directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kayyag...@apache.org
Subject svn commit: r1182906 - in /directory/apacheds/trunk: core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/ core/src/main/java/org/apache/directory/server/core/authn/
Date Thu, 13 Oct 2011 15:27:25 GMT
Author: kayyagari
Date: Thu Oct 13 15:27:24 2011
New Revision: 1182906

URL: http://svn.apache.org/viewvc?rev=1182906&view=rev
Log:
o fixed some issues relatd to password expiry cause of not converting the current time to
zulu time
o added tests for checking the length, age, expiration and grace authentication count of password

Modified:
    directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java

Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java?rev=1182906&r1=1182905&r2=1182906&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java
(original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java
Thu Oct 13 15:27:24 2011
@@ -24,7 +24,7 @@ import static org.apache.directory.serve
 import static org.apache.directory.server.core.integ.IntegrationUtils.getNetworkConnectionAs;
 import static org.apache.directory.shared.ldap.extras.controls.ppolicy.PasswordPolicyErrorEnum.INSUFFICIENT_PASSWORD_QUALITY;
 import static org.apache.directory.shared.ldap.extras.controls.ppolicy.PasswordPolicyErrorEnum.PASSWORD_TOO_SHORT;
-import static org.apache.directory.shared.ldap.extras.controls.ppolicy.PasswordPolicyErrorEnum.PASSWORD_TOO_YOUNG;
+import static org.apache.directory.shared.ldap.extras.controls.ppolicy.PasswordPolicyErrorEnum.*;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
@@ -44,6 +44,7 @@ import org.apache.directory.server.core.
 import org.apache.directory.shared.ldap.codec.api.LdapApiService;
 import org.apache.directory.shared.ldap.codec.api.LdapApiServiceFactory;
 import org.apache.directory.shared.ldap.extras.controls.ppolicy.PasswordPolicy;
+import org.apache.directory.shared.ldap.extras.controls.ppolicy.PasswordPolicyErrorEnum;
 import org.apache.directory.shared.ldap.extras.controls.ppolicy.PasswordPolicyImpl;
 import org.apache.directory.shared.ldap.extras.controls.ppolicy_impl.PasswordPolicyDecorator;
 import org.apache.directory.shared.ldap.model.constants.LdapSecurityConstants;
@@ -58,6 +59,7 @@ import org.apache.directory.shared.ldap.
 import org.apache.directory.shared.ldap.model.message.AddResponse;
 import org.apache.directory.shared.ldap.model.message.BindRequest;
 import org.apache.directory.shared.ldap.model.message.BindRequestImpl;
+import org.apache.directory.shared.ldap.model.message.BindResponse;
 import org.apache.directory.shared.ldap.model.message.Control;
 import org.apache.directory.shared.ldap.model.message.ModifyRequest;
 import org.apache.directory.shared.ldap.model.message.ModifyRequestImpl;
@@ -313,7 +315,123 @@ public class PasswordPolicyTest extends 
         assertTrue( userConnection.isAuthenticated() );
     }
 
+    
+    @Test
+    public void testPwdLength() throws Exception
+    {
+    	policyConfig.setPwdMinLength( 5 );
+    	policyConfig.setPwdMaxLength( 7 );
+    	policyConfig.setPwdCheckQuality( 2 );
+    	
+        LdapConnection connection = getAdminNetworkConnection( getLdapServer() );
+
+        Dn userDn = new Dn( "cn=userLen,ou=system" );
+        Entry userEntry = new DefaultEntry(
+            userDn.toString(), 
+            "ObjectClass: top", 
+            "ObjectClass: person", 
+            "cn: userLen",
+            "sn: userLen_sn", 
+            "userPassword: 1234");
+
+        AddRequest addRequest = new AddRequestImpl();
+        addRequest.setEntry( userEntry );
+        addRequest.addControl( PP_REQ_CTRL );
+
+        AddResponse addResp = connection.add( addRequest );
+        assertEquals( ResultCodeEnum.CONSTRAINT_VIOLATION, addResp.getLdapResult().getResultCode()
);
+
+        PasswordPolicy respCtrl = getPwdRespCtrl( addResp );
+        assertNotNull( respCtrl );
+        assertEquals( PasswordPolicyErrorEnum.PASSWORD_TOO_SHORT, respCtrl.getResponse().getPasswordPolicyError()
);
+        
+        Attribute pwdAt = userEntry.get( SchemaConstants.USER_PASSWORD_AT );
+        pwdAt.clear();
+        pwdAt.add( "12345678" );
+        
+        addResp = connection.add( addRequest );
+        assertEquals( ResultCodeEnum.CONSTRAINT_VIOLATION, addResp.getLdapResult().getResultCode()
);
+        
+        respCtrl = getPwdRespCtrl( addResp );
+        assertNotNull( respCtrl );
+        assertEquals( PasswordPolicyErrorEnum.INSUFFICIENT_PASSWORD_QUALITY, respCtrl.getResponse().getPasswordPolicyError()
);
+        
+        pwdAt = userEntry.get( SchemaConstants.USER_PASSWORD_AT );
+        pwdAt.clear();
+        pwdAt.add( "123456" );
+        
+        addResp = connection.add( addRequest );
+        assertEquals( ResultCodeEnum.SUCCESS, addResp.getLdapResult().getResultCode() );
+    }
 
+
+    @Test
+    public void testPwdMaxAgeAndGraceAuth() throws Exception
+    {
+    	policyConfig.setPwdMaxAge( 5 );
+    	policyConfig.setPwdExpireWarning( 4 );
+        policyConfig.setPwdGraceAuthNLimit( 2 );
+        
+        LdapConnection connection = getAdminNetworkConnection( getLdapServer() );
+
+        Dn userDn = new Dn( "cn=userMaxAge,ou=system" );
+        String password = "12345";
+        Entry userEntry = new DefaultEntry(
+            userDn.toString(), 
+            "ObjectClass: top", 
+            "ObjectClass: person", 
+            "cn: userMaxAge",
+            "sn: userMaxAge_sn", 
+            "userPassword: " + password );
+
+        AddRequest addRequest = new AddRequestImpl();
+        addRequest.setEntry( userEntry );
+        addRequest.addControl( PP_REQ_CTRL );
+
+        connection.add( addRequest );
+
+        BindRequest bindReq = new BindRequestImpl();
+        bindReq.setName( userDn );
+        bindReq.setCredentials( password.getBytes() );
+        bindReq.addControl( PP_REQ_CTRL );
+        
+        LdapConnection userCon= new LdapNetworkConnection( "localhost", ldapServer.getPort()
);
+        userCon.setTimeOut(0);
+
+        Thread.sleep( 1000 ); // sleep for one second so that the password expire warning
will be sent
+        
+        BindResponse bindResp = userCon.bind( bindReq );
+        assertEquals( ResultCodeEnum.SUCCESS, bindResp.getLdapResult().getResultCode() );
+        
+        PasswordPolicy respCtrl = getPwdRespCtrl( bindResp );
+        assertNotNull( respCtrl );
+        assertTrue( respCtrl.getResponse().getTimeBeforeExpiration() > 0 );
+        
+        Thread.sleep( 4000 ); // sleep for four seconds so that the password expires
+        
+        // bind for two more times, should succeed
+        bindResp = userCon.bind( bindReq );
+        assertEquals( ResultCodeEnum.SUCCESS, bindResp.getLdapResult().getResultCode() );
+        respCtrl = getPwdRespCtrl( bindResp );
+        assertNotNull( respCtrl );
+        assertEquals( 1, respCtrl.getResponse().getGraceAuthNsRemaining() );
+        
+        // this extra second sleep is necessary to modify pwdGraceUseTime attribute with
a different timestamp
+        Thread.sleep( 1000 );
+        bindResp = userCon.bind( bindReq );
+        assertEquals( ResultCodeEnum.SUCCESS, bindResp.getLdapResult().getResultCode() );
+        respCtrl = getPwdRespCtrl( bindResp );
+        assertEquals( 0, respCtrl.getResponse().getGraceAuthNsRemaining() );
+        
+        // this time it should fail
+        bindResp = userCon.bind( bindReq );
+        assertEquals( ResultCodeEnum.INVALID_CREDENTIALS, bindResp.getLdapResult().getResultCode()
);
+
+        respCtrl = getPwdRespCtrl( bindResp );
+        assertEquals( PASSWORD_EXPIRED, respCtrl.getResponse().getPasswordPolicyError() );
+    }
+
+    
     private PasswordPolicy getPwdRespCtrl( Response resp ) throws Exception
     {
         Control control = resp.getControls().get( PP_REQ_CTRL.getOid() );

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java?rev=1182906&r1=1182905&r2=1182906&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
Thu Oct 13 15:27:24 2011
@@ -1075,16 +1075,19 @@ public class AuthenticationInterceptor e
                     if ( expired )
                     {
                         Attribute pwdGraceUseAttr = userEntry.get( PWD_GRACE_USE_TIME_AT
);
+                        int numGraceAuth = 0;
                         if ( pwdGraceUseAttr != null )
                         {
-                            pwdRespCtrl.getResponse().setGraceAuthNsRemaining( policyConfig.getPwdGraceAuthNLimit()
-                                - ( pwdGraceUseAttr.size() + 1 ) );
+                        	numGraceAuth = policyConfig.getPwdGraceAuthNLimit() - ( pwdGraceUseAttr.size()
+ 1 );
                         }
                         else
                         {
                             pwdGraceUseAttr = new DefaultAttribute( AT_PWD_GRACE_USE_TIME
);
+                            numGraceAuth = policyConfig.getPwdGraceAuthNLimit() - 1;
                         }
 
+                        pwdRespCtrl.getResponse().setGraceAuthNsRemaining( numGraceAuth );
+                        
                         pwdGraceUseAttr.add( DateUtils.getGeneralizedTime() );
                         Modification pwdGraceUseMod = new DefaultModification( ADD_ATTRIBUTE,
pwdGraceUseAttr );
                         mods.add( pwdGraceUseMod );
@@ -1107,7 +1110,7 @@ public class AuthenticationInterceptor e
                 int expiryWarnTime = getPwdTimeBeforeExpiry( userEntry, policyConfig );
                 if ( expiryWarnTime > 0 )
                 {
-                    pwdRespCtrl.getResponse().setTimeBeforeExpiration( expiryWarnTime );
+                	pwdRespCtrl.getResponse().setTimeBeforeExpiration( expiryWarnTime );
                 }
 
                 if ( isPwdMustReset( userEntry ) )
@@ -1244,8 +1247,9 @@ public class AuthenticationInterceptor e
             return 0;
         }
 
-        Attribute pwdExpireWarningAt = userEntry.get( PWD_EXPIRE_WARNING_AT );
-        if ( pwdExpireWarningAt == null )
+        int warningAge = policyConfig.getPwdExpireWarning();
+        
+        if ( warningAge <= 0 )
         {
             return 0;
         }
@@ -1253,15 +1257,17 @@ public class AuthenticationInterceptor e
         Attribute pwdChangedTimeAt = userEntry.get( PWD_CHANGED_TIME_AT );
         long changedTime = DateUtils.getDate(pwdChangedTimeAt.getString()).getTime();
 
-        int pwdAge = ( int ) ( System.currentTimeMillis() - changedTime ) / 1000;
+        long currentTime = DateUtils.getDate( DateUtils.getGeneralizedTime() ).getTime();
+        
+        int pwdAge = ( int ) ( currentTime - changedTime ) / 1000;
 
         if ( pwdAge > policyConfig.getPwdMaxAge() )
         {
             return 0;
         }
 
-        int warningAge = ( int ) ( DateUtils.getDate( pwdExpireWarningAt.getString() ).getTime()
) / 1000;
-
+        warningAge = policyConfig.getPwdMaxAge() - warningAge;
+        
         if ( pwdAge >= warningAge )
         {
             return policyConfig.getPwdMaxAge() - pwdAge;
@@ -1291,7 +1297,9 @@ public class AuthenticationInterceptor e
         	long changedTime = DateUtils.getDate( pwdChangedTimeAt.getString() ).getTime();
         	changedTime += policyConfig.getPwdMinAge() * 1000;
         	
-        	if ( changedTime > System.currentTimeMillis() )
+        	long currentTime = DateUtils.getDate( DateUtils.getGeneralizedTime() ).getTime();
+        	
+        	if ( changedTime > currentTime )
         	{
         		return true;
         	}

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java?rev=1182906&r1=1182905&r2=1182906&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java
Thu Oct 13 15:27:24 2011
@@ -498,12 +498,12 @@ public class PasswordUtil
         long time = pwdMaxAgeSec * 1000;
         time += pwdChangeDate.getTime();
 
-        Date expiryDate = new Date( time );
-        Date now = new Date();
+        Date expiryDate = DateUtils.getDate( DateUtils.getGeneralizedTime( time ) );
+        Date now = DateUtils.getDate( DateUtils.getGeneralizedTime() );
 
         boolean expired = false;
 
-        if ( expiryDate.equals( now ) || expiryDate.after( now ) )
+        if ( expiryDate.equals( now ) || expiryDate.before( now ) )
         {
             expired = true;
         }
@@ -527,7 +527,7 @@ public class PasswordUtil
 
         interval *= 1000;
 
-        long currentTime = System.currentTimeMillis();
+        long currentTime = DateUtils.getDate( DateUtils.getGeneralizedTime() ).getTime();
         List<Value<?>> valList = new ArrayList<Value<?>>();
 
         for ( Value<?> value : pwdFailTimeAt )



Mime
View raw message