From 1f9d1fb1c32824d909519549ec18315396896504 Mon Sep 17 00:00:00 2001
From: Jean-Noel Rouvignac <jean-noel.rouvignac@forgerock.com>
Date: Wed, 06 Mar 2013 16:54:27 +0000
Subject: [PATCH] Revert to revision 8555 of this file.
---
opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendBindOperation.java | 325 +++++++++++++++++++++++++++++++++++------------------
1 files changed, 215 insertions(+), 110 deletions(-)
diff --git a/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendBindOperation.java b/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendBindOperation.java
index 2e1125a..9188291 100644
--- a/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendBindOperation.java
+++ b/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendBindOperation.java
@@ -29,12 +29,11 @@
+import java.util.Iterator;
import java.util.List;
import java.util.concurrent.locks.Lock;
import org.opends.messages.Message;
-import org.opends.messages.MessageDescriptor.Arg1;
-import org.opends.messages.MessageDescriptor.Arg2;
import org.opends.server.admin.std.meta.PasswordPolicyCfgDefn;
import org.opends.server.api.*;
import org.opends.server.api.plugin.PluginResult;
@@ -520,7 +519,8 @@
if (userEntry == null)
{
throw new DirectoryException(ResultCode.INVALID_CREDENTIALS,
- ERR_BIND_OPERATION_UNKNOWN_USER.get());
+ ERR_BIND_OPERATION_UNKNOWN_USER.get(
+ String.valueOf(bindDN)));
}
else
{
@@ -544,7 +544,7 @@
if ((pwAttr == null) || (pwAttr.isEmpty()))
{
throw new DirectoryException(ResultCode.INVALID_CREDENTIALS,
- ERR_BIND_OPERATION_NO_PASSWORD.get());
+ ERR_BIND_OPERATION_NO_PASSWORD.get(String.valueOf(bindDN)));
}
// Perform a number of password policy state checks for the user.
@@ -608,7 +608,36 @@
if (policy.getLockoutFailureCount() > 0)
{
- lockBindAccount(userEntry, pwPolicyState);
+ pwPolicyState.updateAuthFailureTimes();
+ if (pwPolicyState.lockedDueToFailures())
+ {
+ AccountStatusNotificationType notificationType;
+ Message m;
+
+ boolean tempLocked;
+ int lockoutDuration = pwPolicyState.getSecondsUntilUnlock();
+ if (lockoutDuration > -1)
+ {
+ notificationType =
+ AccountStatusNotificationType.ACCOUNT_TEMPORARILY_LOCKED;
+ tempLocked = true;
+
+ m = ERR_BIND_ACCOUNT_TEMPORARILY_LOCKED
+ .get(secondsToTimeString(lockoutDuration));
+ }
+ else
+ {
+ notificationType =
+ AccountStatusNotificationType.ACCOUNT_PERMANENTLY_LOCKED;
+ tempLocked = false;
+
+ m = ERR_BIND_ACCOUNT_PERMANENTLY_LOCKED.get();
+ }
+
+ pwPolicyState.generateAccountStatusNotification(notificationType,
+ userEntry, m, AccountStatusNotification.createProperties(
+ pwPolicyState, tempLocked, -1, null, null));
+ }
}
}
}
@@ -662,6 +691,7 @@
}
+
/**
* Performs the processing necessary for an anonymous simple bind.
*
@@ -841,7 +871,35 @@
if (pwPolicyState.getAuthenticationPolicy()
.getLockoutFailureCount() > 0)
{
- lockBindAccount(saslAuthUserEntry, pwPolicyState);
+ pwPolicyState.updateAuthFailureTimes();
+ if (pwPolicyState.lockedDueToFailures())
+ {
+ AccountStatusNotificationType notificationType;
+ boolean tempLocked;
+ Message m;
+
+ int lockoutDuration = pwPolicyState.getSecondsUntilUnlock();
+ if (lockoutDuration > -1)
+ {
+ notificationType = AccountStatusNotificationType.
+ ACCOUNT_TEMPORARILY_LOCKED;
+ tempLocked = true;
+ m = ERR_BIND_ACCOUNT_TEMPORARILY_LOCKED.get(
+ secondsToTimeString(lockoutDuration));
+ }
+ else
+ {
+ notificationType =
+ AccountStatusNotificationType.ACCOUNT_PERMANENTLY_LOCKED;
+ tempLocked = false;
+ m = ERR_BIND_ACCOUNT_PERMANENTLY_LOCKED.get();
+ }
+
+ pwPolicyState.generateAccountStatusNotification(
+ notificationType, saslAuthUserEntry, m,
+ AccountStatusNotification.createProperties(
+ pwPolicyState, tempLocked, -1, null, null));
+ }
}
}
}
@@ -852,41 +910,6 @@
- private void lockBindAccount(Entry userEntry,
- PasswordPolicyState pwPolicyState)
- {
- pwPolicyState.updateAuthFailureTimes();
- if (pwPolicyState.lockedDueToFailures())
- {
- AccountStatusNotificationType notificationType;
- boolean tempLocked;
- Message m;
-
- int lockoutDuration = pwPolicyState.getSecondsUntilUnlock();
- if (lockoutDuration > -1)
- {
- notificationType =
- AccountStatusNotificationType.ACCOUNT_TEMPORARILY_LOCKED;
- tempLocked = true;
- m =
- ERR_BIND_ACCOUNT_TEMPORARILY_LOCKED
- .get(secondsToTimeString(lockoutDuration));
- }
- else
- {
- notificationType =
- AccountStatusNotificationType.ACCOUNT_PERMANENTLY_LOCKED;
- tempLocked = false;
- m = ERR_BIND_ACCOUNT_PERMANENTLY_LOCKED.get();
- }
-
- pwPolicyState.generateAccountStatusNotification(notificationType,
- userEntry, m, AccountStatusNotification.createProperties(
- pwPolicyState, tempLocked, -1, null, null));
- }
- }
-
-
private boolean invokePreOpPlugins()
{
executePostOpPlugins = true;
@@ -968,7 +991,8 @@
else
{
throw new DirectoryException(ResultCode.INVALID_CREDENTIALS,
- ERR_BIND_OPERATION_INSECURE_SIMPLE_BIND.get());
+ ERR_BIND_OPERATION_INSECURE_SIMPLE_BIND.get(
+ String.valueOf(userEntry.getDN())));
}
}
@@ -982,7 +1006,8 @@
}
else if (pwPolicyState.isAccountExpired())
{
- Message m = ERR_BIND_OPERATION_ACCOUNT_EXPIRED.get();
+ Message m = ERR_BIND_OPERATION_ACCOUNT_EXPIRED.get(
+ String.valueOf(userEntry.getDN()));
pwPolicyState.generateAccountStatusNotification(
AccountStatusNotificationType.ACCOUNT_EXPIRED, userEntry, m,
AccountStatusNotification.createProperties(pwPolicyState,
@@ -998,16 +1023,19 @@
}
throw new DirectoryException(ResultCode.INVALID_CREDENTIALS,
- ERR_BIND_OPERATION_ACCOUNT_FAILURE_LOCKED.get());
+ ERR_BIND_OPERATION_ACCOUNT_FAILURE_LOCKED.get(
+ String.valueOf(userEntry.getDN())));
}
else if (pwPolicyState.lockedDueToIdleInterval())
{
+ Message m = ERR_BIND_OPERATION_ACCOUNT_IDLE_LOCKED.get(
+ String.valueOf(userEntry.getDN()));
+
if (pwPolicyErrorType == null)
{
pwPolicyErrorType = PasswordPolicyErrorType.ACCOUNT_LOCKED;
}
- Message m = ERR_BIND_OPERATION_ACCOUNT_IDLE_LOCKED.get();
pwPolicyState.generateAccountStatusNotification(
AccountStatusNotificationType.ACCOUNT_IDLE_LOCKED, userEntry, m,
AccountStatusNotification.createProperties(pwPolicyState, false, -1,
@@ -1024,12 +1052,14 @@
// Check to see if the account is locked due to the maximum reset age.
if (pwPolicyState.lockedDueToMaximumResetAge())
{
+ Message m = ERR_BIND_OPERATION_ACCOUNT_RESET_LOCKED.get(
+ String.valueOf(userEntry.getDN()));
+
if (pwPolicyErrorType == null)
{
pwPolicyErrorType = PasswordPolicyErrorType.ACCOUNT_LOCKED;
}
- Message m = ERR_BIND_OPERATION_ACCOUNT_RESET_LOCKED.get();
pwPolicyState.generateAccountStatusNotification(
AccountStatusNotificationType.ACCOUNT_RESET_LOCKED, userEntry, m,
AccountStatusNotification.createProperties(pwPolicyState, false,
@@ -1068,7 +1098,9 @@
}
else
{
- Message m = ERR_BIND_OPERATION_PASSWORD_EXPIRED.get();
+ Message m = ERR_BIND_OPERATION_PASSWORD_EXPIRED.get(
+ String.valueOf(userEntry.getDN()));
+
pwPolicyState.generateAccountStatusNotification(
AccountStatusNotificationType.PASSWORD_EXPIRED, userEntry, m,
AccountStatusNotification.createProperties(pwPolicyState,
@@ -1080,7 +1112,9 @@
}
else
{
- Message m = ERR_BIND_OPERATION_PASSWORD_EXPIRED.get();
+ Message m = ERR_BIND_OPERATION_PASSWORD_EXPIRED.get(
+ String.valueOf(userEntry.getDN()));
+
pwPolicyState.generateAccountStatusNotification(
AccountStatusNotificationType.PASSWORD_EXPIRED, userEntry, m,
AccountStatusNotification.createProperties(pwPolicyState, false,
@@ -1127,83 +1161,154 @@
protected void setResourceLimits(Entry userEntry)
{
// See if the user's entry contains a custom size limit.
- Integer customSizeLimit =
- getIntegerUserAttribute(userEntry, OP_ATTR_USER_SIZE_LIMIT,
- WARN_BIND_MULTIPLE_USER_SIZE_LIMITS,
- WARN_BIND_CANNOT_PROCESS_USER_SIZE_LIMIT);
- if (customSizeLimit != null)
- {
- sizeLimit = customSizeLimit;
- }
-
- // See if the user's entry contains a custom time limit.
- Integer customTimeLimit =
- getIntegerUserAttribute(userEntry, OP_ATTR_USER_TIME_LIMIT,
- WARN_BIND_MULTIPLE_USER_TIME_LIMITS,
- WARN_BIND_CANNOT_PROCESS_USER_TIME_LIMIT);
- if (customTimeLimit != null)
- {
- timeLimit = customTimeLimit;
- }
-
- // See if the user's entry contains a custom idle time limit.
- // idleTimeLimit = 1000L * Long.parseLong(v.getValue().toString());
- Integer customIdleTimeLimitInSec =
- getIntegerUserAttribute(userEntry, OP_ATTR_USER_IDLE_TIME_LIMIT,
- WARN_BIND_MULTIPLE_USER_IDLE_TIME_LIMITS,
- WARN_BIND_CANNOT_PROCESS_USER_IDLE_TIME_LIMIT);
- if (customIdleTimeLimitInSec != null)
- {
- idleTimeLimit = 1000L * customIdleTimeLimitInSec;
- }
-
- // See if the user's entry contains a custom lookthrough limit.
- Integer customLookthroughLimit =
- getIntegerUserAttribute(userEntry, OP_ATTR_USER_LOOKTHROUGH_LIMIT,
- WARN_BIND_MULTIPLE_USER_LOOKTHROUGH_LIMITS,
- WARN_BIND_CANNOT_PROCESS_USER_LOOKTHROUGH_LIMIT);
- if (customLookthroughLimit != null)
- {
- lookthroughLimit = customLookthroughLimit;
- }
- }
-
- private Integer getIntegerUserAttribute(Entry userEntry,
- String attributeTypeName,
- Arg1<CharSequence> nonUniqueAttributeMessage,
- Arg2<CharSequence, CharSequence> cannotProcessAttributeMessage)
- {
AttributeType attrType =
- DirectoryServer.getAttributeType(attributeTypeName, true);
+ DirectoryServer.getAttributeType(OP_ATTR_USER_SIZE_LIMIT, true);
List<Attribute> attrList = userEntry.getAttribute(attrType);
if ((attrList != null) && (attrList.size() == 1))
{
Attribute a = attrList.get(0);
- if (a.size() == 1)
+ Iterator<AttributeValue> iterator = a.iterator();
+ if (iterator.hasNext())
{
- AttributeValue v = a.iterator().next();
- try
+ AttributeValue v = iterator.next();
+ if (iterator.hasNext())
{
- return Integer.valueOf(v.getValue().toString());
+ logError(WARN_BIND_MULTIPLE_USER_SIZE_LIMITS.get(
+ String.valueOf(userEntry.getDN())));
}
- catch (Exception e)
+ else
{
- if (debugEnabled())
+ try
{
- TRACER.debugCaught(DebugLogLevel.ERROR, e);
+ sizeLimit = Integer.parseInt(v.getValue().toString());
}
+ catch (Exception e)
+ {
+ if (debugEnabled())
+ {
+ TRACER.debugCaught(DebugLogLevel.ERROR, e);
+ }
- logError(cannotProcessAttributeMessage.get(v.getValue().toString(),
- String.valueOf(userEntry.getDN())));
+ logError(WARN_BIND_CANNOT_PROCESS_USER_SIZE_LIMIT.get(
+ v.getValue().toString(),
+ String.valueOf(userEntry.getDN())));
+ }
}
}
- else if (a.size() > 1)
- {
- logError(nonUniqueAttributeMessage.get(String
- .valueOf(userEntry.getDN())));
- }
}
- return null;
+
+
+ // See if the user's entry contains a custom time limit.
+ attrType = DirectoryServer.getAttributeType(OP_ATTR_USER_TIME_LIMIT, true);
+ attrList = userEntry.getAttribute(attrType);
+ if ((attrList != null) && (attrList.size() == 1))
+ {
+ Attribute a = attrList.get(0);
+ Iterator<AttributeValue> iterator = a.iterator();
+ if (iterator.hasNext())
+ {
+ AttributeValue v = iterator.next();
+ if (iterator.hasNext())
+ {
+ logError(WARN_BIND_MULTIPLE_USER_TIME_LIMITS.get(
+ String.valueOf(userEntry.getDN())));
+ }
+ else
+ {
+ try
+ {
+ timeLimit = Integer.parseInt(v.getValue().toString());
+ }
+ catch (Exception e)
+ {
+ if (debugEnabled())
+ {
+ TRACER.debugCaught(DebugLogLevel.ERROR, e);
+ }
+
+ logError(WARN_BIND_CANNOT_PROCESS_USER_TIME_LIMIT.get(
+ v.getValue().toString(),
+ String.valueOf(userEntry.getDN())));
+ }
+ }
+ }
+ }
+
+
+ // See if the user's entry contains a custom idle time limit.
+ attrType = DirectoryServer.getAttributeType(OP_ATTR_USER_IDLE_TIME_LIMIT,
+ true);
+ attrList = userEntry.getAttribute(attrType);
+ if ((attrList != null) && (attrList.size() == 1))
+ {
+ Attribute a = attrList.get(0);
+ Iterator<AttributeValue> iterator = a.iterator();
+ if (iterator.hasNext())
+ {
+ AttributeValue v = iterator.next();
+ if (iterator.hasNext())
+ {
+ logError(WARN_BIND_MULTIPLE_USER_IDLE_TIME_LIMITS.get(
+ String.valueOf(userEntry.getDN())));
+ }
+ else
+ {
+ try
+ {
+ idleTimeLimit = 1000L * Long.parseLong(v.getValue().toString());
+ }
+ catch (Exception e)
+ {
+ if (debugEnabled())
+ {
+ TRACER.debugCaught(DebugLogLevel.ERROR, e);
+ }
+
+ logError(WARN_BIND_CANNOT_PROCESS_USER_IDLE_TIME_LIMIT.get(
+ v.getValue().toString(),
+ String.valueOf(userEntry.getDN())));
+ }
+ }
+ }
+ }
+
+
+ // See if the user's entry contains a custom lookthrough limit.
+ attrType = DirectoryServer.getAttributeType(OP_ATTR_USER_LOOKTHROUGH_LIMIT,
+ true);
+ attrList = userEntry.getAttribute(attrType);
+ if ((attrList != null) && (attrList.size() == 1))
+ {
+ Attribute a = attrList.get(0);
+ Iterator<AttributeValue> iterator = a.iterator();
+ if (iterator.hasNext())
+ {
+ AttributeValue v = iterator.next();
+ if (iterator.hasNext())
+ {
+ logError(WARN_BIND_MULTIPLE_USER_LOOKTHROUGH_LIMITS.get(
+ String.valueOf(userEntry.getDN())));
+ }
+ else
+ {
+ try
+ {
+ lookthroughLimit = Integer.parseInt(v.getValue().toString());
+ }
+ catch (Exception e)
+ {
+ if (debugEnabled())
+ {
+ TRACER.debugCaught(DebugLogLevel.ERROR, e);
+ }
+
+ logError(WARN_BIND_CANNOT_PROCESS_USER_LOOKTHROUGH_LIMIT.get(
+ v.getValue().toString(),
+ String.valueOf(userEntry.getDN())));
+ }
+ }
+ }
+ }
}
}
--
Gitblit v1.10.0