From 410c65c22c94384d9afd0741b618c96a97b81ed6 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Tue, 26 Jun 2007 18:57:13 +0000
Subject: [PATCH] Update the way that the password policy import plugin encodes passwords during an LDIF import. The basic practice is as follows:
---
opends/src/server/org/opends/server/plugins/PasswordPolicyImportPlugin.java | 635 ++++++++++++++++++++++++++++++++++++++++++++++++--------
1 files changed, 538 insertions(+), 97 deletions(-)
diff --git a/opends/src/server/org/opends/server/plugins/PasswordPolicyImportPlugin.java b/opends/src/server/org/opends/server/plugins/PasswordPolicyImportPlugin.java
index e35cd8b..38a47cb 100644
--- a/opends/src/server/org/opends/server/plugins/PasswordPolicyImportPlugin.java
+++ b/opends/src/server/org/opends/server/plugins/PasswordPolicyImportPlugin.java
@@ -30,6 +30,7 @@
import java.util.ArrayList;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
@@ -38,7 +39,9 @@
import org.opends.server.admin.server.ConfigurationChangeListener;
import org.opends.server.admin.std.meta.PluginCfgDefn;
-import org.opends.server.admin.std.server.PluginCfg;
+import org.opends.server.admin.std.server.PasswordPolicyImportPluginCfg;
+import org.opends.server.api.Backend;
+import org.opends.server.api.ImportTaskListener;
import org.opends.server.api.PasswordStorageScheme;
import org.opends.server.api.plugin.DirectoryServerPlugin;
import org.opends.server.api.plugin.LDIFPluginResult;
@@ -46,6 +49,7 @@
import org.opends.server.config.ConfigException;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.PasswordPolicy;
+import org.opends.server.loggers.debug.DebugTracer;
import org.opends.server.schema.AuthPasswordSyntax;
import org.opends.server.schema.UserPasswordSyntax;
import org.opends.server.types.Attribute;
@@ -53,18 +57,22 @@
import org.opends.server.types.AttributeValue;
import org.opends.server.types.ByteString;
import org.opends.server.types.ConfigChangeResult;
+import org.opends.server.types.DebugLogLevel;
+import org.opends.server.types.DirectoryException;
+import org.opends.server.types.DN;
import org.opends.server.types.Entry;
import org.opends.server.types.ErrorLogCategory;
import org.opends.server.types.ErrorLogSeverity;
import org.opends.server.types.LDIFImportConfig;
import org.opends.server.types.ResultCode;
-import org.opends.server.types.DebugLogLevel;
+import static org.opends.server.config.ConfigConstants.*;
+import static org.opends.server.extensions.ExtensionsConstants.*;
import static org.opends.server.loggers.ErrorLogger.*;
import static org.opends.server.loggers.debug.DebugLogger.*;
-import org.opends.server.loggers.debug.DebugTracer;
import static org.opends.server.messages.MessageHandler.*;
import static org.opends.server.messages.PluginMessages.*;
+import static org.opends.server.schema.SchemaConstants.*;
import static org.opends.server.util.StaticUtils.*;
@@ -75,21 +83,37 @@
* that all of the password values are properly encoded before they are stored.
*/
public final class PasswordPolicyImportPlugin
- extends DirectoryServerPlugin<PluginCfg>
- implements ConfigurationChangeListener<PluginCfg>
+ extends DirectoryServerPlugin<PasswordPolicyImportPluginCfg>
+ implements ConfigurationChangeListener<PasswordPolicyImportPluginCfg>,
+ ImportTaskListener
{
/**
* The tracer object for the debug logger.
*/
private static final DebugTracer TRACER = getTracer();
- // The sets of password storage schemes for the auth password attributes.
- private final HashMap<AttributeType,PasswordStorageScheme[]>
- authPasswordSchemes;
- // The sets of password storage schemes for the user password attributes.
- private final HashMap<AttributeType,PasswordStorageScheme[]>
- userPasswordSchemes;
+
+ // The attribute type used to specify the password policy for an entry.
+ private AttributeType customPolicyAttribute;
+
+ // The set of attribute types defined in the schema with the auth password
+ // syntax.
+ private AttributeType[] authPasswordTypes;
+
+ // The set of attribute types defined in the schema with the user password
+ // syntax.
+ private AttributeType[] userPasswordTypes;
+
+ // The set of password storage schemes to use for the various password
+ // policies defined in the server.
+ private HashMap<DN,PasswordStorageScheme[]> schemesByPolicy;
+
+ // The default password storage schemes for auth password attributes.
+ private PasswordStorageScheme[] defaultAuthPasswordSchemes;
+
+ // The default password storage schemes for user password attributes.
+ private PasswordStorageScheme[] defaultUserPasswordSchemes;
@@ -97,82 +121,11 @@
* Creates a new instance of this Directory Server plugin. Every plugin must
* implement a default constructor (it is the only one that will be used to
* create plugins defined in the configuration), and every plugin constructor
- * must call <CODE>super()</CODE> as its first element.
+ * must call {@code super()} as its first element.
*/
public PasswordPolicyImportPlugin()
{
super();
-
-
- // Get the password policies from the Directory Server configuration. This
- // is done in the constructor to allow the instance variables to be declared
- // "final".
- authPasswordSchemes = new HashMap<AttributeType,PasswordStorageScheme[]>();
- userPasswordSchemes = new HashMap<AttributeType,PasswordStorageScheme[]>();
- for (PasswordPolicy p : DirectoryServer.getPasswordPolicies())
- {
- AttributeType t = p.getPasswordAttribute();
- if (p.usesAuthPasswordSyntax())
- {
- PasswordStorageScheme[] schemes = authPasswordSchemes.get(t);
- if (schemes == null)
- {
- CopyOnWriteArrayList<PasswordStorageScheme> defaultSchemes =
- p.getDefaultStorageSchemes();
- schemes = new PasswordStorageScheme[defaultSchemes.size()];
- defaultSchemes.toArray(schemes);
- authPasswordSchemes.put(t, schemes);
- }
- else
- {
- LinkedHashSet<PasswordStorageScheme> newSchemes =
- new LinkedHashSet<PasswordStorageScheme>();
- for (PasswordStorageScheme s : schemes)
- {
- newSchemes.add(s);
- }
-
- for (PasswordStorageScheme s : p.getDefaultStorageSchemes())
- {
- newSchemes.add(s);
- }
-
- schemes = new PasswordStorageScheme[newSchemes.size()];
- newSchemes.toArray(schemes);
- authPasswordSchemes.put(t, schemes);
- }
- }
- else
- {
- PasswordStorageScheme[] schemes = userPasswordSchemes.get(t);
- if (schemes == null)
- {
- CopyOnWriteArrayList<PasswordStorageScheme> defaultSchemes =
- p.getDefaultStorageSchemes();
- schemes = new PasswordStorageScheme[defaultSchemes.size()];
- defaultSchemes.toArray(schemes);
- userPasswordSchemes.put(t, schemes);
- }
- else
- {
- LinkedHashSet<PasswordStorageScheme> newSchemes =
- new LinkedHashSet<PasswordStorageScheme>();
- for (PasswordStorageScheme s : schemes)
- {
- newSchemes.add(s);
- }
-
- for (PasswordStorageScheme s : p.getDefaultStorageSchemes())
- {
- newSchemes.add(s);
- }
-
- schemes = new PasswordStorageScheme[newSchemes.size()];
- newSchemes.toArray(schemes);
- userPasswordSchemes.put(t, schemes);
- }
- }
- }
}
@@ -182,10 +135,14 @@
*/
@Override()
public final void initializePlugin(Set<PluginType> pluginTypes,
- PluginCfg configuration)
+ PasswordPolicyImportPluginCfg configuration)
throws ConfigException
{
- configuration.addChangeListener(this);
+ configuration.addPasswordPolicyImportChangeListener(this);
+
+ customPolicyAttribute =
+ DirectoryServer.getAttributeType(OP_ATTR_PWPOLICY_POLICY_DN, true);
+
// Make sure that the plugin has been enabled for the appropriate types.
for (PluginType t : pluginTypes)
@@ -203,6 +160,166 @@
throw new ConfigException(msgID, message);
}
}
+
+
+ // Get the set of default password storage schemes for auth password
+ // attributes.
+ PasswordPolicy defaultPolicy = DirectoryServer.getDefaultPasswordPolicy();
+ Set<String> authSchemesSet =
+ configuration.getDefaultAuthPasswordStorageScheme();
+ if ((authSchemesSet == null) || authSchemesSet.isEmpty())
+ {
+ if (defaultPolicy.usesAuthPasswordSyntax())
+ {
+ CopyOnWriteArrayList<PasswordStorageScheme> schemeList =
+ defaultPolicy.getDefaultStorageSchemes();
+ defaultAuthPasswordSchemes =
+ new PasswordStorageScheme[schemeList.size()];
+ schemeList.toArray(defaultAuthPasswordSchemes);
+ }
+ else
+ {
+ defaultAuthPasswordSchemes = new PasswordStorageScheme[1];
+ defaultAuthPasswordSchemes[0] =
+ DirectoryServer.getAuthPasswordStorageScheme(
+ AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1);
+ if (defaultAuthPasswordSchemes[0] == null)
+ {
+ int msgID = MSGID_PLUGIN_PWIMPORT_NO_DEFAULT_AUTH_SCHEMES;
+ String message = getMessage(msgID,
+ AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1);
+ throw new ConfigException(msgID, message);
+ }
+ }
+ }
+ else
+ {
+ defaultAuthPasswordSchemes =
+ new PasswordStorageScheme[authSchemesSet.size()];
+ int i=0;
+ for (String schemeName : authSchemesSet)
+ {
+ defaultAuthPasswordSchemes[i] =
+ DirectoryServer.getAuthPasswordStorageScheme(schemeName);
+ if (defaultAuthPasswordSchemes[i] == null)
+ {
+ int msgID = MSGID_PLUGIN_PWIMPORT_INVALID_DEFAULT_AUTH_SCHEME;
+ String message = getMessage(msgID, schemeName);
+ throw new ConfigException(msgID, message);
+ }
+ i++;
+ }
+ }
+
+
+ // Get the set of default password storage schemes for user password
+ // attributes.
+ Set<String> userSchemeSet =
+ configuration.getDefaultUserPasswordStorageScheme();
+ if ((userSchemeSet == null) || userSchemeSet.isEmpty())
+ {
+ if (! defaultPolicy.usesAuthPasswordSyntax())
+ {
+ CopyOnWriteArrayList<PasswordStorageScheme> schemeList =
+ defaultPolicy.getDefaultStorageSchemes();
+ defaultUserPasswordSchemes =
+ new PasswordStorageScheme[schemeList.size()];
+ schemeList.toArray(defaultUserPasswordSchemes);
+ }
+ else
+ {
+ defaultUserPasswordSchemes = new PasswordStorageScheme[1];
+ defaultUserPasswordSchemes[0] =
+ DirectoryServer.getPasswordStorageScheme(
+ toLowerCase(STORAGE_SCHEME_NAME_SALTED_SHA_1));
+ if (defaultUserPasswordSchemes[0] == null)
+ {
+ int msgID = MSGID_PLUGIN_PWIMPORT_NO_DEFAULT_USER_SCHEMES;
+ String message = getMessage(msgID, STORAGE_SCHEME_NAME_SALTED_SHA_1);
+ throw new ConfigException(msgID, message);
+ }
+ }
+ }
+ else
+ {
+ defaultUserPasswordSchemes =
+ new PasswordStorageScheme[userSchemeSet.size()];
+ int i=0;
+ for (String schemeName : userSchemeSet)
+ {
+ defaultUserPasswordSchemes[i] =
+ DirectoryServer.getPasswordStorageScheme(toLowerCase(schemeName));
+ if (defaultUserPasswordSchemes[i] == null)
+ {
+ int msgID = MSGID_PLUGIN_PWIMPORT_INVALID_DEFAULT_USER_SCHEME;
+ String message = getMessage(msgID, schemeName);
+ throw new ConfigException(msgID, message);
+ }
+ i++;
+ }
+ }
+
+ processImportBegin(null, null);
+ }
+
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public void processImportBegin(Backend backend, LDIFImportConfig config)
+ {
+ // Find the set of attribute types with the auth password and user password
+ // syntax defined in the schema.
+ HashSet<AttributeType> authPWTypes = new HashSet<AttributeType>();
+ HashSet<AttributeType> userPWTypes = new HashSet<AttributeType>();
+ for (AttributeType t : DirectoryServer.getAttributeTypes().values())
+ {
+ if (t.getSyntaxOID().equals(SYNTAX_AUTH_PASSWORD_OID))
+ {
+ authPWTypes.add(t);
+ }
+ else if (t.getSyntaxOID().equals(SYNTAX_USER_PASSWORD_OID))
+ {
+ userPWTypes.add(t);
+ }
+ }
+
+
+ // Get the set of password policies defined in the server and get the
+ // attribute types associated with them.
+ HashMap<DN,PasswordStorageScheme[]> schemeMap =
+ new HashMap<DN,PasswordStorageScheme[]>();
+ for (PasswordPolicy p : DirectoryServer.getPasswordPolicies())
+ {
+ CopyOnWriteArrayList<PasswordStorageScheme> schemeList =
+ p.getDefaultStorageSchemes();
+ PasswordStorageScheme[] schemeArray =
+ new PasswordStorageScheme[schemeList.size()];
+ schemeList.toArray(schemeArray);
+ schemeMap.put(p.getConfigEntryDN(), schemeArray);
+ }
+
+
+ AttributeType[] authTypesArray = new AttributeType[authPWTypes.size()];
+ AttributeType[] userTypesArray = new AttributeType[userPWTypes.size()];
+ authPWTypes.toArray(authTypesArray);
+ userPWTypes.toArray(userTypesArray);
+
+ schemesByPolicy = schemeMap;
+ authPasswordTypes = authTypesArray;
+ userPasswordTypes = userTypesArray;
+ }
+
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public void processImportEnd(Backend backend, LDIFImportConfig config,
+ boolean successful)
+ {
+ // No implementation is required.
}
@@ -218,18 +335,157 @@
ArrayList<ByteString> encodedValueList = new ArrayList<ByteString>();
+ // See if the entry explicitly states the password policy that it should
+ // use. If so, then only use it to perform the encoding.
+ List<Attribute> attrList = entry.getAttribute(customPolicyAttribute);
+ if (attrList != null)
+ {
+ DN policyDN = null;
+ PasswordPolicy policy = null;
+policyLoop:
+ for (Attribute a : attrList)
+ {
+ for (AttributeValue v : a.getValues())
+ {
+ try
+ {
+ policyDN = DN.decode(v.getValue());
+ policy = DirectoryServer.getPasswordPolicy(policyDN);
+ if (policy == null)
+ {
+ int msgID = MSGID_PLUGIN_PWIMPORT_NO_SUCH_POLICY;
+ String message = getMessage(msgID, String.valueOf(entry.getDN()),
+ String.valueOf(policyDN));
+ logError(ErrorLogCategory.PLUGIN, ErrorLogSeverity.SEVERE_WARNING,
+ message, msgID);
+ }
+ break policyLoop;
+ }
+ catch (DirectoryException de)
+ {
+ int msgID = MSGID_PLUGIN_PWIMPORT_CANNOT_DECODE_POLICY_DN;
+ String message = getMessage(msgID, String.valueOf(entry.getDN()),
+ de.getErrorMessage());
+ logError(ErrorLogCategory.PLUGIN, ErrorLogSeverity.SEVERE_WARNING,
+ message, msgID);
+ break policyLoop;
+ }
+ }
+ }
+
+ if (policy != null)
+ {
+ PasswordStorageScheme[] schemes = schemesByPolicy.get(policyDN);
+ if (schemes != null)
+ {
+ attrList = entry.getAttribute(policy.getPasswordAttribute());
+ if (attrList == null)
+ {
+ return LDIFPluginResult.SUCCESS;
+ }
+
+ for (Attribute a : attrList)
+ {
+ encodedValueList.clear();
+
+ LinkedHashSet<AttributeValue> values = a.getValues();
+ Iterator<AttributeValue> iterator = values.iterator();
+ while (iterator.hasNext())
+ {
+ AttributeValue v = iterator.next();
+ ByteString value = v.getValue();
+
+ if (policy.usesAuthPasswordSyntax())
+ {
+ if (! AuthPasswordSyntax.isEncoded(value))
+ {
+ try
+ {
+ for (PasswordStorageScheme s : schemes)
+ {
+ encodedValueList.add(s.encodeAuthPassword(value));
+ }
+
+ iterator.remove();
+ }
+ catch (Exception e)
+ {
+ if (debugEnabled())
+ {
+ TRACER.debugCaught(DebugLogLevel.ERROR, e);
+ }
+
+ int msgID = MSGID_PLUGIN_PWPIMPORT_ERROR_ENCODING_PASSWORD;
+ String message = getMessage(msgID,
+ policy.getPasswordAttribute().getNameOrOID(),
+ String.valueOf(entry.getDN()),
+ stackTraceToSingleLineString(e));
+ logError(ErrorLogCategory.PLUGIN,
+ ErrorLogSeverity.SEVERE_ERROR, message, msgID);
+
+ encodedValueList.clear();
+ break;
+ }
+ }
+ }
+ else
+ {
+ if (! UserPasswordSyntax.isEncoded(value))
+ {
+ try
+ {
+ for (PasswordStorageScheme s : schemes)
+ {
+ encodedValueList.add(s.encodePasswordWithScheme(value));
+ }
+
+ iterator.remove();
+ }
+ catch (Exception e)
+ {
+ if (debugEnabled())
+ {
+ TRACER.debugCaught(DebugLogLevel.ERROR, e);
+ }
+
+ int msgID = MSGID_PLUGIN_PWPIMPORT_ERROR_ENCODING_PASSWORD;
+ String message = getMessage(msgID,
+ policy.getPasswordAttribute().getNameOrOID(),
+ String.valueOf(entry.getDN()),
+ stackTraceToSingleLineString(e));
+ logError(ErrorLogCategory.PLUGIN,
+ ErrorLogSeverity.SEVERE_ERROR, message, msgID);
+
+ encodedValueList.clear();
+ break;
+ }
+ }
+ }
+ }
+
+ for (ByteString s : encodedValueList)
+ {
+ values.add(new AttributeValue(policy.getPasswordAttribute(), s));
+ }
+ }
+
+ return LDIFPluginResult.SUCCESS;
+ }
+ }
+ }
+
+
// Iterate through the list of auth password attributes. If any of them
// are present and their values are not encoded, then encode them with all
// appropriate schemes.
- for (AttributeType t : authPasswordSchemes.keySet())
+ for (AttributeType t : authPasswordTypes)
{
- List<Attribute> attrList = entry.getAttribute(t);
+ attrList = entry.getAttribute(t);
if ((attrList == null) || attrList.isEmpty())
{
continue;
}
- PasswordStorageScheme[] schemes = authPasswordSchemes.get(t);
for (Attribute a : attrList)
{
encodedValueList.clear();
@@ -244,7 +500,7 @@
{
try
{
- for (PasswordStorageScheme s : schemes)
+ for (PasswordStorageScheme s : defaultAuthPasswordSchemes)
{
encodedValueList.add(s.encodeAuthPassword(value));
}
@@ -282,15 +538,14 @@
// Iterate through the list of user password attributes. If any of them
// are present and their values are not encoded, then encode them with all
// appropriate schemes.
- for (AttributeType t : userPasswordSchemes.keySet())
+ for (AttributeType t : userPasswordTypes)
{
- List<Attribute> attrList = entry.getAttribute(t);
+ attrList = entry.getAttribute(t);
if ((attrList == null) || attrList.isEmpty())
{
continue;
}
- PasswordStorageScheme[] schemes = userPasswordSchemes.get(t);
for (Attribute a : attrList)
{
encodedValueList.clear();
@@ -305,7 +560,7 @@
{
try
{
- for (PasswordStorageScheme s : schemes)
+ for (PasswordStorageScheme s : defaultUserPasswordSchemes)
{
encodedValueList.add(s.encodePasswordWithScheme(value));
}
@@ -348,7 +603,8 @@
/**
* {@inheritDoc}
*/
- public boolean isConfigurationChangeAcceptable(PluginCfg configuration,
+ public boolean isConfigurationChangeAcceptable(
+ PasswordPolicyImportPluginCfg configuration,
List<String> unacceptableReasons)
{
boolean configAcceptable = true;
@@ -371,6 +627,86 @@
}
}
+
+ // Get the set of default password storage schemes for auth password
+ // attributes.
+ Set<String> authSchemesSet =
+ configuration.getDefaultAuthPasswordStorageScheme();
+ if ((authSchemesSet == null) || authSchemesSet.isEmpty())
+ {
+ PasswordStorageScheme[] defaultAuthSchemes = new PasswordStorageScheme[1];
+ defaultAuthSchemes[0] =
+ DirectoryServer.getAuthPasswordStorageScheme(
+ AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1);
+ if (defaultAuthSchemes[0] == null)
+ {
+ int msgID = MSGID_PLUGIN_PWIMPORT_NO_DEFAULT_AUTH_SCHEMES;
+ String message = getMessage(msgID,
+ AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1);
+ unacceptableReasons.add(message);
+ configAcceptable = false;
+ }
+ }
+ else
+ {
+ PasswordStorageScheme[] defaultAuthSchemes =
+ new PasswordStorageScheme[authSchemesSet.size()];
+ int i=0;
+ for (String schemeName : authSchemesSet)
+ {
+ defaultAuthSchemes[i] =
+ DirectoryServer.getAuthPasswordStorageScheme(schemeName);
+ if (defaultAuthSchemes[i] == null)
+ {
+ int msgID = MSGID_PLUGIN_PWIMPORT_INVALID_DEFAULT_AUTH_SCHEME;
+ String message = getMessage(msgID, schemeName);
+ unacceptableReasons.add(message);
+ configAcceptable = false;
+ }
+ i++;
+ }
+ }
+
+
+ // Get the set of default password storage schemes for user password
+ // attributes.
+ Set<String> userSchemeSet =
+ configuration.getDefaultUserPasswordStorageScheme();
+ if ((userSchemeSet == null) || userSchemeSet.isEmpty())
+ {
+ PasswordStorageScheme[] defaultUserSchemes = new PasswordStorageScheme[1];
+ defaultUserSchemes[0] =
+ DirectoryServer.getPasswordStorageScheme(
+ toLowerCase(STORAGE_SCHEME_NAME_SALTED_SHA_1));
+ if (defaultUserSchemes[0] == null)
+ {
+ int msgID = MSGID_PLUGIN_PWIMPORT_NO_DEFAULT_USER_SCHEMES;
+ String message = getMessage(msgID, STORAGE_SCHEME_NAME_SALTED_SHA_1);
+ unacceptableReasons.add(message);
+ configAcceptable = false;
+ }
+ }
+ else
+ {
+ PasswordStorageScheme[] defaultUserSchemes =
+ new PasswordStorageScheme[userSchemeSet.size()];
+ int i=0;
+ for (String schemeName : userSchemeSet)
+ {
+ defaultUserSchemes[i] =
+ DirectoryServer.getPasswordStorageScheme(toLowerCase(schemeName));
+ if (defaultUserSchemes[i] == null)
+ {
+ int msgID = MSGID_PLUGIN_PWIMPORT_INVALID_DEFAULT_USER_SCHEME;
+ String message = getMessage(msgID, schemeName);
+ unacceptableReasons.add(message);
+ configAcceptable = false;
+ }
+ i++;
+ }
+ }
+
+
return configAcceptable;
}
@@ -379,10 +715,115 @@
/**
* {@inheritDoc}
*/
- public ConfigChangeResult applyConfigurationChange(PluginCfg configuration)
+ public ConfigChangeResult applyConfigurationChange(
+ PasswordPolicyImportPluginCfg configuration)
{
- // No implementation is required.
- return new ConfigChangeResult(ResultCode.SUCCESS, false);
+ ResultCode resultCode = ResultCode.SUCCESS;
+ boolean adminActionRequired = false;
+ ArrayList<String> messages = new ArrayList<String>();
+
+
+ // Get the set of default password storage schemes for auth password
+ // attributes.
+ PasswordPolicy defaultPolicy = DirectoryServer.getDefaultPasswordPolicy();
+ PasswordStorageScheme[] defaultAuthSchemes;
+ Set<String> authSchemesSet =
+ configuration.getDefaultAuthPasswordStorageScheme();
+ if ((authSchemesSet == null) || authSchemesSet.isEmpty())
+ {
+ if (defaultPolicy.usesAuthPasswordSyntax())
+ {
+ CopyOnWriteArrayList<PasswordStorageScheme> schemeList =
+ defaultPolicy.getDefaultStorageSchemes();
+ defaultAuthSchemes =
+ new PasswordStorageScheme[schemeList.size()];
+ schemeList.toArray(defaultAuthSchemes);
+ }
+ else
+ {
+ defaultAuthSchemes = new PasswordStorageScheme[1];
+ defaultAuthSchemes[0] =
+ DirectoryServer.getAuthPasswordStorageScheme(
+ AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1);
+ if (defaultAuthSchemes[0] == null)
+ {
+ resultCode = DirectoryServer.getServerErrorResultCode();
+
+ int msgID = MSGID_PLUGIN_PWIMPORT_NO_DEFAULT_AUTH_SCHEMES;
+ messages.add(getMessage(msgID,
+ AUTH_PASSWORD_SCHEME_NAME_SALTED_SHA_1));
+ }
+ }
+ }
+ else
+ {
+ defaultAuthSchemes = new PasswordStorageScheme[authSchemesSet.size()];
+ int i=0;
+ for (String schemeName : authSchemesSet)
+ {
+ defaultAuthSchemes[i] =
+ DirectoryServer.getAuthPasswordStorageScheme(schemeName);
+ if (defaultAuthSchemes[i] == null)
+ {
+ resultCode = DirectoryServer.getServerErrorResultCode();
+
+ int msgID = MSGID_PLUGIN_PWIMPORT_INVALID_DEFAULT_AUTH_SCHEME;
+ messages.add(getMessage(msgID, schemeName));
+ }
+ i++;
+ }
+ }
+
+
+ // Get the set of default password storage schemes for user password
+ // attributes.
+ PasswordStorageScheme[] defaultUserSchemes;
+ Set<String> userSchemeSet =
+ configuration.getDefaultUserPasswordStorageScheme();
+ if ((userSchemeSet == null) || userSchemeSet.isEmpty())
+ {
+ if (! defaultPolicy.usesAuthPasswordSyntax())
+ {
+ CopyOnWriteArrayList<PasswordStorageScheme> schemeList =
+ defaultPolicy.getDefaultStorageSchemes();
+ defaultUserSchemes =
+ new PasswordStorageScheme[schemeList.size()];
+ schemeList.toArray(defaultUserSchemes);
+ }
+ else
+ {
+ defaultUserSchemes = new PasswordStorageScheme[1];
+ defaultUserSchemes[0] = DirectoryServer.getPasswordStorageScheme(
+ toLowerCase(STORAGE_SCHEME_NAME_SALTED_SHA_1));
+ if (defaultUserSchemes[0] == null)
+ {
+ resultCode = DirectoryServer.getServerErrorResultCode();
+
+ int msgID = MSGID_PLUGIN_PWIMPORT_NO_DEFAULT_USER_SCHEMES;
+ messages.add(getMessage(msgID, STORAGE_SCHEME_NAME_SALTED_SHA_1));
+ }
+ }
+ }
+ else
+ {
+ defaultUserSchemes = new PasswordStorageScheme[userSchemeSet.size()];
+ int i=0;
+ for (String schemeName : userSchemeSet)
+ {
+ defaultUserSchemes[i] =
+ DirectoryServer.getPasswordStorageScheme(toLowerCase(schemeName));
+ if (defaultUserSchemes[i] == null)
+ {
+ resultCode = DirectoryServer.getServerErrorResultCode();
+
+ int msgID = MSGID_PLUGIN_PWIMPORT_INVALID_DEFAULT_USER_SCHEME;
+ messages.add(getMessage(msgID, schemeName));
+ }
+ i++;
+ }
+ }
+
+ return new ConfigChangeResult(resultCode, adminActionRequired, messages);
}
}
--
Gitblit v1.10.0