From 581ef72380fdf73c6b4926d6ccc23d9ecfa6d3ad Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Fri, 02 Nov 2007 15:57:43 +0000
Subject: [PATCH] Update modify processing to fix a problem in which the server would refuse to allow an entry to be modified if it was associated with an invalid or nonexistent password policy. This even prevented administrators from re-associating the entry with a valid password policy. With this change, the server will fall back to the default password policy for modify operations if the user-specific policy cannot be retrieved.
---
opendj-sdk/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java | 5 ++
opendj-sdk/opends/src/server/org/opends/server/core/PasswordPolicyState.java | 64 ++++++++++++++++++++++----------
2 files changed, 48 insertions(+), 21 deletions(-)
diff --git a/opendj-sdk/opends/src/server/org/opends/server/core/PasswordPolicyState.java b/opendj-sdk/opends/src/server/org/opends/server/core/PasswordPolicyState.java
index c28bc4c..5c77c2f 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/core/PasswordPolicyState.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/core/PasswordPolicyState.java
@@ -49,6 +49,7 @@
import org.opends.server.api.PasswordGenerator;
import org.opends.server.api.PasswordStorageScheme;
import org.opends.server.api.PasswordValidator;
+import org.opends.server.loggers.ErrorLogger;
import org.opends.server.loggers.debug.DebugTracer;
import org.opends.server.protocols.asn1.ASN1OctetString;
import org.opends.server.protocols.internal.InternalClientConnection;
@@ -77,7 +78,6 @@
import static org.opends.server.config.ConfigConstants.*;
import static org.opends.server.loggers.debug.DebugLogger.*;
-import org.opends.server.loggers.ErrorLogger;
import static org.opends.messages.CoreMessages.*;
import static org.opends.server.schema.SchemaConstants.*;
import static org.opends.server.util.StaticUtils.*;
@@ -198,7 +198,7 @@
boolean debug)
throws DirectoryException
{
- this(userEntry, updateEntry, TimeThread.getTime(), debug);
+ this(userEntry, updateEntry, TimeThread.getTime(), false, debug);
}
@@ -210,21 +210,25 @@
* the actual current time. For all other purposes, the other constructor
* should be used.
*
- * @param userEntry The entry with the user account.
- * @param updateEntry Indicates whether changes should update the provided
- * user entry directly or whether they should be
- * collected as a set of modifications.
- * @param currentTime The time to use as the current time for all
- * time-related determinations.
- * @param debug Indicates whether to enable debugging for the
- * operations performed.
+ * @param userEntry The entry with the user account.
+ * @param updateEntry Indicates whether changes should update the
+ * provided user entry directly or whether they
+ * should be collected as a set of modifications.
+ * @param currentTime The time to use as the current time for all
+ * time-related determinations.
+ * @param useDefaultOnError Indicates whether the server should fall back to
+ * using the default password policy if there is a
+ * problem with the configured policy for the user.
+ * @param debug Indicates whether to enable debugging for the
+ * operations performed.
*
* @throws DirectoryException If a problem occurs while attempting to
* determine the password policy for the user or
* perform any other state initialization.
*/
public PasswordPolicyState(Entry userEntry, boolean updateEntry,
- long currentTime, boolean debug)
+ long currentTime, boolean useDefaultOnError,
+ boolean debug)
throws DirectoryException
{
this.userEntry = userEntry;
@@ -233,7 +237,8 @@
this.currentTime = currentTime;
userDNString = userEntry.getDN().toString();
- passwordPolicy = getPasswordPolicyInternal(this.userEntry, this.debug);
+ passwordPolicy = getPasswordPolicyInternal(this.userEntry,
+ useDefaultOnError, this.debug);
// Get the password changed time for the user.
AttributeType type
@@ -278,9 +283,12 @@
* password policy is returned, otherwise the default password policy is
* returned.
*
- * @param userEntry The user entry.
- * @param debug Indicates whether to enable debugging for the
- * operations performed.
+ * @param userEntry The user entry.
+ * @param useDefaultOnError Indicates whether the server should fall back to
+ * using the default password policy if there is a
+ * problem with the configured policy for the user.
+ * @param debug Indicates whether to enable debugging for the
+ * operations performed.
*
* @return The password policy for the user.
*
@@ -288,7 +296,7 @@
* determine the password policy for the user.
*/
private static PasswordPolicy getPasswordPolicyInternal(Entry userEntry,
- boolean debug)
+ boolean useDefaultOnError, boolean debug)
throws DirectoryException
{
String userDNString = userEntry.getDN().toString();
@@ -325,8 +333,16 @@
Message message = ERR_PWPSTATE_CANNOT_DECODE_SUBENTRY_VALUE_AS_DN.get(
v.getStringValue(), userDNString, e.getMessage());
- throw new DirectoryException(ResultCode.INVALID_DN_SYNTAX, message,
- e);
+ if (useDefaultOnError)
+ {
+ ErrorLogger.logError(message);
+ return DirectoryServer.getDefaultPasswordPolicy();
+ }
+ else
+ {
+ throw new DirectoryException(ResultCode.INVALID_DN_SYNTAX, message,
+ e);
+ }
}
PasswordPolicy policy = DirectoryServer.getPasswordPolicy(subentryDN);
@@ -341,8 +357,16 @@
Message message = ERR_PWPSTATE_NO_SUCH_POLICY.get(
userDNString, String.valueOf(subentryDN));
- throw new DirectoryException(
- DirectoryServer.getServerErrorResultCode(), message);
+ if (useDefaultOnError)
+ {
+ ErrorLogger.logError(message);
+ return DirectoryServer.getDefaultPasswordPolicy();
+ }
+ else
+ {
+ throw new DirectoryException(
+ DirectoryServer.getServerErrorResultCode(), message);
+ }
}
if (debug)
diff --git a/opendj-sdk/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java b/opendj-sdk/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java
index 58a7303..629c83d 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java
@@ -96,6 +96,7 @@
import org.opends.server.types.operation.PostResponseModifyOperation;
import org.opends.server.types.operation.PreOperationModifyOperation;
import org.opends.server.types.operation.PostSynchronizationModifyOperation;
+import org.opends.server.util.TimeThread;
import static org.opends.messages.CoreMessages.*;
import static org.opends.server.config.ConfigConstants.*;
@@ -416,7 +417,9 @@
selfChange = entryDN.equals(getAuthorizationDN());
// FIXME -- Need a way to enable debug mode.
- pwPolicyState = new PasswordPolicyState(currentEntry, false, false);
+ pwPolicyState = new PasswordPolicyState(currentEntry, false,
+ TimeThread.getTime(), true,
+ false);
}
catch (DirectoryException de)
{
--
Gitblit v1.10.0