You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2022/10/10 07:37:36 UTC
[directory-server] branch master updated: minor changes in the way we deal with the password
This is an automated email from the ASF dual-hosted git repository.
elecharny pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/directory-server.git
The following commit(s) were added to refs/heads/master by this push:
new 121a000fdb minor changes in the way we deal with the password
121a000fdb is described below
commit 121a000fdb1d8cebc9ba6182dc2837cb3d41a4ec
Author: emmanuel lecharny <el...@apache.org>
AuthorDate: Mon Oct 10 09:37:30 2022 +0200
minor changes in the way we deal with the password
---
.../core/factory/DirectoryServiceFactory.java | 2 +-
.../core/authn/AuthenticationInterceptor.java | 41 ++++++++++++++--------
2 files changed, 27 insertions(+), 16 deletions(-)
diff --git a/core-annotations/src/main/java/org/apache/directory/server/core/factory/DirectoryServiceFactory.java b/core-annotations/src/main/java/org/apache/directory/server/core/factory/DirectoryServiceFactory.java
index 65febd013d..e536e2e6fd 100644
--- a/core-annotations/src/main/java/org/apache/directory/server/core/factory/DirectoryServiceFactory.java
+++ b/core-annotations/src/main/java/org/apache/directory/server/core/factory/DirectoryServiceFactory.java
@@ -19,7 +19,7 @@
package org.apache.directory.server.core.factory;
-import org.apache.commons.collections.Factory;
+import org.apache.commons.collections4.Factory;
import org.apache.directory.server.core.api.DirectoryService;
diff --git a/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java b/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
index c28655284b..8ef91f9960 100644
--- a/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
+++ b/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
@@ -24,6 +24,7 @@ import static org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPoli
import static org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicyErrorEnum.PASSWORD_TOO_SHORT;
import static org.apache.directory.api.ldap.model.constants.PasswordPolicySchemaConstants.PWD_ACCOUNT_LOCKED_TIME_AT;
import static org.apache.directory.api.ldap.model.constants.PasswordPolicySchemaConstants.PWD_CHANGED_TIME_AT;
+import static org.apache.directory.api.ldap.model.constants.PasswordPolicySchemaConstants.PWD_END_TIME_AT;
import static org.apache.directory.api.ldap.model.constants.PasswordPolicySchemaConstants.PWD_FAILURE_TIME_AT;
import static org.apache.directory.api.ldap.model.constants.PasswordPolicySchemaConstants.PWD_GRACE_USE_TIME_AT;
import static org.apache.directory.api.ldap.model.constants.PasswordPolicySchemaConstants.PWD_HISTORY_AT;
@@ -31,7 +32,6 @@ import static org.apache.directory.api.ldap.model.constants.PasswordPolicySchema
import static org.apache.directory.api.ldap.model.constants.PasswordPolicySchemaConstants.PWD_POLICY_SUBENTRY_AT;
import static org.apache.directory.api.ldap.model.constants.PasswordPolicySchemaConstants.PWD_RESET_AT;
import static org.apache.directory.api.ldap.model.constants.PasswordPolicySchemaConstants.PWD_START_TIME_AT;
-import static org.apache.directory.api.ldap.model.constants.PasswordPolicySchemaConstants.PWD_END_TIME_AT;
import static org.apache.directory.api.ldap.model.entry.ModificationOperation.ADD_ATTRIBUTE;
import static org.apache.directory.api.ldap.model.entry.ModificationOperation.REMOVE_ATTRIBUTE;
import static org.apache.directory.api.ldap.model.entry.ModificationOperation.REPLACE_ATTRIBUTE;
@@ -47,10 +47,10 @@ import java.util.Iterator;
import java.util.List;
import java.util.Set;
+import org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicyErrorEnum;
import org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicyRequest;
import org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicyResponse;
import org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicyResponseImpl;
-import org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicyErrorEnum;
import org.apache.directory.api.ldap.model.constants.AuthenticationLevel;
import org.apache.directory.api.ldap.model.constants.LdapSecurityConstants;
import org.apache.directory.api.ldap.model.constants.SchemaConstants;
@@ -856,9 +856,13 @@ public class AuthenticationInterceptor extends BaseInterceptor
LOG.debug( "Operation Context: {}", deleteContext );
}
+ // Check that we can execute this operation
checkAuthenticated( deleteContext );
- checkPwdReset( deleteContext );
+
+ // propagate the call to the next interceptor
next( deleteContext );
+
+ // if the deleted entry contains a password, then invalidate the associated caches
invalidateAuthenticatorCaches( deleteContext.getDn() );
}
@@ -1658,15 +1662,15 @@ public class AuthenticationInterceptor extends BaseInterceptor
List<Modification> mods = modifyContext.getModItems();
- for ( Modification m : mods )
+ for ( Modification mod : mods )
{
- Attribute at = m.getAttribute();
+ Attribute at = mod.getAttribute();
AttributeType passwordAttribute = schemaManager.lookupAttributeTypeRegistry( policyConfig.getPwdAttribute() );
if ( at.getAttributeType().equals( passwordAttribute ) )
{
pwdModDetails.setPwdModPresent( true );
- ModificationOperation op = m.getOperation();
+ ModificationOperation op = mod.getOperation();
if ( op == REMOVE_ATTRIBUTE )
{
@@ -1677,6 +1681,22 @@ public class AuthenticationInterceptor extends BaseInterceptor
pwdModDetails.setAddOrReplace( true );
pwdModDetails.setNewPwd( at.getBytes() );
}
+
+ switch ( op )
+ {
+ case REMOVE_ATTRIBUTE:
+ pwdModDetails.setDelete( true );
+ break;
+
+ case REPLACE_ATTRIBUTE:
+ case ADD_ATTRIBUTE:
+ pwdModDetails.setAddOrReplace( true );
+ pwdModDetails.setNewPwd( at.getBytes() );
+ break;
+
+ default:
+ // nothing to do
+ }
}
else
{
@@ -1873,15 +1893,6 @@ public class AuthenticationInterceptor extends BaseInterceptor
}
- /**
- * @param pwdPolicyContainer the pwdPolicyContainer to set
- */
- public void setPwdPolicyContainer( PpolicyConfigContainer pwdPolicyContainer )
- {
- this.pwdPolicyContainer = pwdPolicyContainer;
- }
-
-
/**
* purges failure timestamps which are older than the configured interval
* (section 7.6 in the draft)