Author: akarasulu Date: Thu Feb 1 21:52:40 2007 New Revision: 502510 URL: http://svn.apache.org/viewvc?view=rev&rev=502510 Log: reject various non-sensical operations on the global schema subentry referrenced in the rootDSEs subschemaSubentry attribute Modified: directory/apacheds/trunk/core-unit/src/test/java/org/apache/directory/server/core/schema/SubschemaSubentryITest.java directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/exception/ExceptionService.java Modified: directory/apacheds/trunk/core-unit/src/test/java/org/apache/directory/server/core/schema/SubschemaSubentryITest.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-unit/src/test/java/org/apache/directory/server/core/schema/SubschemaSubentryITest.java?view=diff&rev=502510&r1=502509&r2=502510 ============================================================================== --- directory/apacheds/trunk/core-unit/src/test/java/org/apache/directory/server/core/schema/SubschemaSubentryITest.java (original) +++ directory/apacheds/trunk/core-unit/src/test/java/org/apache/directory/server/core/schema/SubschemaSubentryITest.java Thu Feb 1 21:52:40 2007 @@ -28,6 +28,7 @@ import javax.naming.directory.SearchResult; import org.apache.directory.server.core.unit.AbstractAdminTestCase; +import org.apache.directory.shared.ldap.exception.LdapNameAlreadyBoundException; import org.apache.directory.shared.ldap.exception.LdapOperationNotSupportedException; import org.apache.directory.shared.ldap.message.ResultCodeEnum; @@ -105,6 +106,67 @@ { rootDSE.destroySubcontext( getSubschemaSubentryDN() ); fail( "You are not allowed to delete the global schema subentry" ); + } + catch( LdapOperationNotSupportedException e ) + { + assertEquals( ResultCodeEnum.UNWILLING_TO_PERFORM, e.getResultCode() ); + } + } + + + /** + * Tests the rejection of an add operation for the SubschemaSubentry (SSSE). + */ + public void testSSSEAddRejection() throws NamingException + { + try + { + rootDSE.createSubcontext( getSubschemaSubentryDN(), getSubschemaSubentryAttributes() ); + fail( "You are not allowed to add the global schema subentry which exists by default" ); + } + catch( LdapNameAlreadyBoundException e ) + { + assertEquals( ResultCodeEnum.ENTRY_ALREADY_EXISTS, e.getResultCode() ); + } + } + + + /** + * Tests the rejection of rename (modifyDn) operation for the SubschemaSubentry (SSSE). + */ + public void testSSSERenameRejection() throws NamingException + { + try + { + rootDSE.rename( getSubschemaSubentryDN(), "cn=schema,ou=system" ); + fail( "You are not allowed to rename the global schema subentry which is fixed" ); + } + catch( LdapOperationNotSupportedException e ) + { + assertEquals( ResultCodeEnum.UNWILLING_TO_PERFORM, e.getResultCode() ); + } + } + + + /** + * Tests the rejection of move operation for the SubschemaSubentry (SSSE). + */ + public void testSSSEMoveRejection() throws NamingException + { + try + { + rootDSE.rename( getSubschemaSubentryDN(), "cn=blah,ou=schema" ); + fail( "You are not allowed to move the global schema subentry which is fixed" ); + } + catch( LdapOperationNotSupportedException e ) + { + assertEquals( ResultCodeEnum.UNWILLING_TO_PERFORM, e.getResultCode() ); + } + + try + { + rootDSE.rename( getSubschemaSubentryDN(), "cn=schema,ou=schema" ); + fail( "You are not allowed to move the global schema subentry which is fixed" ); } catch( LdapOperationNotSupportedException e ) { Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/exception/ExceptionService.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/exception/ExceptionService.java?view=diff&rev=502510&r1=502509&r2=502510 ============================================================================== --- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/exception/ExceptionService.java (original) +++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/exception/ExceptionService.java Thu Feb 1 21:52:40 2007 @@ -49,6 +49,7 @@ import org.apache.directory.shared.ldap.message.ResultCodeEnum; import org.apache.directory.shared.ldap.name.LdapDN; import org.apache.directory.shared.ldap.schema.OidNormalizer; +import org.apache.directory.shared.ldap.util.EmptyEnumeration; /** @@ -100,6 +101,12 @@ public void add( NextInterceptor nextInterceptor, LdapDN normName, Attributes entry ) throws NamingException { + if ( subschemSubentryDn.getNormName().equals( normName.getNormName() ) ) + { + throw new LdapNameAlreadyBoundException( + "The global schema subentry cannot be added since it exists by default." ); + } + // check if the entry already exists if ( nextInterceptor.hasEntry( normName ) ) { @@ -183,6 +190,12 @@ */ public NamingEnumeration list( NextInterceptor nextInterceptor, LdapDN baseName ) throws NamingException { + if ( baseName.getNormName().equals( subschemSubentryDn.getNormName() ) ) + { + // there is nothing under the schema subentry + return new EmptyEnumeration(); + } + // check if entry to search exists String msg = "Attempt to search under non-existant entry: "; assertHasEntry( nextInterceptor, msg, baseName ); @@ -213,6 +226,11 @@ */ public Attributes lookup( NextInterceptor nextInterceptor, LdapDN name, String[] attrIds ) throws NamingException { + if ( name.getNormName().equals( subschemSubentryDn.getNormName() ) ) + { + return nexus.getRootDSE(); + } + // check if entry to lookup exists String msg = "Attempt to lookup non-existant entry: "; assertHasEntry( nextInterceptor, msg, name ); @@ -298,6 +316,14 @@ public void modifyRn( NextInterceptor nextInterceptor, LdapDN dn, String newRn, boolean deleteOldRn ) throws NamingException { + if ( dn.getNormName().equalsIgnoreCase( subschemSubentryDn.getNormName() ) ) + { + throw new LdapOperationNotSupportedException( + "Can not allow the renaming of the subschemaSubentry (" + + subschemSubentryDn + ") for the global schema: it is fixed at " + subschemSubentryDn, + ResultCodeEnum.UNWILLING_TO_PERFORM ); + } + // check if entry to rename exists String msg = "Attempt to rename non-existant entry: "; assertHasEntry( nextInterceptor, msg, dn ); @@ -325,6 +351,14 @@ */ public void move( NextInterceptor nextInterceptor, LdapDN oriChildName, LdapDN newParentName ) throws NamingException { + if ( oriChildName.getNormName().equalsIgnoreCase( subschemSubentryDn.getNormName() ) ) + { + throw new LdapOperationNotSupportedException( + "Can not allow the move of the subschemaSubentry (" + + subschemSubentryDn + ") for the global schema: it is fixed at " + subschemSubentryDn, + ResultCodeEnum.UNWILLING_TO_PERFORM ); + } + // check if child to move exists String msg = "Attempt to move to non-existant parent: "; assertHasEntry( nextInterceptor, msg, oriChildName ); @@ -361,6 +395,14 @@ public void move( NextInterceptor nextInterceptor, LdapDN oriChildName, LdapDN newParentName, String newRn, boolean deleteOldRn ) throws NamingException { + if ( oriChildName.getNormName().equalsIgnoreCase( subschemSubentryDn.getNormName() ) ) + { + throw new LdapOperationNotSupportedException( + "Can not allow the move of the subschemaSubentry (" + + subschemSubentryDn + ") for the global schema: it is fixed at " + subschemSubentryDn, + ResultCodeEnum.UNWILLING_TO_PERFORM ); + } + // check if child to move exists String msg = "Attempt to move to non-existant parent: "; assertHasEntry( nextInterceptor, msg, oriChildName );