directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pamarce...@apache.org
Subject svn commit: r1459818 - /directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
Date Fri, 22 Mar 2013 14:52:27 GMT
Author: pamarcelot
Date: Fri Mar 22 14:52:27 2013
New Revision: 1459818

URL: http://svn.apache.org/r1459818
Log:
Fix for DIRSERVER-1812 (The default admin account should never get locked forever)

Modified:
    directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java

Modified: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java?rev=1459818&r1=1459817&r2=1459818&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
(original)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
Fri Mar 22 14:52:27 2013
@@ -71,6 +71,7 @@ import org.apache.directory.api.ldap.mod
 import org.apache.directory.api.util.DateUtils;
 import org.apache.directory.api.util.StringConstants;
 import org.apache.directory.api.util.Strings;
+import org.apache.directory.server.constants.ServerDNConstants;
 import org.apache.directory.server.core.api.CoreSession;
 import org.apache.directory.server.core.api.DirectoryService;
 import org.apache.directory.server.core.api.InterceptorEnum;
@@ -535,22 +536,28 @@ public class AuthenticationInterceptor e
 
                 if ( policyConfig.isPwdLockout() && ( numFailures >= policyConfig.getPwdMaxFailure()
) )
                 {
-                    Attribute pwdAccountLockedTimeAt = new DefaultAttribute( AT_PWD_ACCOUNT_LOCKED_TIME
);
-
-                    // if zero, lockout permanently, only admin can unlock it
-                    if ( policyConfig.getPwdLockoutDuration() == 0 )
-                    {
-                        pwdAccountLockedTimeAt.add( "000001010000Z" );
-                    }
-                    else
+                    // Checking that we're not locking the admin user of the system partition
+                    // See DIRSERVER-1812 (The default admin account should never get locked
forever)
+                    if ( !userEntry.getDn().equals( new Dn( schemaManager, ServerDNConstants.ADMIN_SYSTEM_DN
) ) )
                     {
-                        pwdAccountLockedTimeAt.add( failureTime );
-                    }
+                        Attribute pwdAccountLockedTimeAt = new DefaultAttribute( AT_PWD_ACCOUNT_LOCKED_TIME
);
+
+                        // if zero, lockout permanently, only admin can unlock it
+                        if ( policyConfig.getPwdLockoutDuration() == 0 )
+                        {
+                            pwdAccountLockedTimeAt.add( "000001010000Z" );
+                        }
+                        else
+                        {
+                            pwdAccountLockedTimeAt.add( failureTime );
+                        }
 
-                    Modification pwdAccountLockedMod = new DefaultModification( ADD_ATTRIBUTE,
pwdAccountLockedTimeAt );
-                    mods.add( pwdAccountLockedMod );
+                        Modification pwdAccountLockedMod = new DefaultModification( ADD_ATTRIBUTE,
+                            pwdAccountLockedTimeAt );
+                        mods.add( pwdAccountLockedMod );
 
-                    pwdRespCtrl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.ACCOUNT_LOCKED
);
+                        pwdRespCtrl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.ACCOUNT_LOCKED
);
+                    }
                 }
                 else if ( policyConfig.getPwdMinDelay() > 0 )
                 {



Mime
View raw message