| | |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | try |
|---|
| | | { |
|---|
| | | handleSchemaProcessing(); |
|---|
| | | } |
|---|
| | | catch (DirectoryException de) |
|---|
| | | { |
|---|
| | | if (debugEnabled()) |
|---|
| | | { |
|---|
| | | TRACER.debugCaught(DebugLogLevel.ERROR, de); |
|---|
| | | } |
|---|
| | | |
|---|
| | | setResponseData(de); |
|---|
| | | break modifyProcessing; |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | // Check to see if the client has permission to perform the modify. |
|---|
| | | // The access control check is not made any earlier because the handler |
|---|
| | | // needs access to the modified entry. |
|---|
| | |
|---|
| | | |
|---|
| | | try |
|---|
| | | { |
|---|
| | | handleInitialPasswordPolicyAndSchemaProcessing(); |
|---|
| | | handleInitialPasswordPolicyProcessing(); |
|---|
| | | |
|---|
| | | wasLocked = false; |
|---|
| | | if (passwordChanged) |
|---|
| | |
|---|
| | | /** |
|---|
| | | * Gets the entry to modify. |
|---|
| | | * |
|---|
| | | * @return The entry retrieved from the backend. |
|---|
| | | * |
|---|
| | | * @throws DirectoryException If a problem occurs while trying to get the |
|---|
| | | * entry, or if the entry doesn't exist. |
|---|
| | |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Handles the initial set of password policy and schema processing for this |
|---|
| | | * modify operation. |
|---|
| | | * Handles schema processing for non-password modifications. |
|---|
| | | * |
|---|
| | | * @throws DirectoryException If a problem is encountered that should cause |
|---|
| | | * the modify operation to fail. |
|---|
| | | */ |
|---|
| | | private void handleInitialPasswordPolicyAndSchemaProcessing() |
|---|
| | | throws DirectoryException |
|---|
| | | private void handleSchemaProcessing() throws DirectoryException |
|---|
| | | { |
|---|
| | | // Declare variables used for password policy state processing. |
|---|
| | | currentPasswordProvided = false; |
|---|
| | | isEnabled = true; |
|---|
| | | enabledStateChanged = false; |
|---|
| | | if (currentEntry.hasAttribute( |
|---|
| | | pwPolicyState.getPolicy().getPasswordAttribute())) |
|---|
| | | { |
|---|
| | | // It may actually have more than one, but we can't tell the difference if |
|---|
| | | // the values are encoded, and its enough for our purposes just to know |
|---|
| | | // that there is at least one. |
|---|
| | | numPasswords = 1; |
|---|
| | | } |
|---|
| | | else |
|---|
| | | { |
|---|
| | | numPasswords = 0; |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | // If it's not an internal or synchronization operation, then iterate |
|---|
| | | // through the set of modifications to see if a password is included in the |
|---|
| | | // changes. If so, then add the appropriate state changes to the set of |
|---|
| | | // modifications. |
|---|
| | | if (! (isInternalOperation() || isSynchronizationOperation())) |
|---|
| | | { |
|---|
| | | for (Modification m : modifications) |
|---|
| | | { |
|---|
| | | if (m.getAttribute().getAttributeType().equals( |
|---|
| | | pwPolicyState.getPolicy().getPasswordAttribute())) |
|---|
| | | { |
|---|
| | | passwordChanged = true; |
|---|
| | | if (! selfChange) |
|---|
| | | { |
|---|
| | | if (! clientConnection.hasPrivilege(Privilege.PASSWORD_RESET, this)) |
|---|
| | | { |
|---|
| | | pwpErrorType = PasswordPolicyErrorType.PASSWORD_MOD_NOT_ALLOWED; |
|---|
| | | throw new DirectoryException( |
|---|
| | | ResultCode.INSUFFICIENT_ACCESS_RIGHTS, |
|---|
| | | ERR_MODIFY_PWRESET_INSUFFICIENT_PRIVILEGES.get()); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | break; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | for (Modification m : modifications) |
|---|
| | | { |
|---|
| | |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | // If the modification is not updating the password attribute, |
|---|
| | | // then check if the isEnabled flag should be set and then perform any |
|---|
| | | // schema processing. |
|---|
| | | boolean isPassword = |
|---|
| | | t.equals(pwPolicyState.getPolicy().getPasswordAttribute()); |
|---|
| | | if (!isPassword ) |
|---|
| | | { |
|---|
| | | // See if it's an attribute used to maintain the account |
|---|
| | | // enabled/disabled state. |
|---|
| | | AttributeType disabledAttr = |
|---|
| | | DirectoryServer.getAttributeType(OP_ATTR_ACCOUNT_DISABLED, true); |
|---|
| | | if (t.equals(disabledAttr)) |
|---|
| | | { |
|---|
| | | enabledStateChanged = true; |
|---|
| | | for (AttributeValue v : a.getValues()) |
|---|
| | | { |
|---|
| | | try |
|---|
| | | { |
|---|
| | | isEnabled = |
|---|
| | | (! BooleanSyntax.decodeBooleanValue(v.getNormalizedValue())); |
|---|
| | | } |
|---|
| | | catch (DirectoryException de) |
|---|
| | | { |
|---|
| | | throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, |
|---|
| | | ERR_MODIFY_INVALID_DISABLED_VALUE.get( |
|---|
| | | OP_ATTR_ACCOUNT_DISABLED, |
|---|
| | | String.valueOf(de.getMessageObject())), de); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | switch (m.getModificationType()) |
|---|
| | | { |
|---|
| | | case ADD: |
|---|
| | | processInitialAddSchema(a); |
|---|
| | | break; |
|---|
| | | |
|---|
| | | case DELETE: |
|---|
| | | processInitialDeleteSchema(a); |
|---|
| | | break; |
|---|
| | | |
|---|
| | | case REPLACE: |
|---|
| | | processInitialReplaceSchema(a); |
|---|
| | | break; |
|---|
| | | |
|---|
| | | case INCREMENT: |
|---|
| | | processInitialIncrementSchema(a); |
|---|
| | | break; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Handles the initial set of password policy for this modify operation. |
|---|
| | | * |
|---|
| | | * @throws DirectoryException If a problem is encountered that should cause |
|---|
| | | * the modify operation to fail. |
|---|
| | | */ |
|---|
| | | private void handleInitialPasswordPolicyProcessing() |
|---|
| | | throws DirectoryException |
|---|
| | | { |
|---|
| | | // Declare variables used for password policy state processing. |
|---|
| | | currentPasswordProvided = false; |
|---|
| | | isEnabled = true; |
|---|
| | | enabledStateChanged = false; |
|---|
| | | if (currentEntry.hasAttribute( |
|---|
| | | pwPolicyState.getPolicy().getPasswordAttribute())) |
|---|
| | | { |
|---|
| | | // It may actually have more than one, but we can't tell the difference if |
|---|
| | | // the values are encoded, and its enough for our purposes just to know |
|---|
| | | // that there is at least one. |
|---|
| | | numPasswords = 1; |
|---|
| | | } |
|---|
| | | else |
|---|
| | | { |
|---|
| | | numPasswords = 0; |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | // If it's not an internal or synchronization operation, then iterate |
|---|
| | | // through the set of modifications to see if a password is included in the |
|---|
| | | // changes. If so, then add the appropriate state changes to the set of |
|---|
| | | // modifications. |
|---|
| | | if (! (isInternalOperation() || isSynchronizationOperation())) |
|---|
| | | { |
|---|
| | | for (Modification m : modifications) |
|---|
| | | { |
|---|
| | | AttributeType t = m.getAttribute().getAttributeType(); |
|---|
| | | boolean isPassword = |
|---|
| | | t.equals(pwPolicyState.getPolicy().getPasswordAttribute()); |
|---|
| | | if (isPassword) |
|---|
| | | { |
|---|
| | | passwordChanged = true; |
|---|
| | | if (! selfChange) |
|---|
| | | { |
|---|
| | | if (! clientConnection.hasPrivilege(Privilege.PASSWORD_RESET, this)) |
|---|
| | | { |
|---|
| | | pwpErrorType = PasswordPolicyErrorType.PASSWORD_MOD_NOT_ALLOWED; |
|---|
| | | throw new DirectoryException( |
|---|
| | | ResultCode.INSUFFICIENT_ACCESS_RIGHTS, |
|---|
| | | ERR_MODIFY_PWRESET_INSUFFICIENT_PRIVILEGES.get()); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | break; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | for (Modification m : modifications) |
|---|
| | | { |
|---|
| | | Attribute a = m.getAttribute(); |
|---|
| | | AttributeType t = a.getAttributeType(); |
|---|
| | | |
|---|
| | | |
|---|
| | | // If the modification is updating the password attribute, then perform |
|---|
| | | // any necessary password policy processing. This processing should be |
|---|
| | |
|---|
| | | String.valueOf(m.getModificationType()), |
|---|
| | | a.getName())); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | else |
|---|
| | | { |
|---|
| | | // See if it's an attribute used to maintain the account |
|---|
| | | // enabled/disabled state. |
|---|
| | | AttributeType disabledAttr = |
|---|
| | | DirectoryServer.getAttributeType(OP_ATTR_ACCOUNT_DISABLED, true); |
|---|
| | | if (t.equals(disabledAttr)) |
|---|
| | | { |
|---|
| | | enabledStateChanged = true; |
|---|
| | | for (AttributeValue v : a.getValues()) |
|---|
| | | { |
|---|
| | | try |
|---|
| | | { |
|---|
| | | isEnabled = |
|---|
| | | (! BooleanSyntax.decodeBooleanValue(v.getNormalizedValue())); |
|---|
| | | } |
|---|
| | | catch (DirectoryException de) |
|---|
| | | { |
|---|
| | | throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, |
|---|
| | | ERR_MODIFY_INVALID_DISABLED_VALUE.get( |
|---|
| | | OP_ATTR_ACCOUNT_DISABLED, |
|---|
| | | String.valueOf(de.getMessageObject())), de); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | switch (m.getModificationType()) |
|---|
| | | { |
|---|
| | |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | |
|---|
