You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by tr...@apache.org on 2005/10/25 12:08:42 UTC
svn commit: r328323 - in
/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server:
DefaultDirectoryService.java partition/DirectoryPartitionNexus.java
Author: trustin
Date: Tue Oct 25 03:08:31 2005
New Revision: 328323
URL: http://svn.apache.org/viewcvs?rev=328323&view=rev
Log:
* Resolved issue: DIREVE-286 - Change ApacheDS to use the default password while initialization step instead of requiring admin credential.
* Renamed DirectoryPartitionNexus.ADMIN_PW to ADMIN_PASSWORD
* Changed DirectoryPartitionNexus.ADMIN_PASSWORD to String to prevent alteration
Modified:
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/DefaultDirectoryService.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/partition/DirectoryPartitionNexus.java
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/DefaultDirectoryService.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/DefaultDirectoryService.java?rev=328323&r1=328322&r2=328323&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/DefaultDirectoryService.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/DefaultDirectoryService.java Tue Oct 25 03:08:31 2005
@@ -22,7 +22,6 @@
import javax.naming.Context;
import javax.naming.Name;
import javax.naming.NamingException;
-import javax.naming.NoPermissionException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
@@ -203,6 +202,7 @@
initialize();
firstStart = createBootstrapEntries();
+ showSecurityWarnings();
createTestEntries();
this.serviceListener = listener;
started = true;
@@ -388,7 +388,6 @@
*/
if ( !partitionNexus.hasEntry( DirectoryPartitionNexus.getAdminName() ) )
{
- checkPermissionToCreateBootstrapEntries();
firstStart = true;
Attributes attributes = new LockableAttributesImpl();
@@ -400,7 +399,7 @@
attributes.put( objectClass );
attributes.put( "uid", DirectoryPartitionNexus.ADMIN_UID );
- attributes.put( "userPassword", environment.get( Context.SECURITY_CREDENTIALS ) );
+ attributes.put( "userPassword", DirectoryPartitionNexus.ADMIN_PASSWORD );
attributes.put( "displayName", "Directory Superuser" );
attributes.put( "cn", "system administrator" );
attributes.put( "sn", "administrator" );
@@ -418,7 +417,6 @@
if ( !partitionNexus.hasEntry( new LdapName( "ou=users,ou=system" ) ) )
{
firstStart = true;
- checkPermissionToCreateBootstrapEntries();
Attributes attributes = new LockableAttributesImpl();
Attribute objectClass = new LockableAttributeImpl( "objectClass" );
@@ -440,7 +438,6 @@
if ( !partitionNexus.hasEntry( new LdapName( "ou=groups,ou=system" ) ) )
{
firstStart = true;
- checkPermissionToCreateBootstrapEntries();
Attributes attributes = new LockableAttributesImpl();
Attribute objectClass = new LockableAttributeImpl( "objectClass" );
@@ -464,7 +461,6 @@
if ( !partitionNexus.hasEntry( normName ) )
{
firstStart = true;
- checkPermissionToCreateBootstrapEntries();
Attributes attributes = new LockableAttributesImpl();
Attribute objectClass = new LockableAttributeImpl( "objectClass" );
@@ -488,7 +484,6 @@
if ( !partitionNexus.hasEntry( new LdapName( "ou=configuration,ou=system" ) ) )
{
firstStart = true;
- checkPermissionToCreateBootstrapEntries();
Attributes attributes = new LockableAttributesImpl();
Attribute objectClass = new LockableAttributeImpl( "objectClass" );
@@ -510,7 +505,6 @@
if ( !partitionNexus.hasEntry( new LdapName( "ou=partitions,ou=configuration,ou=system" ) ) )
{
firstStart = true;
- checkPermissionToCreateBootstrapEntries();
Attributes attributes = new LockableAttributesImpl();
Attribute objectClass = new LockableAttributeImpl( "objectClass" );
@@ -533,7 +527,6 @@
if ( !partitionNexus.hasEntry( new LdapName( "ou=services,ou=configuration,ou=system" ) ) )
{
firstStart = true;
- checkPermissionToCreateBootstrapEntries();
Attributes attributes = new LockableAttributesImpl();
Attribute objectClass = new LockableAttributeImpl( "objectClass" );
@@ -556,7 +549,6 @@
if ( !partitionNexus.hasEntry( new LdapName( "ou=interceptors,ou=configuration,ou=system" ) ) )
{
firstStart = true;
- checkPermissionToCreateBootstrapEntries();
Attributes attributes = new LockableAttributesImpl();
Attribute objectClass = new LockableAttributeImpl( "objectClass" );
@@ -579,7 +571,6 @@
if ( !partitionNexus.hasEntry( new LdapName( "prefNodeName=sysPrefRoot,ou=system" ) ) )
{
firstStart = true;
- checkPermissionToCreateBootstrapEntries();
Attributes attributes = new LockableAttributesImpl();
Attribute objectClass = new LockableAttributeImpl( "objectClass" );
@@ -600,18 +591,35 @@
return firstStart;
}
- private void checkPermissionToCreateBootstrapEntries() throws NamingException
+ /**
+ * Displays security warning messages if any possible secutiry issue is found.
+ */
+ private void showSecurityWarnings() throws NamingException
{
- String principal = ( String ) environment.get( Context.SECURITY_PRINCIPAL );
- if( principal == null || !DirectoryPartitionNexus.ADMIN_PRINCIPAL.equals( principal ) )
+ // Warn if the default password is not changed.
+ boolean needToChangeAdminPassword = false;
+
+ Attributes adminEntry = partitionNexus.lookup( new LdapName( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) );
+ Object userPassword = adminEntry.get( "userPassword" ).get();
+ if( userPassword instanceof byte[] )
+ {
+ needToChangeAdminPassword = DirectoryPartitionNexus.ADMIN_PASSWORD.equals( new String( ( byte[] ) userPassword ) );
+ }
+ else if ( userPassword.toString().equals( new String( DirectoryPartitionNexus.ADMIN_PASSWORD ) ) )
+ {
+ needToChangeAdminPassword = DirectoryPartitionNexus.ADMIN_PASSWORD.equals( userPassword.toString() );
+ }
+
+ if( needToChangeAdminPassword )
{
- throw new NoPermissionException(
- "Only '" + DirectoryPartitionNexus.ADMIN_PRINCIPAL + "' can initiate the first run." );
+ log.warn(
+ "You didn't change the admin password of directory service " +
+ "instance '" + instanceId + "'. " +
+ "Please update the admin password as soon as possible " +
+ "to prevent a possible security breach." );
}
}
-
-
-
+
private void createTestEntries() throws NamingException
{
/*
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/partition/DirectoryPartitionNexus.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/partition/DirectoryPartitionNexus.java?rev=328323&r1=328322&r2=328323&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/partition/DirectoryPartitionNexus.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/partition/DirectoryPartitionNexus.java Tue Oct 25 03:08:31 2005
@@ -44,7 +44,7 @@
/** the admin super user uid */
public final static String ADMIN_UID = "admin";
/** the initial admin passwd set on startup */
- public static final byte[] ADMIN_PW = "secret".getBytes();
+ public static final String ADMIN_PASSWORD = "secret";
/** the base dn under which all users reside */
public final static String USERS_BASE_NAME = "ou=users,ou=system";
/** the base dn under which all groups reside */