446685 - LDAP publisher doesn't store the bind password properly

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@67 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
author: cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2008-07-09 18:28:47 +0000
committer: cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2008-07-09 18:28:47 +0000
commit: deda03adac8f4dbbe13c9fd6b171277516900838 (patch)
tree: 377cc740429d86ce7666461953a151ecf59a7872 /pki/base/common/src/com/netscape/cmscore/ldapconn
parent: ac39e6a79c5050ca0827b12455b9895c71968734 (diff)
download: pki-deda03adac8f4dbbe13c9fd6b171277516900838.tar.gz
pki-deda03adac8f4dbbe13c9fd6b171277516900838.tar.xz
pki-deda03adac8f4dbbe13c9fd6b171277516900838.zip
1 files changed, 89 insertions, 17 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAuthInfo.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAuthInfo.java
index 060389584..667e68a85 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAuthInfo.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAuthInfo.java
@@ -29,6 +29,7 @@ import com.netscape.certsrv.apps.*;
 import com.netscape.certsrv.base.*;
 import com.netscape.certsrv.ldap.*;
 import com.netscape.cmscore.base.*;
+import com.netscape.cmsutil.password.*;
 
 
 /**
@@ -65,6 +66,43 @@ public class LdapAuthInfo implements ILdapAuthInfo {
         init(config, host, port, secure);
     }
 
+    public String getPasswordFromStore (String prompt) {
+        String pwd = null;
+        CMS.debug("LdapAuthInfo: getPasswordFromStore: try to get it from password store");
+
+// hey - should use password store interface to allow different implementations
+// but the problem is, other parts of the system just go directly to the file
+// so calling CMS.getPasswordStore() will give you an outdated one
+/*
+                IConfigStore mainConfig = CMS.getConfigStore();
+                String pwdFile = mainConfig.getString("passwordFile");
+                FileConfigStore pstore = new FileConfigStore(pwdFile);
+*/
+        IPasswordStore pwdStore = CMS.getPasswordStore();
+        CMS.debug("LdapAuthInfo: getPasswordFromStore: about to get from passwored store: "+prompt);
+
+        // support publishing dirsrv with different pwd than internaldb
+
+        // Finally, interactively obtain the password from the user
+        if (pwdStore != null) {
+            CMS.debug("LdapAuthInfo: getPasswordFromStore: password store available");
+            pwd = pwdStore.getPassword(prompt);
+//            pwd = pstore.getString(prompt);
+            if ( pwd == null) {
+              CMS.debug("LdapAuthInfo: getPasswordFromStore: password for "+prompt+
+                " not found, trying internaldb");
+
+//               pwd = pstore.getString("internaldb");
+
+                 pwd = pwdStore.getPassword("internaldb"); // last resort
+            } else
+              CMS.debug("LdapAuthInfo: getPasswordFromStore: password found for prompt in password store");
+        } else
+          CMS.debug("LdapAuthInfo: getPasswordFromStore: password store not available: pwdStore is null");
+
+        return pwd;
+    }
+
     /**
      * initialize this class from the config store.
      */
@@ -82,12 +120,19 @@ public class LdapAuthInfo implements ILdapAuthInfo {
      */
     public void init(IConfigStore config, String host, int port, boolean secure)
         throws EBaseException {
-        if (mInited) 
-            return;			// XXX throw exception here ?
+
+        CMS.debug("LdapAuthInfo: init()");
+        if (mInited)  {
+            CMS.debug("LdapAuthInfo: already initialized");
+            return;            // XXX throw exception here ?
+        }
+        CMS.debug("LdapAuthInfo: init begins");
 
         String authTypeStr = config.getString(PROP_LDAPAUTHTYPE);
 
         if (authTypeStr.equals(LDAP_BASICAUTH_STR)) {
+            // is the password found in memory?
+            boolean inMem = false;
             mType = LDAP_AUTHTYPE_BASICAUTH;
             mParms = new String[2];
             mParms[0] = config.getString(PROP_BINDDN);
@@ -101,27 +146,53 @@ public class LdapAuthInfo implements ILdapAuthInfo {
 
             if (prompt == null) {
                 prompt = "LDAP Authentication";
-            }
+                CMS.debug("LdapAuthInfo: init: prompt is null, change to "+prompt);
+            } else
+                CMS.debug("LdapAuthInfo: init: prompt is "+prompt);
+
             if (mParms[1] == null) {
+                CMS.debug("LdapAuthInfo: init: try getting from memory cache");
                 mParms[1] = (String) passwords.get(prompt);
-            }
+if (mParms[1] != null) {
+    inMem = true;
+CMS.debug("LdapAuthInfo: init: got password from memory");
+} else
+CMS.debug("LdapAuthInfo: init: password not in memory");
+            } else
+CMS.debug("LdapAuthInfo: init: found password from config");
 
-            // Finally, interactively obtain the password from the user
             if (mParms[1] == null) {
-                IConfigStore mainConfig = CMS.getConfigStore();
-                String pwdFile = mainConfig.getString("passwordFile");
-                FileConfigStore pstore = new FileConfigStore(pwdFile);
-                mParms[1] = pstore.getString("internaldb");
-
-                // verify the password
-                if ((!mParms[1].equals("")) && (host == null ||
-                  authInfoOK(host, port, secure, mParms[0], mParms[1]))) {
-                    // The password is OK or uncheckable
-                    passwords.put(prompt, mParms[1]);
-                } else {
-                    pstore.remove("internaldb");
+                mParms[1] = getPasswordFromStore(prompt);
+           } else {
+                CMS.debug("LdapAuthInfo: init: password found for prompt.");
+           }
+
+            // verify the password
+            if ((mParms[1]!= null) && (!mParms[1].equals("")) && (host == null ||
+              authInfoOK(host, port, secure, mParms[0], mParms[1]))) {
+                // The password is OK or uncheckable
+                CMS.debug("LdapAuthInfo: password ok: store in memory cache");
+                passwords.put(prompt, mParms[1]);
+            } else {
+                if (mParms[1] == null)
+                    CMS.debug("LdapAuthInfo: password not found");
+                else {
+                    CMS.debug("LdapAuthInfo: password does not work");
+/* what do you know?  Our IPasswordStore does not have a remove function.
+                pstore.remove("internaldb");
+*/
+                    if (inMem) {
+                        // this is for the case when admin changes pwd
+                        // from console
+                        mParms[1] = getPasswordFromStore(prompt);
+                        if(authInfoOK(host, port, secure, mParms[0], mParms[1])) {
+                          CMS.debug("LdapAuthInfo: password ok: store in memory cache");
+                          passwords.put(prompt, mParms[1]);
+                        }
+                    }
                 }
             }
+
         } else if (authTypeStr.equals(LDAP_SSLCLIENTAUTH_STR)) {
             mType = LDAP_AUTHTYPE_SSLCLIENTAUTH;
             mParms = new String[1];
@@ -131,6 +202,7 @@ public class LdapAuthInfo implements ILdapAuthInfo {
                     "Unknown Ldap authentication type " + authTypeStr);
         }
         mInited = true;
+        CMS.debug("LdapAuthInfo: init ends");
     }
 
     public void reset() {
author	cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2008-07-09 18:28:47 +0000
committer	cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2008-07-09 18:28:47 +0000
commit	deda03adac8f4dbbe13c9fd6b171277516900838 (patch)
tree	377cc740429d86ce7666461953a151ecf59a7872 /pki/base/common/src/com/netscape/cmscore/ldapconn
parent	ac39e6a79c5050ca0827b12455b9895c71968734 (diff)
download	pki-deda03adac8f4dbbe13c9fd6b171277516900838.tar.gz pki-deda03adac8f4dbbe13c9fd6b171277516900838.tar.xz pki-deda03adac8f4dbbe13c9fd6b171277516900838.zip