its requests decoded by an LDAP request 4495N/A * A runnable whose task is to close down all IO related channels 4495N/A * associated with a client connection after a small delay. 6128N/A /** The client connection ASN1 reader. */ 6128N/A /** The client connection socket channel. */ 6128N/A /** Creates a new connection finalizer job. */ 4495N/A // In general, we don't care about any exception that might be 4495N/A // In general, we don't care about any exception that might be 4926N/A * Channel that writes the contents of the provided buffer to the client, 4926N/A * throwing an exception if the write is unsuccessful for too 4926N/A * long (e.g., if the client is unresponsive or there is a network 4926N/A * problem). If possible, it will attempt to use the selector returned 4926N/A * by the {@code ClientConnection.getWriteSelector} method, but it is 4926N/A * capable of working even if that method returns {@code null}. <BR> 4926N/A * Note that the original position and limit values will not be 4926N/A * preserved, so if that is important to the caller, then it should 4926N/A * record them before calling this method and restore them after it 6155N/A /** Synchronize concurrent writes to the same connection. */ 5899N/A // We won't support an infinite time limit, so fall back to using 5899N/A // five minutes, which is a very long timeout given that we're 5899N/A // blocking a worker thread. 5899N/A // The client connection does not provide a selector, so we'll 5899N/A // fall back to a more inefficient way that will work without a 5899N/A // The client connection has been closed. 5899N/A // If we've gotten here, then the write timed out. 5899N/A // Register with the selector for handling write operations. 5899N/A // We've been blocked for too long. 5899N/A // The client connection has been closed. 6155N/A /** The tracer object for the debug logger. */ 5897N/A * Thread local ASN1Writer and buffer. 6155N/A * Cached ASN1 writer: a thread can only write to one connection at a time. 5897N/A // Setting has changed, so recreate the holder. 6155N/A /** The time that the last operation was completed. */ 6155N/A /** The next operation ID that should be used for this connection. */ 6155N/A /** The selector that may be used for write operations. */ 6155N/A * Indicates whether the Directory Server believes this connection to be valid 6155N/A * and available for communication. 6155N/A * Indicates whether this connection is about to be closed. This will be used 6155N/A * to prevent accepting new requests while a disconnect is in progress. 6155N/A * Indicates whether the connection should keep statistics regarding the 6155N/A * operations that it is performing. 6155N/A /** The set of all operations currently in progress on this connection. */ 6155N/A * The number of operations performed on this connection. Used to compare with 6155N/A * the resource limits of the network group. 6155N/A /** The port on the client from which this connection originated. */ 6155N/A * The LDAP version that the client is using to communicate with the server. 6155N/A /** The port on the server to which this client has connected. */ 6155N/A /** The reference to the connection handler that accepted this connection. */ 6155N/A /** The statistics tracker associated with this client connection. */ 6155N/A /** The connection ID assigned to this connection. */ 6155N/A * The lock used to provide threadsafe access to the set of operations in 6155N/A /** The socket channel with which this client connection is associated. */ 6155N/A /** The byte channel used for blocking writes with time out. */ 6155N/A /** The string representation of the address of the client. */ 6155N/A * The name of the protocol that the client is using to communicate with the 6155N/A * The string representation of the address of the server to which the client 0N/A * Creates a new LDAP client connection with the provided information. 4134N/A * The connection handler that accepted this connection. 4134N/A * The socket channel that may be used to communicate with 4333N/A * @param protocol String representing the protocol (LDAP or LDAP+SSL). 4926N/A * @throws DirectoryException If SSL initialisation fails. 0N/A * Retrieves the connection ID assigned to this connection. 4134N/A * @return The connection ID assigned to this connection. 4134N/A * Retrieves the connection handler that accepted this client 4134N/A * @return The connection handler that accepted this client 4134N/A * Retrieves the socket channel that can be used to communicate with 4134N/A * @return The socket channel that can be used to communicate with the 4134N/A * Retrieves the protocol that the client is using to communicate with 4134N/A * @return The protocol that the client is using to communicate with 0N/A * Retrieves a string representation of the address of the client. 4134N/A * @return A string representation of the address of the client. 0N/A * Retrieves the port number for this connection on the client system. 4134N/A * @return The port number for this connection on the client system. 4134N/A * Retrieves a string representation of the address on the server to 4134N/A * which the client connected. 4134N/A * @return A string representation of the address on the server to 4134N/A * which the client connected. 0N/A * Retrieves the port number for this connection on the server system. 4134N/A * @return The port number for this connection on the server system. 4134N/A * Retrieves the <CODE>java.net.InetAddress</CODE> associated with the 4134N/A * @return The <CODE>java.net.InetAddress</CODE> associated with the 4134N/A * remote client system. It may be <CODE>null</CODE> if the 4134N/A * client is not connected over an IP-based connection. 4134N/A * Retrieves the <CODE>java.net.InetAddress</CODE> for the Directory 4134N/A * Server system to which the client has established the connection. 4134N/A * @return The <CODE>java.net.InetAddress</CODE> for the Directory 4134N/A * Server system to which the client has established the 4134N/A * connection. It may be <CODE>null</CODE> if the client is 4134N/A * not connected over an IP-based connection. 4134N/A * Indicates whether this client connection is currently using a 4134N/A * secure mechanism to communicate with the server. Note that this may 4134N/A * change over time based on operations performed by the client or 4134N/A * server (e.g., it may go from <CODE>false</CODE> to 4134N/A * <CODE>true</CODE> if the client uses the StartTLS extended 4134N/A * @return <CODE>true</CODE> if the client connection is currently 4134N/A * using a secure mechanism to communicate with the server, or 4134N/A * <CODE>false</CODE> if not. 4134N/A * Sends a response to the client based on the information in the 4134N/A * The operation for which to send the response. 4134N/A // Since this is the final response for this operation, we can go 4134N/A // ahead and remove it from the "operations in progress" list. It 4134N/A // can't be canceled after this point, and this will avoid potential 4134N/A // race conditions in which the client immediately sends another 4134N/A // request with the same message ID as was used for this operation. 5494N/A // Avoid sending the response if one has already been sent. This may happen 5494N/A // if operation processing encounters a run-time exception after sending the 5494N/A // response: the worker thread exception handling code will attempt to send 5494N/A // an error result to the client indicating that a problem occurred. 4134N/A * Retrieves an LDAPMessage containing a response generated from the 4134N/A * The operation to use to generate the response LDAPMessage. 4134N/A * @return An LDAPMessage containing a response generated from the 4134N/A // This must mean that the operation has either not yet completed 4134N/A // or that it completed without a result for some reason. In any 4134N/A // case, log a message and set the response to "operations error". 0N/A // Referrals are not allowed for LDAPv2 clients. 4134N/A // If this an LDAPv2 client, then we can't send this. 4134N/A // This must be a type of operation that doesn't have a response. 4134N/A // This shouldn't happen, so log a message and return. 0N/A // Controls are not allowed for LDAPv2 clients. 0N/A * Sends the provided search result entry to the client. 4134N/A * The search operation with which the entry is associated. 4134N/A * The search result entry to be sent to the client. 0N/A * Sends the provided search result reference to the client. 4134N/A * The search operation with which the reference is 4134N/A * The search result reference to be sent to the client. 4134N/A * @return <CODE>true</CODE> if the client is able to accept 4134N/A * referrals, or <CODE>false</CODE> if the client cannot 4134N/A * handle referrals and no more attempts should be made to 4134N/A * send them for the associated search operation. 4134N/A // Make sure this is not an LDAPv2 client. If it is, then they can't 4134N/A // see referrals so we'll not send anything. Also, throw an 4134N/A // exception so that the core server will know not to try sending 4134N/A // any more referrals to this client for the rest of the operation. 0N/A * Sends the provided intermediate response message to the client. 4134N/A * @param intermediateResponse 4134N/A * The intermediate response message to be sent. 4134N/A * @return <CODE>true</CODE> if processing on the associated operation 4134N/A * should continue, or <CODE>false</CODE> if not. 4134N/A // The only reason we shouldn't continue processing is if the 0N/A * Sends the provided LDAP message to the client. 4134N/A * The LDAP message to send to the client. 5897N/A // Use a thread local writer. 4134N/A // FIXME -- Log a message or something 5897N/A // Clear and reset all of the internal buffers ready for the next usage. 6128N/A // The ASN1Writer is based on a ByteStringBuilder so closing will cause 6128N/A // the internal buffers to be resized if needed. 4134N/A * Closes the connection to the client, optionally sending it a 4134N/A * message indicating the reason for the closure. Note that the 4134N/A * ability to send a notice of disconnection may not be available for 4134N/A * all protocols or under all circumstances. 4134N/A * The disconnect reason that provides the generic cause for 4134N/A * Indicates whether to try to provide notification to the 4134N/A * client that the connection will be closed. 4134N/A * The message to include in the disconnect notification 4134N/A * response. It may be <CODE>null</CODE> if no message is to 4134N/A // Set a flag indicating that the connection is being terminated so 4134N/A // that no new requests will be accepted. Also cancel all operations 3109N/A // If we are already in the middle of a disconnect, then don't 0N/A // Indicate that this connection is no longer valid. 2366N/A // If there is a write selector for this connection, then close it. 4134N/A // See if we should send a notification to the client. If so, then 4134N/A // construct and send a notice of disconnection unsolicited 4134N/A // response. Note that we cannot send this notification to an LDAPv2 4134N/A // NYI -- Log a message indicating that we couldn't send the 4134N/A // notice of disconnection. 4495N/A // Enqueue the connection channels for closing by the finalizer. 0N/A // NYI -- Deregister the client connection from any server components that 0N/A // might know about it. 0N/A // Log a disconnect message. 4134N/A * Retrieves the set of operations in progress for this client 4134N/A * connection. This list must not be altered by any caller. 4134N/A * @return The set of operations in progress for this client 0N/A * Retrieves the operation in progress with the specified message ID. 4134N/A * The message ID for the operation to retrieve. 4134N/A * @return The operation in progress with the specified message ID, or 4134N/A * <CODE>null</CODE> if no such operation could be found. 4134N/A * Adds the provided operation to the set of operations in progress 4134N/A * for this client connection. 4134N/A * The operation to add to the set of operations in progress 4134N/A * for this client connection. 4134N/A * @throws DirectoryException 4134N/A * If the operation is not added for some reason (e.g., the 4134N/A * client already has reached the maximum allowed concurrent 4134N/A // We need to grab a lock to ensure that no one else can add 4134N/A // operations to the queue while we are performing some preliminary 4134N/A // If we're already in the process of disconnecting the client, 4134N/A // then reject the operation. 4814N/A // Add the operation to the list of operations in progress for 4134N/A // See if there is already an operation in progress with the 4134N/A // same message ID. If so, then we can't allow it. 5245N/A // Try to add the operation to the work queue, 5245N/A // or run it synchronously (typically for the administration 4134N/A * Removes the provided operation from the set of operations in 4134N/A * progress for this client connection. Note that this does not make 4134N/A * any attempt to cancel any processing that may already be in 4134N/A * progress for the operation. 4134N/A * The message ID of the operation to remove from the set of 4134N/A * @return <CODE>true</CODE> if the operation was found and removed 4134N/A * from the set of operations in progress, or 4134N/A * <CODE>false</CODE> if not. 0N/A * Attempts to cancel the specified operation. 4134N/A * The message ID of the operation to cancel. 4134N/A * An object providing additional information about how the 4134N/A * cancel should be processed. 4134N/A * @return A cancel result that either indicates that the cancel was 4134N/A * successful or provides a reason that it was not. 0N/A // See if the operation is in the list of persistent searches. 3916N/A // We only need to find the first persistent search 3916N/A // associated with the provided message ID. The persistent 3916N/A // search will ensure that all other related persistent 0N/A * Attempts to cancel all operations in progress on this connection. 4134N/A * An object providing additional information about how the 4134N/A * cancel should be processed. 0N/A // Make sure that no one can add any new operations. 3352N/A // TODO: Assume its cancelled? 4134N/A * Attempts to cancel all operations in progress on this connection 4134N/A * except the operation with the specified message ID. 4134N/A * An object providing additional information about how the 4134N/A * cancel should be processed. 4134N/A * The message ID of the operation that should not be 0N/A // Make sure that no one can add any new operations. 3352N/A // TODO: Assume its cancelled? 4134N/A * Returns the total number of operations initiated on this 3853N/A * @return the total number of operations on this connection 4814N/A * Returns the ASN1 reader for this connection. 4814N/A * @return the ASN1 reader for this connection 4814N/A * @return number of bytes read if this connection is still valid 4814N/A * or negative integer to indicate an error otherwise 4814N/A // We should wait for the bind or startTLS to finish before 4814N/A // reading any more data off the socket. 4814N/A // The connection has been closed by the client. Disconnect 5588N/A // The connection failed, but there was an unread partial message so 5588N/A // interpret this as an IO error. 5588N/A // The connection failed and there was no unread data, so interpret this 5588N/A // as indicating that the client aborted (reset) the connection. This 5588N/A // happens when a client configures closes a connection which has been 5588N/A // configured with SO_LINGER set to 0. 0N/A * Processes the provided LDAP message read from the client and takes 4134N/A * whatever action is appropriate. For most requests, this will 4134N/A * include placing the operation in the work queue. Certain requests 4134N/A * (in particular, abandons and unbinds) will be processed directly. 4134N/A * The LDAP message to process. 4134N/A * @return <CODE>true</CODE> if the appropriate action was taken for 4134N/A * the request, or <CODE>false</CODE> if there was a fatal 4134N/A * error and the client has been disconnected as a result, or 4134N/A * if the client unbound from the server. 4134N/A // FIXME -- See if there is a bind in progress. If so, then deny 4134N/A // most kinds of operations. 4134N/A // Figure out what type of operation we're dealing with based on the 4134N/A // LDAP message. Abandon and unbind requests will be processed here. 4134N/A // All other types of requests will be encapsulated into operations 4134N/A // and append into the work queue to be picked up by a worker 4134N/A // thread. Any other kinds of LDAP messages (e.g., response 4134N/A // messages) are illegal and will result in the connection being 0N/A * Processes the provided LDAP message as an abandon request. 4134N/A * The LDAP message containing the abandon request to 4134N/A * The set of pre-decoded request controls contained in the 4134N/A * @return <CODE>true</CODE> if the request was processed 4134N/A * successfully, or <CODE>false</CODE> if not and the 4134N/A * connection has been closed as a result (it is the 4134N/A * responsibility of this method to close the connection). 4348N/A // LDAPv2 clients aren't allowed to send controls. 4348N/A // Create the abandon operation and add it into the work queue. 4348N/A // Don't send an error response since abandon operations 0N/A * Processes the provided LDAP message as an add request. 4134N/A * The LDAP message containing the add request to process. 4134N/A * The set of pre-decoded request controls contained in the 4134N/A * @return <CODE>true</CODE> if the request was processed 4134N/A * successfully, or <CODE>false</CODE> if not and the 4134N/A * connection has been closed as a result (it is the 4134N/A * responsibility of this method to close the connection). 1755N/A // LDAPv2 clients aren't allowed to send controls. 0N/A // Create the add operation and add it into the work queue. 0N/A * Processes the provided LDAP message as a bind request. 4134N/A * The LDAP message containing the bind request to process. 4134N/A * The set of pre-decoded request controls contained in the 4134N/A * @return <CODE>true</CODE> if the request was processed 4134N/A * successfully, or <CODE>false</CODE> if not and the 4134N/A * connection has been closed as a result (it is the 4134N/A * responsibility of this method to close the connection). 4134N/A // See if this is an LDAPv2 bind request, and if so whether that 4134N/A // LDAPv2 clients aren't allowed to send controls. 4383N/A // Unsupported protocol version. RFC4511 states that we MUST send 4383N/A // a protocol error back to the client. 4134N/A // This is an invalid authentication type, and therefore a 4134N/A // protocol error. As per RFC 2251, a protocol error in a bind 4134N/A // request must result in terminating the connection. 0N/A // Add the operation into the work queue. 0N/A // If it was a protocol error, then terminate the connection. 0N/A * Processes the provided LDAP message as a compare request. 4134N/A * The LDAP message containing the compare request to 4134N/A * The set of pre-decoded request controls contained in the 4134N/A * @return <CODE>true</CODE> if the request was processed 4134N/A * successfully, or <CODE>false</CODE> if not and the 4134N/A * connection has been closed as a result (it is the 4134N/A * responsibility of this method to close the connection). 1755N/A // LDAPv2 clients aren't allowed to send controls. 0N/A // Add the operation into the work queue. 0N/A * Processes the provided LDAP message as a delete request. 4134N/A * The LDAP message containing the delete request to process. 4134N/A * The set of pre-decoded request controls contained in the 4134N/A * @return <CODE>true</CODE> if the request was processed 4134N/A * successfully, or <CODE>false</CODE> if not and the 4134N/A * connection has been closed as a result (it is the 4134N/A * responsibility of this method to close the connection). 1755N/A // LDAPv2 clients aren't allowed to send controls. 0N/A // Add the operation into the work queue. 0N/A * Processes the provided LDAP message as an extended request. 4134N/A * The LDAP message containing the extended request to 4134N/A * The set of pre-decoded request controls contained in the 4134N/A * @return <CODE>true</CODE> if the request was processed 4134N/A * successfully, or <CODE>false</CODE> if not and the 4134N/A * connection has been closed as a result (it is the 4134N/A * responsibility of this method to close the connection). 4134N/A // See if this is an LDAPv2 client. If it is, then they should not 4134N/A // be issuing extended requests. We can't send a response that we 4134N/A // can be sure they can understand, so we have no choice but to 0N/A // FIXME -- Do we need to handle certain types of request here? 0N/A // -- StartTLS requests 0N/A // -- Cancel requests 0N/A // Add the operation into the work queue. 0N/A * Processes the provided LDAP message as a modify request. 4134N/A * The LDAP message containing the modify request to process. 4134N/A * The set of pre-decoded request controls contained in the 4134N/A * @return <CODE>true</CODE> if the request was processed 4134N/A * successfully, or <CODE>false</CODE> if not and the 4134N/A * connection has been closed as a result (it is the 4134N/A * responsibility of this method to close the connection). 1755N/A // LDAPv2 clients aren't allowed to send controls. 0N/A // Add the operation into the work queue. 0N/A * Processes the provided LDAP message as a modify DN request. 4134N/A * The LDAP message containing the modify DN request to 4134N/A * The set of pre-decoded request controls contained in the 4134N/A * @return <CODE>true</CODE> if the request was processed 4134N/A * successfully, or <CODE>false</CODE> if not and the 4134N/A * connection has been closed as a result (it is the 4134N/A * responsibility of this method to close the connection). 1755N/A // LDAPv2 clients aren't allowed to send controls. 0N/A // Add the operation into the work queue. 0N/A * Processes the provided LDAP message as a search request. 4134N/A * The LDAP message containing the search request to process. 4134N/A * The set of pre-decoded request controls contained in the 4134N/A * @return <CODE>true</CODE> if the request was processed 4134N/A * successfully, or <CODE>false</CODE> if not and the 4134N/A * connection has been closed as a result (it is the 4134N/A * responsibility of this method to close the connection). 1755N/A // LDAPv2 clients aren't allowed to send controls. 0N/A // Add the operation into the work queue. 0N/A * Processes the provided LDAP message as an unbind request. 4134N/A * The LDAP message containing the unbind request to process. 4134N/A * The set of pre-decoded request controls contained in the 4134N/A * @return <CODE>true</CODE> if the request was processed 4134N/A * successfully, or <CODE>false</CODE> if not and the 4134N/A * connection has been closed as a result (it is the 4134N/A * responsibility of this method to close the connection). 0N/A // The client connection will never be valid after an unbind. 4134N/A * Appends a string representation of this client connection to the 4134N/A * The buffer to which the information should be appended. 4134N/A // Make sure that the connection handler allows the use of the 1963N/A * Retrieves the length of time in milliseconds that this client 4134N/A * connection has been idle. <BR> 1963N/A * Note that the default implementation will always return zero. 4134N/A * Subclasses associated with connection handlers should override this 4134N/A * method if they wish to provided idle time limit functionality. 4134N/A * @return The length of time in milliseconds that this client 4134N/A * connection has been idle. 1963N/A // There's at least one operation in progress, so it's not idle. 4134N/A * Set the connection provider that is not in use yet. Used in TLS 4134N/A * negotiation when a clear response is needed before the connection 4134N/A * The provider that needs to be activated. 4134N/A * Set the connection provider that is not in use. Used in SASL 4134N/A * negotiation when a clear response is needed before the connection 4134N/A * The provider that needs to be activated. 4134N/A * Enable the provider that is inactive. 4134N/A * Set the security provider to the specified provider. 4134N/A * The provider to set the security provider to. 4134N/A * Enable the SASL provider that is currently inactive or pending. 4134N/A * Return the certificate chain array associated with a connection. 4134N/A * @return The array of certificates associated with a connection. 4170N/A * Retrieves the TLS redirecting byte channel used in a LDAP client 4170N/A * @return The TLS redirecting byte channel.