From abf2b98003c52deb2319cfd64a6e280531e84324 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Mon, 14 Aug 2006 13:33:54 +0000
Subject: [PATCH] Make a few changes in the area of account status notifications:
---
opends/src/server/org/opends/server/core/BindOperation.java | 188 +++++++++++++++++++++++++++++++++++++++++++---
1 files changed, 175 insertions(+), 13 deletions(-)
diff --git a/opends/src/server/org/opends/server/core/BindOperation.java b/opends/src/server/org/opends/server/core/BindOperation.java
index d621ec1..1769d59 100644
--- a/opends/src/server/org/opends/server/core/BindOperation.java
+++ b/opends/src/server/org/opends/server/core/BindOperation.java
@@ -46,6 +46,7 @@
import org.opends.server.controls.PasswordPolicyResponseControl;
import org.opends.server.controls.PasswordPolicyWarningType;
import org.opends.server.protocols.asn1.ASN1OctetString;
+import org.opends.server.types.AccountStatusNotificationType;
import org.opends.server.types.Attribute;
import org.opends.server.types.AttributeType;
import org.opends.server.types.AttributeValue;
@@ -128,6 +129,9 @@
// The bind DN used for this bind operation.
private DN bindDN;
+ // The DN of the user entry that is attempting to authenticate.
+ private DN userEntryDN;
+
// The DN of the user as whom a SASL authentication was attempted (regardless
// of whether the authentication was successful) for the purpose of updating
// password policy state information.
@@ -205,6 +209,7 @@
this.saslCredentials = null;
bindDN = null;
+ userEntryDN = null;
responseControls = new ArrayList<Control>(0);
authFailureID = 0;
authFailureReason = null;
@@ -261,6 +266,7 @@
this.simplePassword = null;
bindDN = null;
+ userEntryDN = null;
responseControls = new ArrayList<Control>(0);
authFailureID = 0;
authFailureReason = null;
@@ -324,6 +330,7 @@
pwPolicyErrorType = null;
pwPolicyWarningType = null;
pwPolicyWarningValue = -1;
+ userEntryDN = null;
}
@@ -379,6 +386,7 @@
authFailureID = 0;
authFailureReason = null;
saslAuthUserEntry = null;
+ userEntryDN = null;
}
@@ -701,6 +709,24 @@
/**
+ * Retrieves the user entry DN for this bind operation. It will only be
+ * available if the bind processing has proceeded far enough to identify the
+ * user attempting to authenticate or if the user DN could not be determined.
+ *
+ * @return The user entry DN for this bind operation, or <CODE>null</CODE> if
+ * the bind processing has not progressed far enough to identify the
+ * user or if the user DN could not be determined.
+ */
+ public DN getUserEntryDN()
+ {
+ assert debugEnter(CLASS_NAME, "getUserEntryDN");
+
+ return userEntryDN;
+ }
+
+
+
+ /**
* Retrieves the time that processing started for this operation.
*
* @return The time that processing started for this operation.
@@ -1122,6 +1148,10 @@
setAuthFailureReason(msgID, message);
break bindProcessing;
}
+ else
+ {
+ userEntryDN = userEntry.getDN();
+ }
// Check to see if the user has a password. If not, then fail.
@@ -1172,6 +1202,11 @@
setResultCode(ResultCode.INVALID_CREDENTIALS);
setAuthFailureReason(msgID, message);
+
+ pwPolicyState.generateAccountStatusNotification(
+ AccountStatusNotificationType.ACCOUNT_EXPIRED, bindDN, msgID,
+ message);
+
break bindProcessing;
}
else if (pwPolicyState.lockedDueToFailures())
@@ -1200,6 +1235,11 @@
setResultCode(ResultCode.INVALID_CREDENTIALS);
setAuthFailureReason(msgID, message);
+
+ pwPolicyState.generateAccountStatusNotification(
+ AccountStatusNotificationType.ACCOUNT_RESET_LOCKED, bindDN,
+ msgID, message);
+
break bindProcessing;
}
else if (pwPolicyState.lockedDueToIdleInterval())
@@ -1214,6 +1254,11 @@
setResultCode(ResultCode.INVALID_CREDENTIALS);
setAuthFailureReason(msgID, message);
+
+ pwPolicyState.generateAccountStatusNotification(
+ AccountStatusNotificationType.ACCOUNT_IDLE_LOCKED, bindDN,
+ msgID, message);
+
break bindProcessing;
}
@@ -1252,6 +1297,11 @@
setResultCode(ResultCode.INVALID_CREDENTIALS);
setAuthFailureReason(msgID, message);
+
+ pwPolicyState.generateAccountStatusNotification(
+ AccountStatusNotificationType.PASSWORD_EXPIRED, bindDN,
+ msgID, message);
+
break bindProcessing;
}
}
@@ -1262,17 +1312,28 @@
setResultCode(ResultCode.INVALID_CREDENTIALS);
setAuthFailureReason(msgID, message);
+
+ pwPolicyState.generateAccountStatusNotification(
+ AccountStatusNotificationType.PASSWORD_EXPIRED, bindDN,
+ msgID, message);
+
break bindProcessing;
}
}
else if (pwPolicyState.shouldWarn())
{
+ int numSeconds = pwPolicyState.getSecondsUntilExpiration();
+ String timeToExpiration = secondsToTimeString(numSeconds);
+
+ int msgID = MSGID_BIND_PASSWORD_EXPIRING;
+ String message = getMessage(msgID, timeToExpiration);
+ appendErrorMessage(message);
+
if (pwPolicyWarningType == null)
{
pwPolicyWarningType =
PasswordPolicyWarningType.TIME_BEFORE_EXPIRATION;
- pwPolicyWarningValue =
- pwPolicyState.getSecondsUntilExpiration();
+ pwPolicyWarningValue = numSeconds;
}
isFirstWarning = pwPolicyState.isFirstWarning();
@@ -1418,6 +1479,16 @@
if (isFirstWarning)
{
pwPolicyState.setWarnedTime();
+
+ int numSeconds = pwPolicyState.getSecondsUntilExpiration();
+ String timeToExpiration = secondsToTimeString(numSeconds);
+
+ int msgID = MSGID_BIND_PASSWORD_EXPIRING;
+ String message = getMessage(msgID, timeToExpiration);
+
+ pwPolicyState.generateAccountStatusNotification(
+ AccountStatusNotificationType.PASSWORD_EXPIRING, bindDN,
+ msgID, message);
}
if (isGraceLogin)
@@ -1439,10 +1510,32 @@
if (maxAllowedFailures > 0)
{
pwPolicyState.updateAuthFailureTimes();
- if (pwPolicyState.getAuthFailureTimes().size() >
+ if (pwPolicyState.getAuthFailureTimes().size() >=
maxAllowedFailures)
{
pwPolicyState.lockDueToFailures();
+
+ AccountStatusNotificationType notificationType;
+
+ int lockoutDuration = pwPolicyState.getLockoutDuration();
+ if (lockoutDuration > 0)
+ {
+ notificationType = AccountStatusNotificationType.
+ ACCOUNT_TEMPORARILY_LOCKED;
+ msgID = MSGID_BIND_ACCOUNT_TEMPORARILY_LOCKED;
+ message = getMessage(msgID,
+ secondsToTimeString(lockoutDuration));
+ }
+ else
+ {
+ notificationType = AccountStatusNotificationType.
+ ACCOUNT_PERMANENTLY_LOCKED;
+ msgID = MSGID_BIND_ACCOUNT_PERMANENTLY_LOCKED;
+ message = getMessage(msgID);
+ }
+
+ pwPolicyState.generateAccountStatusNotification(
+ notificationType, userEntryDN, msgID, message);
}
}
}
@@ -1532,7 +1625,8 @@
// FIXME -- Need to have a way to enable debugging.
pwPolicyState = new PasswordPolicyState(saslAuthUserEntry, false,
false);
- userDNString = String.valueOf(saslAuthUserEntry.getDN());
+ userEntryDN = saslAuthUserEntry.getDN();
+ userDNString = String.valueOf(userEntryDN);
}
catch (DirectoryException de)
{
@@ -1560,8 +1654,14 @@
{
setResultCode(ResultCode.INVALID_CREDENTIALS);
- int msgID = MSGID_BIND_OPERATION_ACCOUNT_EXPIRED;
- appendErrorMessage(getMessage(msgID, userDNString));
+ int msgID = MSGID_BIND_OPERATION_ACCOUNT_EXPIRED;
+ String message = getMessage(msgID, userDNString);
+ appendErrorMessage(message);
+
+ pwPolicyState.generateAccountStatusNotification(
+ AccountStatusNotificationType.ACCOUNT_EXPIRED, bindDN, msgID,
+ message);
+
break bindProcessing;
}
@@ -1600,8 +1700,14 @@
pwPolicyErrorType = PasswordPolicyErrorType.ACCOUNT_LOCKED;
}
- int msgID = MSGID_BIND_OPERATION_ACCOUNT_IDLE_LOCKED;
- appendErrorMessage(getMessage(msgID, userDNString));
+ int msgID = MSGID_BIND_OPERATION_ACCOUNT_IDLE_LOCKED;
+ String message = getMessage(msgID, userDNString);
+ appendErrorMessage(message);
+
+ pwPolicyState.generateAccountStatusNotification(
+ AccountStatusNotificationType.ACCOUNT_IDLE_LOCKED, bindDN,
+ msgID, message);
+
break bindProcessing;
}
@@ -1617,8 +1723,14 @@
pwPolicyErrorType = PasswordPolicyErrorType.ACCOUNT_LOCKED;
}
- int msgID = MSGID_BIND_OPERATION_ACCOUNT_RESET_LOCKED;
- appendErrorMessage(getMessage(msgID, userDNString));
+ int msgID = MSGID_BIND_OPERATION_ACCOUNT_RESET_LOCKED;
+ String message = getMessage(msgID, userDNString);
+ appendErrorMessage(message);
+
+ pwPolicyState.generateAccountStatusNotification(
+ AccountStatusNotificationType.ACCOUNT_RESET_LOCKED, bindDN,
+ msgID, message);
+
break bindProcessing;
}
@@ -1655,6 +1767,11 @@
setResultCode(ResultCode.INVALID_CREDENTIALS);
setAuthFailureReason(msgID, message);
+
+ pwPolicyState.generateAccountStatusNotification(
+ AccountStatusNotificationType.PASSWORD_EXPIRED, bindDN,
+ msgID, message);
+
break bindProcessing;
}
}
@@ -1665,17 +1782,28 @@
setResultCode(ResultCode.INVALID_CREDENTIALS);
setAuthFailureReason(msgID, message);
+
+ pwPolicyState.generateAccountStatusNotification(
+ AccountStatusNotificationType.PASSWORD_EXPIRED, bindDN,
+ msgID, message);
+
break bindProcessing;
}
}
else if (pwPolicyState.shouldWarn())
{
+ int numSeconds = pwPolicyState.getSecondsUntilExpiration();
+ String timeToExpiration = secondsToTimeString(numSeconds);
+
+ int msgID = MSGID_BIND_PASSWORD_EXPIRING;
+ String message = getMessage(msgID, timeToExpiration);
+ appendErrorMessage(message);
+
if (pwPolicyWarningType == null)
{
pwPolicyWarningType =
PasswordPolicyWarningType.TIME_BEFORE_EXPIRATION;
- pwPolicyWarningValue =
- pwPolicyState.getSecondsUntilExpiration();
+ pwPolicyWarningValue = numSeconds;
}
isFirstWarning = pwPolicyState.isFirstWarning();
@@ -1701,6 +1829,16 @@
if (isFirstWarning)
{
pwPolicyState.setWarnedTime();
+
+ int numSeconds = pwPolicyState.getSecondsUntilExpiration();
+ String timeToExpiration = secondsToTimeString(numSeconds);
+
+ int msgID = MSGID_BIND_PASSWORD_EXPIRING;
+ String message = getMessage(msgID, timeToExpiration);
+
+ pwPolicyState.generateAccountStatusNotification(
+ AccountStatusNotificationType.PASSWORD_EXPIRING, bindDN,
+ msgID, message);
}
if (isGraceLogin)
@@ -1809,10 +1947,34 @@
if (maxAllowedFailures > 0)
{
pwPolicyState.updateAuthFailureTimes();
- if (pwPolicyState.getAuthFailureTimes().size() >
+ if (pwPolicyState.getAuthFailureTimes().size() >=
maxAllowedFailures)
{
pwPolicyState.lockDueToFailures();
+
+ AccountStatusNotificationType notificationType;
+ int msgID;
+ String message;
+
+ int lockoutDuration = pwPolicyState.getLockoutDuration();
+ if (lockoutDuration > 0)
+ {
+ notificationType = AccountStatusNotificationType.
+ ACCOUNT_TEMPORARILY_LOCKED;
+ msgID = MSGID_BIND_ACCOUNT_TEMPORARILY_LOCKED;
+ message = getMessage(msgID,
+ secondsToTimeString(lockoutDuration));
+ }
+ else
+ {
+ notificationType = AccountStatusNotificationType.
+ ACCOUNT_PERMANENTLY_LOCKED;
+ msgID = MSGID_BIND_ACCOUNT_PERMANENTLY_LOCKED;
+ message = getMessage(msgID);
+ }
+
+ pwPolicyState.generateAccountStatusNotification(
+ notificationType, userEntryDN, msgID, message);
}
}
}
--
Gitblit v1.10.0