| | |
|---|
| | | import static org.opends.server.util.ServerConstants.*; |
|---|
| | | import static org.opends.server.util.StaticUtils.*; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * This class defines an operation used to modify an entry in a local backend |
|---|
| | | * of the Directory Server. |
|---|
| | | */ |
|---|
| | | /** This class defines an operation used to modify an entry in a local backend of the Directory Server. */ |
|---|
| | | public class LocalBackendModifyOperation |
|---|
| | | extends ModifyOperationWrapper |
|---|
| | | implements PreOperationModifyOperation, PostOperationModifyOperation, |
|---|
| | |
|---|
| | | numPasswords = 0; |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | // If it's not an internal or synchronization operation, then iterate |
|---|
| | | // through the set of modifications to see if a password is included in the |
|---|
| | | // changes. If so, then add the appropriate state changes to the set of |
|---|
| | | // modifications. |
|---|
| | | // FIXME, should this loop be merged with the next loop? |
|---|
| | | if (!isInternalOperation() && !isSynchronizationOperation()) |
|---|
| | | { |
|---|
| | | for (Modification m : modifications) |
|---|
| | | { |
|---|
| | | AttributeType t = m.getAttribute().getAttributeType(); |
|---|
| | | if (isPassword(t)) |
|---|
| | | { |
|---|
| | | passwordChanged = true; |
|---|
| | | if (!selfChange && !clientConnection.hasPrivilege(Privilege.PASSWORD_RESET, this)) |
|---|
| | | { |
|---|
| | | pwpErrorType = PasswordPolicyErrorType.PASSWORD_MOD_NOT_ALLOWED; |
|---|
| | | throw new DirectoryException( |
|---|
| | | ResultCode.INSUFFICIENT_ACCESS_RIGHTS, |
|---|
| | | ERR_MODIFY_PWRESET_INSUFFICIENT_PRIVILEGES.get()); |
|---|
| | | } |
|---|
| | | break; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | passwordChanged = !isInternalOperation() && !isSynchronizationOperation() && isModifyingPassword(); |
|---|
| | | |
|---|
| | | |
|---|
| | | for (Modification m : modifications) |
|---|
| | |
|---|
| | | if (!isSynchronizationOperation()) |
|---|
| | | { |
|---|
| | | // If the attribute contains any options and new values are going to |
|---|
| | | // be added, then reject it. Passwords will not be allowed to have |
|---|
| | | // options. Skipped for internal operations. |
|---|
| | | // be added, then reject it. Passwords will not be allowed to have options. |
|---|
| | | if (!isInternalOperation()) |
|---|
| | | { |
|---|
| | | validatePasswordModification(m, authPolicy); |
|---|
| | | } |
|---|
| | | |
|---|
| | | // Check to see whether this will adding, deleting, or replacing |
|---|
| | | // password values (increment doesn't make any sense for passwords), |
|---|
| | | // then add the appropriate state changes for that kind of modification. |
|---|
| | | switch (m.getModificationType().asEnum()) |
|---|
| | | { |
|---|
| | | case ADD: |
|---|
| | | case REPLACE: |
|---|
| | | processInitialAddOrReplacePW(m); |
|---|
| | | break; |
|---|
| | | |
|---|
| | | case DELETE: |
|---|
| | | processInitialDeletePW(m); |
|---|
| | | break; |
|---|
| | | |
|---|
| | | default: |
|---|
| | | throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, |
|---|
| | | ERR_MODIFY_INVALID_MOD_TYPE_FOR_PASSWORD.get( |
|---|
| | | m.getModificationType(), a.getName())); |
|---|
| | | } |
|---|
| | | |
|---|
| | | // Password processing may have changed the attribute in this modification. |
|---|
| | | a = m.getAttribute(); |
|---|
| | | } |
|---|
| | | |
|---|
| | | processInitialSchema(m.getModificationType(), a); |
|---|
| | | } |
|---|
| | | else if (!isInternalOrSynchro(m) |
|---|
| | | && t.equals(getAttributeTypeOrDefault(OP_ATTR_ACCOUNT_DISABLED))) |
|---|
| | | { |
|---|
| | | enabledStateChanged = true; |
|---|
| | | isEnabled = pwPolicyState != null && !pwPolicyState.isDisabled(); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | private boolean isModifyingPassword() throws DirectoryException |
|---|
| | | { |
|---|
| | | for (Modification m : modifications) |
|---|
| | | { |
|---|
| | | AttributeType t = m.getAttribute().getAttributeType(); |
|---|
| | | if (isPassword(t)) |
|---|
| | | { |
|---|
| | | if (!selfChange && !clientConnection.hasPrivilege(Privilege.PASSWORD_RESET, this)) |
|---|
| | | { |
|---|
| | | pwpErrorType = PasswordPolicyErrorType.PASSWORD_MOD_NOT_ALLOWED; |
|---|
| | | throw new DirectoryException( |
|---|
| | | ResultCode.INSUFFICIENT_ACCESS_RIGHTS, |
|---|
| | | ERR_MODIFY_PWRESET_INSUFFICIENT_PRIVILEGES.get()); |
|---|
| | | } |
|---|
| | | return true; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | | |
|---|
| | | private void validatePasswordModification(Modification m, PasswordPolicy authPolicy) throws DirectoryException |
|---|
| | | { |
|---|
| | | Attribute a = m.getAttribute(); |
|---|
| | | if (a.hasOptions()) |
|---|
| | | { |
|---|
| | | switch (m.getModificationType().asEnum()) |
|---|
| | |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | // Check to see whether this will adding, deleting, or replacing |
|---|
| | | // password values (increment doesn't make any sense for passwords). |
|---|
| | | // Then perform the appropriate type of processing for that kind of modification. |
|---|
| | | switch (m.getModificationType().asEnum()) |
|---|
| | | { |
|---|
| | | case ADD: |
|---|
| | | case REPLACE: |
|---|
| | | processInitialAddOrReplacePW(m); |
|---|
| | | break; |
|---|
| | | |
|---|
| | | case DELETE: |
|---|
| | | processInitialDeletePW(m); |
|---|
| | | break; |
|---|
| | | |
|---|
| | | default: |
|---|
| | | throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, |
|---|
| | | ERR_MODIFY_INVALID_MOD_TYPE_FOR_PASSWORD.get( |
|---|
| | | m.getModificationType(), a.getName())); |
|---|
| | | } |
|---|
| | | |
|---|
| | | // Password processing may have changed the attribute in this modification. |
|---|
| | | a = m.getAttribute(); |
|---|
| | | } |
|---|
| | | |
|---|
| | | processInitialSchema(m.getModificationType(), a); |
|---|
| | | } |
|---|
| | | else if (!isInternalOrSynchro(m) |
|---|
| | | && t.equals(getAttributeTypeOrDefault(OP_ATTR_ACCOUNT_DISABLED))) |
|---|
| | | { |
|---|
| | | enabledStateChanged = true; |
|---|
| | | isEnabled = pwPolicyState != null && !pwPolicyState.isDisabled(); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Performs the initial schema processing and updates the entry appropriately. |
|---|
| | | * |
|---|
| | |
|---|
| | | |
|---|
| | | private boolean mustCheckSchema() |
|---|
| | | { |
|---|
| | | return DirectoryServer.checkSchema() && !isSynchronizationOperation(); |
|---|
| | | return !isSynchronizationOperation() && DirectoryServer.checkSchema(); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
