directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lucasthei...@apache.org
Subject svn commit: r1561909 - in /directory: apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/ppolicy/ shared/trunk/ldap/extras/codec/src/main/java/or...
Date Tue, 28 Jan 2014 00:17:26 GMT
Author: lucastheisen
Date: Tue Jan 28 00:17:25 2014
New Revision: 1561909

URL: http://svn.apache.org/r1561909
Log:
DIRSERVER-1950: Unsafe cast to int in getPwdTimeBeforeExpiry calculation of AuthenticationInterceptor

Modified:
    directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
    directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/ppolicy/PasswordPolicyIT.java
    directory/shared/trunk/ldap/extras/codec/src/main/java/org/apache/directory/api/ldap/extras/controls/ppolicy_impl/PasswordPolicyDecorator.java

Modified: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java?rev=1561909&r1=1561908&r2=1561909&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
(original)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
Tue Jan 28 00:17:25 2014
@@ -1360,7 +1360,7 @@ public class AuthenticationInterceptor e
         long changedTime = DateUtils.getDate( pwdChangedTimeAt.getString() ).getTime();
 
         long currentTime = DateUtils.getDate( DateUtils.getGeneralizedTime() ).getTime();
-        int pwdAge = ( int ) ( currentTime - changedTime ) / 1000;
+        long pwdAge = ( currentTime - changedTime ) / 1000;
 
         if ( pwdAge > policyConfig.getPwdMaxAge() )
         {
@@ -1371,7 +1371,8 @@ public class AuthenticationInterceptor e
 
         if ( pwdAge >= warningAge )
         {
-            return policyConfig.getPwdMaxAge() - pwdAge;
+            long timeBeforeExpiration = ((long)policyConfig.getPwdMaxAge()) - pwdAge;
+            return timeBeforeExpiration > Integer.MAX_VALUE ? Integer.MAX_VALUE : (int)timeBeforeExpiration;
         }
 
         return 0;

Modified: directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/ppolicy/PasswordPolicyIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/ppolicy/PasswordPolicyIT.java?rev=1561909&r1=1561908&r2=1561909&view=diff
==============================================================================
--- directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/ppolicy/PasswordPolicyIT.java
(original)
+++ directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/ppolicy/PasswordPolicyIT.java
Tue Jan 28 00:17:25 2014
@@ -39,6 +39,7 @@ import static org.junit.Assert.fail;
 
 
 import java.nio.charset.Charset;
+import java.util.Date;
 
 
 import org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicy;
@@ -71,6 +72,7 @@ import org.apache.directory.api.ldap.mod
 import org.apache.directory.api.ldap.model.message.ResultCodeEnum;
 import org.apache.directory.api.ldap.model.name.Dn;
 import org.apache.directory.api.ldap.model.password.PasswordUtil;
+import org.apache.directory.api.util.DateUtils;
 import org.apache.directory.ldap.client.api.LdapConnection;
 import org.apache.directory.ldap.client.api.LdapNetworkConnection;
 import org.apache.directory.server.annotations.CreateLdapServer;
@@ -1294,7 +1296,72 @@ public class PasswordPolicyIT extends Ab
         adminConnection.close();
     }
     
+
+    @Test
+    public void testPwdExpireWarningToo() throws Exception
+    {
+        policyConfig.setPwdGraceAuthNLimit( 0 );
+        policyConfig.setPwdMaxAge( 3600 ); // 1 hour
+        policyConfig.setPwdExpireWarning( 600 ); // 10 minutes
+    
+        LdapConnection adminConnection = null;
+        LdapConnection userConnection = null;
+        LdapConnection userConnection2 = null;
+        try {
+            String userCn = "userExpireWarningToo";
+            Dn userDn = new Dn( "cn=" + userCn + ",ou=system" );
+            String password = "12345";
+            adminConnection = getAdminNetworkConnection( getLdapServer() );
+            userConnection = new LdapNetworkConnection( "localhost", ldapServer.getPort()
);
+            userConnection.setTimeOut( 0L );
+            userConnection2 = new LdapNetworkConnection( "localhost", ldapServer.getPort()
);
+            userConnection2.setTimeOut( 0L );
+
+            addUser( adminConnection, userCn, password );
+
+            BindRequest bindReq = new BindRequestImpl();
+            bindReq.setDn( userDn );
+            bindReq.setCredentials( "12345" );
+            bindReq.addControl( PP_REQ_CTRL );
+            BindResponse bindResponse = userConnection2.bind( bindReq );
+            PasswordPolicy respCtrl = getPwdRespCtrl( bindResponse );
+            assertNotNull( respCtrl );
+            assertNull( respCtrl.getResponse() );
+
+            // now modify change time
+            ModifyRequest modifyRequest = new ModifyRequestImpl();
+            modifyRequest.setName( userDn );
+            modifyRequest.replace( "pwdChangedTime", DateUtils.getGeneralizedTime( new Date().getTime()
- 3100000 ) );
+            adminConnection.modify( modifyRequest );
+
+            BindRequest bindReq2 = new BindRequestImpl();
+            bindReq2.setDn( userDn );
+            bindReq2.setCredentials( "12345" );
+            bindReq2.addControl( new PasswordPolicyImpl() );
+            bindResponse = userConnection.bind( bindReq2 );
+            respCtrl = getPwdRespCtrl( bindResponse );
+            assertNotNull( respCtrl );
+            assertNotNull( respCtrl.getResponse() );
+            assertTrue( respCtrl.getResponse().getTimeBeforeExpiration() > 0 );
+        }
+        finally {
+            safeCloseConnections( userConnection, userConnection2, adminConnection );
+        }
+    }   
+    
     
+    private void safeCloseConnections( LdapConnection... connections ) {
+        for ( LdapConnection connection : connections ) {
+            try {
+                connection.close();
+            }
+            catch ( Exception e ) {
+                // might want to log here...
+            }
+        }
+    }
+
+
     /**
     * According to the <a href=
     * "http://tools.ietf.org/html/draft-behera-ldap-password-policy-10#section-7.8"

Modified: directory/shared/trunk/ldap/extras/codec/src/main/java/org/apache/directory/api/ldap/extras/controls/ppolicy_impl/PasswordPolicyDecorator.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/extras/codec/src/main/java/org/apache/directory/api/ldap/extras/controls/ppolicy_impl/PasswordPolicyDecorator.java?rev=1561909&r1=1561908&r2=1561909&view=diff
==============================================================================
--- directory/shared/trunk/ldap/extras/codec/src/main/java/org/apache/directory/api/ldap/extras/controls/ppolicy_impl/PasswordPolicyDecorator.java
(original)
+++ directory/shared/trunk/ldap/extras/codec/src/main/java/org/apache/directory/api/ldap/extras/controls/ppolicy_impl/PasswordPolicyDecorator.java
Tue Jan 28 00:17:25 2014
@@ -109,12 +109,12 @@ public class PasswordPolicyDecorator ext
 
         if ( getResponse().getTimeBeforeExpiration() >= 0 )
         {
-            timeBeforeExpirationTagLength = TLV.getNbBytes( getResponse().getTimeBeforeExpiration()
);
+            timeBeforeExpirationTagLength = BerValue.getNbBytes( getResponse().getTimeBeforeExpiration()
);
             warningLength = 1 + TLV.getNbBytes( timeBeforeExpirationTagLength ) + timeBeforeExpirationTagLength;
         }
         else if ( getResponse().getGraceAuthNRemaining() >= 0 )
         {
-            graceAuthNsRemainingTagLength = TLV.getNbBytes( getResponse().getGraceAuthNRemaining()
);
+            graceAuthNsRemainingTagLength = BerValue.getNbBytes( getResponse().getGraceAuthNRemaining()
);
             warningLength = 1 + TLV.getNbBytes( graceAuthNsRemainingTagLength ) + graceAuthNsRemainingTagLength;
         }
 



Mime
View raw message