mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
parent: e43f665d | patch | commit | ignore whitespace
dugan
30.35.2006 36401317e97605ed2c032390c70f84a24ff40d7d 
Issue  #679. Currently, internal modify operations bypass all password policy code.
1 files modified
24 ■■■■■ changed files
opendj-sdk/opends/src/server/org/opends/server/core/ModifyOperation.java 24 ●●●●● patch | view | raw | blame | history 
 opendj-sdk/opends/src/server/org/opends/server/core/ModifyOperation.java


@@ -1353,13 +1353,15 @@




          // If the modification is updating the password attribute, then


          // perform any necessary password policy processing.  This processing


          // should be skipped for internal and synchronization operations.


          // should be skipped for synchronization operations.


          boolean isPassword = t.equals(pwPolicyState.getPasswordAttribute());


          if (isPassword &&


              (! (isInternalOperation() || isSynchronizationOperation())))


          if (isPassword && (!(isSynchronizationOperation())))


          {


            // If the attribute contains any options, then reject it.  Passwords


            // will not be allowed to have options.


           // If the attribute contains any options, then reject it.  Passwords


           // will not be allowed to have options. Skipped for internal


           // operations.


           if(!isInternalOperation())


           {


            if (a.hasOptions())


            {


              setResultCode(ResultCode.UNWILLING_TO_PERFORM);


@@ -1404,7 +1406,7 @@


              appendErrorMessage(getMessage(msgID));


              break modifyProcessing;


            }




           }




            // Check to see whether this will adding, deleting, or replacing


            // password values (increment doesn't make any sense for passwords).


@@ -1429,10 +1431,11 @@


                {


                  numPasswords = passwordsToAdd;


                }




                // If there were multiple password values provided, then make


                // sure that's OK.


                if ((! pwPolicyState.allowMultiplePasswordValues()) &&




                if ((!isInternalOperation()) &&


                        (! pwPolicyState.allowMultiplePasswordValues()) &&


                    (passwordsToAdd > 1))


                {


                  setResultCode(ResultCode.UNWILLING_TO_PERFORM);


@@ -1450,7 +1453,8 @@


                {


                  if (pwPolicyState.passwordIsPreEncoded(v.getValue()))


                  {


                    if (! pwPolicyState.allowPreEncodedPasswords())


                    if ((!isInternalOperation()) &&


                            ! pwPolicyState.allowPreEncodedPasswords())


                    {


                      setResultCode(ResultCode.UNWILLING_TO_PERFORM);




@@ -1521,7 +1525,7 @@


                {


                  if (pwPolicyState.passwordIsPreEncoded(v.getValue()))


                  {


                    if (selfChange)


                    if ((!isInternalOperation()) && selfChange)


                    {


                      setResultCode(ResultCode.UNWILLING_TO_PERFORM);