From 3883d2297c3422d8aec2b40530c2d2b0a00ee57d Mon Sep 17 00:00:00 2001
From: Matthew Swift <matthew.swift@forgerock.com>
Date: Thu, 25 Aug 2011 16:27:28 +0000
Subject: [PATCH] Final refactoring work for OPENDJ-262: Implement pass through authentication (PTA)

---
 opends/src/server/org/opends/server/extensions/CRAMMD5SASLMechanismHandler.java |   20 +++++++++++++++-----
 1 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/opends/src/server/org/opends/server/extensions/CRAMMD5SASLMechanismHandler.java b/opends/src/server/org/opends/server/extensions/CRAMMD5SASLMechanismHandler.java
index 0f1b8d6..e494529 100644
--- a/opends/src/server/org/opends/server/extensions/CRAMMD5SASLMechanismHandler.java
+++ b/opends/src/server/org/opends/server/extensions/CRAMMD5SASLMechanismHandler.java
@@ -23,6 +23,7 @@
  *
  *
  *      Copyright 2006-2009 Sun Microsystems, Inc.
+ *      Portions copyright 2011 ForgeRock AS.
  */
 package org.opends.server.extensions;
 
@@ -40,9 +41,7 @@
 import org.opends.server.admin.server.ConfigurationChangeListener;
 import org.opends.server.admin.std.server.CramMD5SASLMechanismHandlerCfg;
 import org.opends.server.admin.std.server.SASLMechanismHandlerCfg;
-import org.opends.server.api.ClientConnection;
-import org.opends.server.api.IdentityMapper;
-import org.opends.server.api.SASLMechanismHandler;
+import org.opends.server.api.*;
 import org.opends.server.config.ConfigException;
 import org.opends.server.core.BindOperation;
 import org.opends.server.core.DirectoryServer;
@@ -441,8 +440,19 @@
     List<ByteString> clearPasswords;
     try
     {
-      PasswordPolicyState pwPolicyState =
-           new PasswordPolicyState(userEntry, false);
+      AuthenticationPolicyState authState = AuthenticationPolicyState.forUser(
+          userEntry, false);
+
+      if (!authState.isPasswordPolicy())
+      {
+        bindOperation.setResultCode(ResultCode.INAPPROPRIATE_AUTHENTICATION);
+        Message message = ERR_SASL_ACCOUNT_NOT_LOCAL
+            .get(SASL_MECHANISM_CRAM_MD5, String.valueOf(userEntry.getDN()));
+        bindOperation.setAuthFailureReason(message);
+        return;
+      }
+
+      PasswordPolicyState pwPolicyState = (PasswordPolicyState) authState;
       clearPasswords = pwPolicyState.getClearPasswords();
       if ((clearPasswords == null) || clearPasswords.isEmpty())
       {

--
Gitblit v1.10.0