directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From trus...@apache.org
Subject svn commit: r201975 - in /directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server: AbstractTestCase.java jndi/AbstractContextFactory.java jndi/DefaultContextFactoryService.java
Date Mon, 27 Jun 2005 12:06:58 GMT
Author: trustin
Date: Mon Jun 27 05:06:58 2005
New Revision: 201975

URL: http://svn.apache.org/viewcvs?rev=201975&view=rev
Log:
A fix for DIREVE-175:
* Prevented users from initiating the first run as a non-admin account.
* At the first run, password is set to what user specified as SECURITY_CREDENTIALS instead
of 'secret' now.

Modified:
    directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/AbstractTestCase.java
    directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/AbstractContextFactory.java
    directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/DefaultContextFactoryService.java

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/AbstractTestCase.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/AbstractTestCase.java?rev=201975&r1=201974&r2=201975&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/AbstractTestCase.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/AbstractTestCase.java
Mon Jun 27 05:06:58 2005
@@ -273,7 +273,15 @@
         
         envFinal.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.ldap.server.jndi.CoreContextFactory"
);
         envFinal.putAll( overrides );
+        
+        // We have to initiate the first run as an admin at least.
+        Hashtable adminEnv = new Hashtable( envFinal );
+        adminEnv.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
+        adminEnv.put( Context.SECURITY_CREDENTIALS, "secret" );
+        adminEnv.put( Context.SECURITY_AUTHENTICATION, "simple" );
+        new InitialLdapContext( adminEnv, null );
 
+        // OK, now let's get an appropriate context.
         return sysRoot = new InitialLdapContext( envFinal, null );
     }
 

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/AbstractContextFactory.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/AbstractContextFactory.java?rev=201975&r1=201974&r2=201975&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/AbstractContextFactory.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/AbstractContextFactory.java
Mon Jun 27 05:06:58 2005
@@ -75,6 +75,7 @@
     public final synchronized Context getInitialContext( Hashtable env ) throws NamingException
     {
         Configuration cfg = Configuration.toConfiguration( env );
+        env = ( Hashtable ) env.clone();
         String principal = getPrincipal( env );
         byte[] credential = getCredential( env );
         String authentication = getAuthentication( env );
@@ -113,6 +114,9 @@
             value = "";
         }
         providerUrl = value.toString();
+        
+        env.put( Context.PROVIDER_URL, providerUrl );
+        
         return providerUrl;
     }
 
@@ -128,6 +132,9 @@
         {
             authentication = value.toString();
         }
+        
+        env.put( Context.SECURITY_AUTHENTICATION, authentication );
+        
         return authentication;
     }
 
@@ -151,6 +158,12 @@
         {
             throw new ConfigurationException( "Can't convert '" + Context.SECURITY_CREDENTIALS
+ "' to byte[]." );
         }
+        
+        if( credential != null )
+        {
+            env.put( Context.SECURITY_CREDENTIALS, credential );
+        }
+
         return credential;
     }
 
@@ -165,7 +178,9 @@
         else
         {
             principal = value.toString();
+            env.put( Context.SECURITY_PRINCIPAL, principal );
         }
+        
         return principal;
     }
 }

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/DefaultContextFactoryService.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/DefaultContextFactoryService.java?rev=201975&r1=201974&r2=201975&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/DefaultContextFactoryService.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/DefaultContextFactoryService.java
Mon Jun 27 05:06:58 2005
@@ -22,6 +22,7 @@
 import javax.naming.Context;
 import javax.naming.Name;
 import javax.naming.NamingException;
+import javax.naming.NoPermissionException;
 import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
 
@@ -368,6 +369,7 @@
          */
         if ( !partitionNexus.hasEntry( ContextPartitionNexus.getAdminName() ) )
         {
+            checkPermissionToCreateBootstrapEntries();
             firstStart = true;
 
             Attributes attributes = new LockableAttributesImpl();
@@ -376,7 +378,7 @@
             attributes.put( "objectClass", "organizationalPerson" );
             attributes.put( "objectClass", "inetOrgPerson" );
             attributes.put( "uid", ContextPartitionNexus.ADMIN_UID );
-            attributes.put( "userPassword", ContextPartitionNexus.ADMIN_PW );
+            attributes.put( "userPassword", environment.get( Context.SECURITY_CREDENTIALS
) );
             attributes.put( "displayName", "Directory Superuser" );
             attributes.put( "creatorsName", ContextPartitionNexus.ADMIN_PRINCIPAL );
             attributes.put( "createTimestamp", DateUtils.getGeneralizedTime() );
@@ -392,7 +394,8 @@
         if ( !partitionNexus.hasEntry( new LdapName( "ou=users,ou=system" ) ) )
         {
             firstStart = true;
-            
+            checkPermissionToCreateBootstrapEntries();
+
             Attributes attributes = new LockableAttributesImpl();
             attributes.put( "objectClass", "top" );
             attributes.put( "objectClass", "organizationalUnit" );
@@ -410,6 +413,7 @@
         if ( !partitionNexus.hasEntry( new LdapName( "ou=groups,ou=system" ) ) )
         {
             firstStart = true;
+            checkPermissionToCreateBootstrapEntries();
 
             Attributes attributes = new LockableAttributesImpl();
             attributes.put( "objectClass", "top" );
@@ -428,6 +432,7 @@
         if ( !partitionNexus.hasEntry( new LdapName( "prefNodeName=sysPrefRoot,ou=system"
) ) )
         {
             firstStart = true;
+            checkPermissionToCreateBootstrapEntries();
 
             Attributes attributes = new LockableAttributesImpl();
             attributes.put( "objectClass", "top" );
@@ -444,6 +449,17 @@
 
         return firstStart;
     }
+    
+    private void checkPermissionToCreateBootstrapEntries() throws NamingException
+    {
+        if( !ContextPartitionNexus.ADMIN_PRINCIPAL.equals(
+                environment.get( Context.SECURITY_PRINCIPAL ).toString() ) )
+        {
+            throw new NoPermissionException(
+                    "Only '" + ContextPartitionNexus.ADMIN_PRINCIPAL + "' can initiate the
first run." );
+        }
+    }
+
 
 
     private void createTestEntries() throws NamingException



Mime
View raw message