From fd2092b89bfd222d23d01576baf4a283e7e1c62a Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Thu, 06 Sep 2007 01:14:54 +0000
Subject: [PATCH] Update password storage scheme references in the server so that they use DNs rather than storage scheme names. This will allow better consistency in the configuration, since all other references between configuration objects are DN-based, and it will work better with the upcoming aggregation support. It also eliminates the need to know the storage scheme name, which is not obvious from looking at the configuration entry for the storage scheme, and can actually vary in some implementations depending on whether it's used with a user password or auth password syntax attribute.
---
opends/src/server/org/opends/server/core/PasswordPolicy.java | 83 ++++++++++++++++++++++++++++++-----------
1 files changed, 60 insertions(+), 23 deletions(-)
diff --git a/opends/src/server/org/opends/server/core/PasswordPolicy.java b/opends/src/server/org/opends/server/core/PasswordPolicy.java
index ed44124..8de6b4e 100644
--- a/opends/src/server/org/opends/server/core/PasswordPolicy.java
+++ b/opends/src/server/org/opends/server/core/PasswordPolicy.java
@@ -25,7 +25,6 @@
* Portions Copyright 2006-2007 Sun Microsystems, Inc.
*/
package org.opends.server.core;
-import org.opends.messages.Message;
@@ -33,6 +32,7 @@
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedHashMap;
+import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.SortedSet;
import java.util.TimeZone;
@@ -40,6 +40,7 @@
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.concurrent.CopyOnWriteArraySet;
+import org.opends.messages.Message;
import org.opends.server.admin.std.meta.PasswordPolicyCfgDefn;
import org.opends.server.admin.std.server.PasswordPolicyCfg;
import org.opends.server.admin.std.server.PasswordValidatorCfg;
@@ -48,18 +49,18 @@
import org.opends.server.api.PasswordStorageScheme;
import org.opends.server.api.PasswordValidator;
import org.opends.server.config.ConfigException;
+import org.opends.server.loggers.debug.DebugTracer;
import org.opends.server.protocols.asn1.ASN1OctetString;
import org.opends.server.schema.GeneralizedTimeSyntax;
import org.opends.server.types.AttributeType;
import org.opends.server.types.ByteString;
+import org.opends.server.types.DebugLogLevel;
import org.opends.server.types.DN;
import org.opends.server.types.InitializationException;
+import static org.opends.messages.CoreMessages.*;
import static org.opends.server.config.ConfigConstants.*;
import static org.opends.server.loggers.debug.DebugLogger.*;
-import org.opends.server.loggers.debug.DebugTracer;
-import org.opends.server.types.DebugLogLevel;
-import static org.opends.messages.CoreMessages.*;
import static org.opends.server.schema.SchemaConstants.*;
import static org.opends.server.util.ServerConstants.*;
import static org.opends.server.util.StaticUtils.*;
@@ -294,11 +295,11 @@
// Get the default storage schemes. They must all reference valid storage
// schemes that support the syntax for the specified password attribute.
- SortedSet<String> storageSchemes =
- configuration.getDefaultPasswordStorageScheme();
+ SortedSet<DN> storageSchemeDNs =
+ configuration.getDefaultPasswordStorageSchemeDN();
try
{
- if (storageSchemes == null)
+ if (storageSchemeDNs == null)
{
Message message = ERR_PWPOLICY_NO_DEFAULT_STORAGE_SCHEMES.get(
String.valueOf(configEntryDN));
@@ -308,27 +309,28 @@
{
LinkedList<PasswordStorageScheme> schemes =
new LinkedList<PasswordStorageScheme>();
- for (String schemeName : storageSchemes)
+ for (DN configEntryDN : storageSchemeDNs)
{
- PasswordStorageScheme scheme;
- if (this.authPasswordSyntax)
- {
- scheme = DirectoryServer.getAuthPasswordStorageScheme(schemeName);
- }
- else
- {
- scheme = DirectoryServer.getPasswordStorageScheme(
- toLowerCase(schemeName));
- }
+ PasswordStorageScheme scheme =
+ DirectoryServer.getPasswordStorageScheme(configEntryDN);
if (scheme == null)
{
Message message = ERR_PWPOLICY_NO_SUCH_DEFAULT_SCHEME.get(
- String.valueOf(configEntryDN), String.valueOf(schemeName));
+ String.valueOf(configEntryDN), String.valueOf(configEntryDN));
throw new ConfigException(message);
}
else
{
+ if (this.authPasswordSyntax &&
+ (! scheme.supportsAuthPasswordSyntax()))
+ {
+ Message message = ERR_PWPOLICY_SCHEME_DOESNT_SUPPORT_AUTH.get(
+ String.valueOf(configEntryDN),
+ this.passwordAttribute.getNameOrOID());
+ throw new ConfigException(message);
+ }
+
schemes.add(scheme);
}
}
@@ -355,14 +357,49 @@
// Get the names of the deprecated storage schemes.
- SortedSet<String> deprecatedStorageSchemes =
- configuration.getDeprecatedPasswordStorageScheme();
+ SortedSet<DN> deprecatedStorageSchemeDNs =
+ configuration.getDeprecatedPasswordStorageSchemeDN();
try
{
- if (deprecatedStorageSchemes != null)
+ if (deprecatedStorageSchemeDNs != null)
{
+ LinkedHashSet<String> newDeprecatedStorageSchemes =
+ new LinkedHashSet<String>();
+ for (DN schemeDN : deprecatedStorageSchemeDNs)
+ {
+ PasswordStorageScheme scheme =
+ DirectoryServer.getPasswordStorageScheme(schemeDN);
+ if (scheme == null)
+ {
+ Message message = ERR_PWPOLICY_NO_SUCH_DEPRECATED_SCHEME.get(
+ String.valueOf(configEntryDN),
+ String.valueOf(schemeDN));
+ throw new ConfigException(message);
+ }
+ else if (this.authPasswordSyntax)
+ {
+ if (scheme.supportsAuthPasswordSyntax())
+ {
+ newDeprecatedStorageSchemes.add(
+ scheme.getAuthPasswordSchemeName());
+ }
+ else
+ {
+ Message message = ERR_PWPOLICY_DEPRECATED_SCHEME_NOT_AUTH.get(
+ String.valueOf(configEntryDN),
+ String.valueOf(schemeDN));
+ throw new ConfigException(message);
+ }
+ }
+ else
+ {
+ newDeprecatedStorageSchemes.add(
+ toLowerCase(scheme.getStorageSchemeName()));
+ }
+ }
+
this.deprecatedStorageSchemes =
- new CopyOnWriteArraySet<String>(deprecatedStorageSchemes);
+ new CopyOnWriteArraySet<String>(newDeprecatedStorageSchemes);
}
}
catch (Exception e)
--
Gitblit v1.10.0