You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2022/10/10 07:37:36 UTC

[directory-server] branch master updated: minor changes in the way we deal with the password

This is an automated email from the ASF dual-hosted git repository.

elecharny pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/directory-server.git


The following commit(s) were added to refs/heads/master by this push:
     new 121a000fdb minor changes in the way we deal with the password
121a000fdb is described below

commit 121a000fdb1d8cebc9ba6182dc2837cb3d41a4ec
Author: emmanuel lecharny <el...@apache.org>
AuthorDate: Mon Oct 10 09:37:30 2022 +0200

    minor changes in the way we deal with the password
---
 .../core/factory/DirectoryServiceFactory.java      |  2 +-
 .../core/authn/AuthenticationInterceptor.java      | 41 ++++++++++++++--------
 2 files changed, 27 insertions(+), 16 deletions(-)

diff --git a/core-annotations/src/main/java/org/apache/directory/server/core/factory/DirectoryServiceFactory.java b/core-annotations/src/main/java/org/apache/directory/server/core/factory/DirectoryServiceFactory.java
index 65febd013d..e536e2e6fd 100644
--- a/core-annotations/src/main/java/org/apache/directory/server/core/factory/DirectoryServiceFactory.java
+++ b/core-annotations/src/main/java/org/apache/directory/server/core/factory/DirectoryServiceFactory.java
@@ -19,7 +19,7 @@
 package org.apache.directory.server.core.factory;
 
 
-import org.apache.commons.collections.Factory;
+import org.apache.commons.collections4.Factory;
 import org.apache.directory.server.core.api.DirectoryService;
 
 
diff --git a/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java b/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
index c28655284b..8ef91f9960 100644
--- a/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
+++ b/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
@@ -24,6 +24,7 @@ import static org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPoli
 import static org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicyErrorEnum.PASSWORD_TOO_SHORT;
 import static org.apache.directory.api.ldap.model.constants.PasswordPolicySchemaConstants.PWD_ACCOUNT_LOCKED_TIME_AT;
 import static org.apache.directory.api.ldap.model.constants.PasswordPolicySchemaConstants.PWD_CHANGED_TIME_AT;
+import static org.apache.directory.api.ldap.model.constants.PasswordPolicySchemaConstants.PWD_END_TIME_AT;
 import static org.apache.directory.api.ldap.model.constants.PasswordPolicySchemaConstants.PWD_FAILURE_TIME_AT;
 import static org.apache.directory.api.ldap.model.constants.PasswordPolicySchemaConstants.PWD_GRACE_USE_TIME_AT;
 import static org.apache.directory.api.ldap.model.constants.PasswordPolicySchemaConstants.PWD_HISTORY_AT;
@@ -31,7 +32,6 @@ import static org.apache.directory.api.ldap.model.constants.PasswordPolicySchema
 import static org.apache.directory.api.ldap.model.constants.PasswordPolicySchemaConstants.PWD_POLICY_SUBENTRY_AT;
 import static org.apache.directory.api.ldap.model.constants.PasswordPolicySchemaConstants.PWD_RESET_AT;
 import static org.apache.directory.api.ldap.model.constants.PasswordPolicySchemaConstants.PWD_START_TIME_AT;
-import static org.apache.directory.api.ldap.model.constants.PasswordPolicySchemaConstants.PWD_END_TIME_AT;
 import static org.apache.directory.api.ldap.model.entry.ModificationOperation.ADD_ATTRIBUTE;
 import static org.apache.directory.api.ldap.model.entry.ModificationOperation.REMOVE_ATTRIBUTE;
 import static org.apache.directory.api.ldap.model.entry.ModificationOperation.REPLACE_ATTRIBUTE;
@@ -47,10 +47,10 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Set;
 
+import org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicyErrorEnum;
 import org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicyRequest;
 import org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicyResponse;
 import org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicyResponseImpl;
-import org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicyErrorEnum;
 import org.apache.directory.api.ldap.model.constants.AuthenticationLevel;
 import org.apache.directory.api.ldap.model.constants.LdapSecurityConstants;
 import org.apache.directory.api.ldap.model.constants.SchemaConstants;
@@ -856,9 +856,13 @@ public class AuthenticationInterceptor extends BaseInterceptor
             LOG.debug( "Operation Context: {}", deleteContext );
         }
 
+        // Check that we can execute this operation
         checkAuthenticated( deleteContext );
-        checkPwdReset( deleteContext );
+
+        // propagate the call to the next interceptor
         next( deleteContext );
+        
+        // if the deleted entry contains a password, then invalidate the associated caches
         invalidateAuthenticatorCaches( deleteContext.getDn() );
     }
 
@@ -1658,15 +1662,15 @@ public class AuthenticationInterceptor extends BaseInterceptor
 
         List<Modification> mods = modifyContext.getModItems();
 
-        for ( Modification m : mods )
+        for ( Modification mod : mods )
         {
-            Attribute at = m.getAttribute();
+            Attribute at = mod.getAttribute();
             AttributeType passwordAttribute = schemaManager.lookupAttributeTypeRegistry( policyConfig.getPwdAttribute() );
 
             if ( at.getAttributeType().equals( passwordAttribute ) )
             {
                 pwdModDetails.setPwdModPresent( true );
-                ModificationOperation op = m.getOperation();
+                ModificationOperation op = mod.getOperation();
 
                 if ( op == REMOVE_ATTRIBUTE )
                 {
@@ -1677,6 +1681,22 @@ public class AuthenticationInterceptor extends BaseInterceptor
                     pwdModDetails.setAddOrReplace( true );
                     pwdModDetails.setNewPwd( at.getBytes() );
                 }
+
+                switch ( op )
+                {
+                    case REMOVE_ATTRIBUTE:
+                        pwdModDetails.setDelete( true );
+                        break;
+                        
+                    case REPLACE_ATTRIBUTE:
+                    case ADD_ATTRIBUTE:
+                        pwdModDetails.setAddOrReplace( true );
+                        pwdModDetails.setNewPwd( at.getBytes() );
+                        break;
+                        
+                    default:
+                        // nothing to do
+                }
             }
             else
             {
@@ -1873,15 +1893,6 @@ public class AuthenticationInterceptor extends BaseInterceptor
     }
 
 
-    /**
-     * @param pwdPolicyContainer the pwdPolicyContainer to set
-     */
-    public void setPwdPolicyContainer( PpolicyConfigContainer pwdPolicyContainer )
-    {
-        this.pwdPolicyContainer = pwdPolicyContainer;
-    }
-
-
     /**
      * purges failure timestamps which are older than the configured interval
      * (section 7.6 in the draft)