Skip to content

Commit 0258745

Browse files
jvzjvz
committed
Revert "Merge pull request jenkinsci#89 from Wadeck/JENKINS-55813_IMPROVE_ATTRIBUTES_ANALYSIS"
This reverts commit 6286ccd, reversing changes made to 3202f1e.
1 parent 9c3e445 commit 0258745

3 files changed

Lines changed: 11 additions & 260 deletions

File tree

src/main/java/hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.java

Lines changed: 10 additions & 60 deletions
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,6 @@
5454

5555
import java.io.IOException;
5656
import java.util.ArrayList;
57-
import java.util.Date;
5857
import java.util.List;
5958
import java.util.concurrent.Callable;
6059
import java.util.logging.Level;
@@ -66,13 +65,6 @@
6665
* @author Kohsuke Kawaguchi
6766
*/
6867
public class ActiveDirectoryAuthenticationProvider extends AbstractActiveDirectoryAuthenticationProvider {
69-
70-
/**
71-
* See https://docs.microsoft.com/en-us/windows/desktop/adsi/example-code-for-reading-a-constructed-attribute
72-
* And https://issues.jenkins-ci.org/browse/JENKINS-10086
73-
*/
74-
private static final int E_ADS_PROPERTY_NOT_FOUND = 0x8000_500D;
75-
7668
private final String defaultNamingContext;
7769
/**
7870
* ADO connection for searching Active Directory.
@@ -198,9 +190,7 @@ public UserDetails call() {
198190
return new ActiveDirectoryUserDetail(
199191
username, password,
200192
!isAccountDisabled(usr),
201-
!isAccountExpired(usr),
202-
!isPasswordExpired(usr),
203-
!isAccountLocked(usr),
193+
true, true, true,
204194
groups.toArray(new GrantedAuthority[0]),
205195
getFullName(usr), getEmailAddress(usr), getTelephoneNumber(usr)
206196
).updateUserInfo();
@@ -234,9 +224,8 @@ private String getTelephoneNumber(IADsUser usr) {
234224
Object t = usr.telephoneNumber();
235225
return t==null ? null : t.toString();
236226
} catch (ComException e) {
237-
if (e.getHRESULT() == E_ADS_PROPERTY_NOT_FOUND) {
227+
if (e.getHRESULT()==0x8000500D) // see http://support.microsoft.com/kb/243440
238228
return null;
239-
}
240229
throw e;
241230
}
242231
}
@@ -245,9 +234,8 @@ private String getEmailAddress(IADsUser usr) {
245234
try {
246235
return usr.emailAddress();
247236
} catch (ComException e) {
248-
if (e.getHRESULT() == E_ADS_PROPERTY_NOT_FOUND){
237+
if (e.getHRESULT()==0x8000500D) // see http://support.microsoft.com/kb/243440
249238
return null;
250-
}
251239
throw e;
252240
}
253241
}
@@ -256,9 +244,8 @@ private String getFullName(IADsUser usr) {
256244
try {
257245
return usr.fullName();
258246
} catch (ComException e) {
259-
if (e.getHRESULT() == E_ADS_PROPERTY_NOT_FOUND) {
247+
if (e.getHRESULT()==0x8000500D) // see http://support.microsoft.com/kb/243440
260248
return null;
261-
}
262249
throw e;
263250
}
264251
}
@@ -267,50 +254,13 @@ private boolean isAccountDisabled(IADsUser usr) {
267254
try {
268255
return usr.accountDisabled();
269256
} catch (ComException e) {
270-
if (e.getHRESULT() == E_ADS_PROPERTY_NOT_FOUND) {
271-
return false;
272-
}
273-
throw e;
274-
}
275-
}
276-
277-
private boolean isAccountExpired(IADsUser usr) {
278-
try {
279-
Date expirationDate = usr.accountExpirationDate();
280-
if (expirationDate != null) {
281-
return new Date().after(expirationDate);
282-
}
283-
return false;
284-
} catch (ComException e) {
285-
if (e.getHRESULT() == E_ADS_PROPERTY_NOT_FOUND) {
286-
return false;
287-
}
288-
throw e;
289-
}
290-
}
291-
292-
private boolean isPasswordExpired(IADsUser usr) {
293-
try {
294-
Date expirationDate = usr.passwordExpirationDate();
295-
if (expirationDate != null) {
296-
return new Date().after(expirationDate);
297-
}
298-
return false;
299-
} catch (ComException e) {
300-
if (e.getHRESULT() == E_ADS_PROPERTY_NOT_FOUND) {
301-
return false;
302-
}
303-
throw e;
304-
}
305-
}
306-
307-
private boolean isAccountLocked(IADsUser usr) {
308-
try {
309-
return usr.isAccountLocked();
310-
} catch (ComException e) {
311-
if (e.getHRESULT() == E_ADS_PROPERTY_NOT_FOUND) {
257+
if (e.getHRESULT()==0x8000500D)
258+
/*
259+
See http://support.microsoft.com/kb/243440 and JENKINS-10086
260+
We suspect this to be caused by old directory items that do not have this value,
261+
so assume this account is enabled.
262+
*/
312263
return false;
313-
}
314264
throw e;
315265
}
316266
}

src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java

Lines changed: 1 addition & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -60,9 +60,7 @@
6060
import javax.naming.directory.SearchResult;
6161
import javax.naming.ldap.LdapName;
6262
import java.util.ArrayList;
63-
import java.util.Calendar;
6463
import java.util.Date;
65-
import java.util.GregorianCalendar;
6664
import java.util.HashSet;
6765
import java.util.Hashtable;
6866
import java.util.List;
@@ -422,14 +420,7 @@ public UserDetails call() throws AuthenticationException, NamingException {
422420
Set<GrantedAuthority> groups = resolveGroups(domainDN, dnFormatted, context);
423421
groups.add(SecurityRealm.AUTHENTICATED_AUTHORITY);
424422

425-
boolean isEnabled = UserAttributesHelper.checkIfUserIsEnabled(user);
426-
boolean isAccountNonExpired = UserAttributesHelper.checkIfAccountNonExpired(user);
427-
boolean areCredentialsNotExpired = UserAttributesHelper.checkIfCredentialsAreNonExpired(user);
428-
boolean isAccountNonLocked = UserAttributesHelper.checkIfAccountNonLocked(user);
429-
430-
cacheMiss[0] = new ActiveDirectoryUserDetail(username, password,
431-
isEnabled, isAccountNonExpired, areCredentialsNotExpired, isAccountNonLocked,
432-
groups.toArray(new GrantedAuthority[0]),
423+
cacheMiss[0] = new ActiveDirectoryUserDetail(username, password, true, true, true, true, groups.toArray(new GrantedAuthority[0]),
433424
getStringAttribute(user, "displayName"),
434425
getStringAttribute(user, "mail"),
435426
getStringAttribute(user, "telephoneNumber")

src/main/java/hudson/plugins/active_directory/UserAttributesHelper.java

Lines changed: 0 additions & 190 deletions
This file was deleted.

0 commit comments

Comments
 (0)