directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kayyag...@apache.org
Subject svn commit: r949186 - in /directory/apacheds/trunk: core/src/main/java/org/apache/directory/server/core/operational/ ldap-client-test/src/test/java/org/apache/directory/shared/client/api/operations/
Date Fri, 28 May 2010 14:34:01 GMT
Author: kayyagari
Date: Fri May 28 14:34:00 2010
New Revision: 949186

URL: http://svn.apache.org/viewvc?rev=949186&view=rev
Log:
fix for DIRSERVER-1416 (we now allow modification of modifyTimestamp and modifiersName operational
AT by admin user, this is needed by the replication system)

Modified:
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/operational/OperationalAttributeInterceptor.java
    directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/operations/ClientAddRequestTest.java
    directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/operations/ClientModifyRequestTest.java

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/operational/OperationalAttributeInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/operational/OperationalAttributeInterceptor.java?rev=949186&r1=949185&r2=949186&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/operational/OperationalAttributeInterceptor.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/operational/OperationalAttributeInterceptor.java
Fri May 28 14:34:00 2010
@@ -168,38 +168,8 @@ public class OperationalAttributeInterce
         
         Entry entry = opContext.getEntry();
 
-        /*
-         * @TODO : This code was probably created while working on Mitosis. Most probably
dead code. Commented. 
-         * Check JIRA DIRSERVER-1416
-        if ( opContext.getEntry().containsAttribute( CREATE_TIMESTAMP_ATTRIBUTE_TYPE ) )
-        {
-            // As we already have a CreateTimeStamp value in the context, use it, but only
if
-            // the principal is admin
-            if ( opContext.getSession().getAuthenticatedPrincipal().getName().equals( 
-                ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED ))
-            {
-                entry.put( SchemaConstants.CREATE_TIMESTAMP_AT, DateUtils.getGeneralizedTime()
);
-            }
-            else
-            {
-                String message = "The CreateTimeStamp attribute cannot be created by a user";
-                LOG.error( message );
-                throw new LdapSchemaViolationException( message, ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS
);
-            }
-        }
-        else
-        {
-            entry.put( SchemaConstants.CREATE_TIMESTAMP_AT, DateUtils.getGeneralizedTime()
);
-        }
-        */
-        
-        // Add the UUID and the entryCSN. The UUID is stored as a byte[] representation of

-        // its String value
-        // @TODO : If we are using replication, those four OAs may be already present.
-        // We have to deal with this as soon as we have the replication working again
-        
-        // Check that we don't have an entryUUID AT in the incoming entry, as it's a NO-USER-MODIFICATION
AT
-        // Of course, we will allow if for replication (see above @TODO)
+        // If we are using replication, the below four OAs may already be present and we
retain
+        // those values if the user is admin.
         boolean isAdmin = opContext.getSession().getAuthenticatedPrincipal().getName().equals(

             ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
         
@@ -232,9 +202,36 @@ public class OperationalAttributeInterce
         {
             entry.put( SchemaConstants.ENTRY_CSN_AT, service.getCSN().toString() );
         }
-        
-        entry.put( SchemaConstants.CREATORS_NAME_AT, principal );
-        entry.put( SchemaConstants.CREATE_TIMESTAMP_AT, DateUtils.getGeneralizedTime() );
+
+        if ( entry.containsAttribute( SchemaConstants.CREATORS_NAME_AT ) )
+        {
+            if ( !isAdmin )
+            {
+                // Wrong !
+                String message =  I18n.err( I18n.ERR_30, SchemaConstants.CREATORS_NAME_AT
);
+                LOG.error( message );
+                throw new LdapNoPermissionException( message );
+            }
+        }
+        else
+        {
+            entry.put( SchemaConstants.CREATORS_NAME_AT, principal );
+        }
+
+        if ( entry.containsAttribute( SchemaConstants.CREATE_TIMESTAMP_AT ) )
+        {
+            if ( !isAdmin )
+            {
+                // Wrong !
+                String message =  I18n.err( I18n.ERR_30, SchemaConstants.CREATE_TIMESTAMP_AT
);
+                LOG.error( message );
+                throw new LdapNoPermissionException( message );
+            }
+        }
+        else
+        {
+            entry.put( SchemaConstants.CREATE_TIMESTAMP_AT, DateUtils.getGeneralizedTime()
);
+        }
         
         nextInterceptor.add( opContext );
     }
@@ -245,48 +242,74 @@ public class OperationalAttributeInterce
     {
         // We must check that the user hasn't injected either the modifiersName
         // or the modifyTimestamp operational attributes : they are not supposed to be
-        // added at this point.
+        // added at this point EXCEPT in cases of replication by a admin user.
         // If so, remove them, and if there are no more attributes, simply return.
         // otherwise, inject those values into the list of modifications
         List<Modification> mods = opContext.getModItems();
         
+        boolean isAdmin = opContext.getSession().getAuthenticatedPrincipal().getName().equals(

+            ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
+        
+        boolean modifierAtPresent = false;
+        boolean modifiedTimeAtPresent = false;
+        
         for ( Modification modification: mods )
         {
             AttributeType attributeType = modification.getAttribute().getAttributeType();
             
             if ( attributeType.equals( MODIFIERS_NAME_ATTRIBUTE_TYPE ) )
             {
-                String message = I18n.err( I18n.ERR_31 );
-                LOG.error( message );
-                throw new LdapSchemaViolationException( ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS,
message );
+                if( ! isAdmin )
+                {
+                    String message = I18n.err( I18n.ERR_31 );
+                    LOG.error( message );
+                    throw new LdapSchemaViolationException( ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS,
message );
+                }
+                else
+                {
+                    modifierAtPresent = true;
+                }
             }
 
             if ( attributeType.equals( MODIFY_TIMESTAMP_ATTRIBUTE_TYPE ) )
             {
-                String message = I18n.err( I18n.ERR_32 );
-                LOG.error( message );
-                throw new LdapSchemaViolationException( ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS,
message );
+                if( ! isAdmin )
+                {
+                    String message = I18n.err( I18n.ERR_32 );
+                    LOG.error( message );
+                    throw new LdapSchemaViolationException( ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS,
message );
+                }
+                else
+                {
+                    modifiedTimeAtPresent = true;
+                }
             }
         }
-        
-        // Inject the ModifiersName AT if it's not present
-        EntryAttribute attribute = new DefaultEntryAttribute( 
-            MODIFIERS_NAME_ATTRIBUTE_TYPE, 
-            getPrincipal().getName());
 
-        Modification modifiersName = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE,
attribute );
+        if ( ! modifierAtPresent )
+        {
+            // Inject the ModifiersName AT if it's not present
+            EntryAttribute attribute = new DefaultEntryAttribute( 
+                MODIFIERS_NAME_ATTRIBUTE_TYPE, 
+                getPrincipal().getName());
 
-        mods.add( modifiersName );
-        
-        // Inject the ModifyTimestamp AT if it's not present
-        attribute = new DefaultEntryAttribute( 
-            MODIFY_TIMESTAMP_ATTRIBUTE_TYPE,
-            DateUtils.getGeneralizedTime() );
-        
-        Modification timestamp = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE,
attribute );
+            Modification modifiersName = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE,
attribute );
+
+            mods.add( modifiersName );
+        }
+
+        if ( ! modifiedTimeAtPresent )
+        {
+            // Inject the ModifyTimestamp AT if it's not present
+            EntryAttribute attribute = new DefaultEntryAttribute( 
+                MODIFY_TIMESTAMP_ATTRIBUTE_TYPE,
+                DateUtils.getGeneralizedTime() );
+            
+            Modification timestamp = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE,
attribute );
+
+            mods.add( timestamp );
+        }
 
-        mods.add( timestamp );
-        
         // Go down in the chain
         nextInterceptor.modify( opContext );
         

Modified: directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/operations/ClientAddRequestTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/operations/ClientAddRequestTest.java?rev=949186&r1=949185&r2=949186&view=diff
==============================================================================
--- directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/operations/ClientAddRequestTest.java
(original)
+++ directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/operations/ClientAddRequestTest.java
Fri May 28 14:34:00 2010
@@ -49,6 +49,7 @@ import org.apache.directory.shared.ldap.
 import org.apache.directory.shared.ldap.entry.Entry;
 import org.apache.directory.shared.ldap.message.ResultCodeEnum;
 import org.apache.directory.shared.ldap.name.DN;
+import org.apache.directory.shared.ldap.util.DateUtils;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
@@ -163,12 +164,17 @@ public class ClientAddRequestTest extend
             "userPassword: secret"
         })
     @Test
-    public void testAddEntryUUIDAndEntryCsn() throws Exception
+    /**
+     * tests adding entryUUID, entryCSN, creatorsName and createTimestamp attributes
+     */
+    public void testAddSystemOperationalAttributes() throws Exception
     {
         //test as admin first
         DN dn = new DN( "cn=x,ou=system" );
         String uuid = UUID.randomUUID().toString();
         String csn = new CsnFactory( 0 ).newInstance().toString();
+        String creator = dn.getName();
+        String createdTime = DateUtils.getGeneralizedTime();
         
         Entry entry = new DefaultEntry( dn );
         entry.add( SchemaConstants.OBJECT_CLASS_AT, SchemaConstants.PERSON_OC );
@@ -176,6 +182,8 @@ public class ClientAddRequestTest extend
         entry.add( SchemaConstants.SN_AT, "x" );
         entry.add( SchemaConstants.ENTRY_UUID_AT, uuid );
         entry.add( SchemaConstants.ENTRY_CSN_AT, csn );
+        entry.add( SchemaConstants.CREATORS_NAME_AT, creator );
+        entry.add( SchemaConstants.CREATE_TIMESTAMP_AT, createdTime );
         
         connection.add( entry );
         
@@ -184,6 +192,8 @@ public class ClientAddRequestTest extend
         // successful for admin
         assertEquals( uuid, loadedEntry.get( SchemaConstants.ENTRY_UUID_AT ).getString()
);
         assertEquals( csn, loadedEntry.get( SchemaConstants.ENTRY_CSN_AT ).getString() );
+        assertEquals( creator, loadedEntry.get( SchemaConstants.CREATORS_NAME_AT ).getString()
);
+        assertEquals( createdTime, loadedEntry.get( SchemaConstants.CREATE_TIMESTAMP_AT ).getString()
);
         
         connection.delete( dn );
         connection.unBind();

Modified: directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/operations/ClientModifyRequestTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/operations/ClientModifyRequestTest.java?rev=949186&r1=949185&r2=949186&view=diff
==============================================================================
--- directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/operations/ClientModifyRequestTest.java
(original)
+++ directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/operations/ClientModifyRequestTest.java
Fri May 28 14:34:00 2010
@@ -48,6 +48,7 @@ import org.apache.directory.shared.ldap.
 import org.apache.directory.shared.ldap.entry.ModificationOperation;
 import org.apache.directory.shared.ldap.message.ResultCodeEnum;
 import org.apache.directory.shared.ldap.name.DN;
+import org.apache.directory.shared.ldap.util.DateUtils;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
@@ -186,6 +187,9 @@ public class ClientModifyRequestTest ext
     }
     
     
+    /**
+     * ApacheDS doesn't allow modifying entryUUID and entryCSN AT
+     */
     @Test
     public void testModifyEntryUUIDAndEntryCSN() throws Exception
     {
@@ -203,4 +207,30 @@ public class ClientModifyRequestTest ext
         modResp = connection.modify( modReq );
         assertEquals( ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS, modResp.getLdapResult().getResultCode()
);
     }
+    
+    
+    /**
+     * ApacheDS allows modifying the modifiersName and modifyTimestamp operational AT
+     */
+    @Test
+    public void testModifyModifierNameAndModifyTimestamp() throws Exception
+    {
+        DN dn = new DN( "uid=admin,ou=system" );
+        
+        String modifierName = "uid=x,ou=system";
+        String modifiedTime = DateUtils.getGeneralizedTime();
+
+        ModifyRequest modReq = new ModifyRequest( dn );
+        modReq.replace( SchemaConstants.MODIFIERS_NAME_AT, modifierName );
+        modReq.replace( SchemaConstants.MODIFY_TIMESTAMP_AT, modifiedTime );
+        
+        ModifyResponse modResp = connection.modify( modReq );
+        assertEquals( ResultCodeEnum.SUCCESS, modResp.getLdapResult().getResultCode() );
+        
+        Entry loadedEntry = ( ( SearchResultEntry ) connection.lookup( dn.getName(), "+"
) ).getEntry();
+        
+        assertEquals( modifierName, loadedEntry.get( SchemaConstants.MODIFIERS_NAME_AT ).getString()
);
+        assertEquals( modifiedTime, loadedEntry.get( SchemaConstants.MODIFY_TIMESTAMP_AT
).getString() );
+    }
+
 }



Mime
View raw message