external-software/github_OpenIdentityPlatform_OpenDJ.git

parent: 3897f253 | patch | commit | ignore whitespace

Fix for issue #2041

lutoff

30.34.2007 7a4f3d9e3c62eb73f07df117813811a886d2b169

Fix for issue #2041

Modifications done in dsframework CLI are:

1) create-admin-user and set-admin-user-properties are now handled
privilege properties (--set privilege:[-]<privilege-name>)

2) get-admin-user-properties shows privileges property associated to the
user

2 files modified

	opends/src/ads/org/opends/admin/ads/ADSContext.java	94 ●●●●● patch \| view \| raw \| blame \| history
	opends/src/server/org/opends/server/admin/client/cli/DsFrameworkCliGlobalAdmin.java	76 ●●●●● patch \| view \| raw \| blame \| history

 opends/src/ads/org/opends/admin/ads/ADSContext.java

@@ -27,6 +27,8 @@

package org.opends.admin.ads;

import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.Set;
import java.util.HashSet;
import java.util.Map;
@@ -318,7 +320,11 @@
    /**
     * The DN of the administrator.
     */
    ADMINISTRATOR_DN("administrator dn",ADSPropertySyntax.STRING);
    ADMINISTRATOR_DN("administrator dn",ADSPropertySyntax.STRING),
    /**
     * The administrator privilege.
     */
    PRIVILEGE("privilege",ADSPropertySyntax.STRING);

    private String attrName;
    private ADSPropertySyntax attrSyntax;
@@ -911,6 +917,9 @@
      SearchControls sc = new SearchControls();

      sc.setSearchScope(SearchControls.ONELEVEL_SCOPE);
      String[] attList = { "cn", "userpassword", "ds-privilege-name",
          "description" };
      sc.setReturningAttributes(attList);
      ne = dirContext.search(getAdministratorContainerDN(), "(objectclass=*)",
          sc);
      while (ne.hasMore())
@@ -1017,7 +1026,7 @@
    LdapName dnCentralAdmin =
      makeDNFromAdministratorProperties(adminProperties);
    BasicAttributes attrs = makeAttrsFromAdministratorProperties(
        adminProperties, true);
        adminProperties, true, null);

    try
    {
@@ -1107,11 +1116,29 @@
        adminProperties.put(AdministratorProperty.UID,newAdminUserId);
      }

      // if modification includes 'privilege', we have to get first the
      // current privileges list.
      NamingEnumeration currentPrivileges = null;
      if (adminProperties.containsKey(AdministratorProperty.PRIVILEGE))
      {
        SearchControls sc = new SearchControls();
        sc.setSearchScope(SearchControls.OBJECT_SCOPE);
        String[] attList = {"ds-privilege-name"};
        sc.setReturningAttributes(attList);
        NamingEnumeration ne = dirContext.search(
            dnCentralAdmin, "(objectclass=*)", sc);
        SearchResult sr = (SearchResult)ne.next();

        currentPrivileges = sr.getAttributes().get("ds-privilege-name")
            .getAll();
      }

      // Replace properties, if needed.
      if (adminProperties.size() > 1)
      {
        BasicAttributes attrs =
          makeAttrsFromAdministratorProperties(adminProperties, false);
          makeAttrsFromAdministratorProperties(
              adminProperties, false, currentPrivileges);
        dirContext.modifyAttributes(dnCentralAdmin,
            DirContext.REPLACE_ATTRIBUTE, attrs);
      }
@@ -1267,12 +1294,13 @@
   * @param adminProperties the administrator properties.
   * @param passwordRequired Indicates if the properties should include
   * the password.
   * @param currentPrivileges The current privilege list or null.
   * @return the attributes for the given administrator properties.
   * @throws ADSContextException if something goes wrong.
   */
  private static BasicAttributes makeAttrsFromAdministratorProperties(
      Map<AdministratorProperty, Object> adminProperties,
      boolean passwordRequired)
      boolean passwordRequired, NamingEnumeration currentPrivileges)
  throws ADSContextException
  {
    BasicAttributes attrs = new BasicAttributes();
@@ -1290,6 +1318,51 @@
      attrs.put("description", adminProperties
          .get(AdministratorProperty.DESCRIPTION));
    }
    Attribute privilegeAtt;
    if (adminProperties.containsKey(AdministratorProperty.PRIVILEGE))
    {
      // We assume that privilege strings provided in
      // AdministratorProperty.PRIVILEGE
      // are valid privileges represented as a LinkedList of string.
      privilegeAtt = new BasicAttribute("ds-privilege-name");
      if (currentPrivileges != null)
      {
        while (currentPrivileges.hasMoreElements())
        {
          privilegeAtt.add(currentPrivileges.nextElement().toString());
        }
      }

      LinkedList privileges = (LinkedList)
        adminProperties.get(AdministratorProperty.PRIVILEGE);
      for( Object o : privileges)
      {
        String p = o.toString() ;
        if (p.startsWith("-"))
        {
          privilegeAtt.remove(p.substring(1));
        }
        else
        {
          privilegeAtt.add(p.toString());
        }
      }
    }
    else
    {
      privilegeAtt = addRootPrivileges();
    }
    attrs.put(privilegeAtt);
    return attrs;
  }


  /**
   * Builds an attribute which contains 'root' privileges.
   * @return The attribute which contains 'root' privileges.
   */
  private static Attribute addRootPrivileges()
  {
    Attribute privilege = new BasicAttribute("ds-privilege-name");
    privilege.add("bypass-acl");
    privilege.add("modify-acl");
@@ -1307,8 +1380,7 @@
    privilege.add("update-schema");
    privilege.add("privilege-change");
    privilege.add("unindexed-search");
    attrs.put(privilege);
    return attrs;
    return privilege;
  }

  /**
@@ -1604,6 +1676,16 @@
          value = attr.get(0);
          result.put(AdministratorProperty.DESCRIPTION, value);
        }
        else if (attrID.equalsIgnoreCase("ds-privilege-name"))
        {
          LinkedHashSet<String> privileges = new LinkedHashSet<String>();
          NamingEnumeration attValueList = attr.getAll();
          while (attValueList.hasMoreElements())
          {
            privileges.add(attValueList.next().toString());
          }
          result.put(AdministratorProperty.PRIVILEGE, privileges);
        }
      }
    }
    catch(NamingException x)

 opends/src/server/org/opends/server/admin/client/cli/DsFrameworkCliGlobalAdmin.java

@@ -51,6 +51,7 @@
import org.opends.admin.ads.ADSContext.AdministratorProperty;
import org.opends.admin.ads.ADSContextException.ErrorType;
import org.opends.server.tools.dsconfig.ArgumentExceptionFactory;
import org.opends.server.types.Privilege;
import org.opends.server.util.args.Argument;
import org.opends.server.util.args.ArgumentException;
import org.opends.server.util.args.BooleanArgument;
@@ -365,7 +366,7 @@
      AdministratorProperty prop = AdministratorProperty.UID;
      String attName = prop.getAttributeName();
      StringArgument arg = new StringArgument(attName, null,
          prop.getAttributeName(), false, false, true, "", null, null, null);
          attName, false, false, true, "", null, null, null);
      userAdminProperties.put(prop, arg);
    }

@@ -377,7 +378,7 @@
      AdministratorProperty prop = AdministratorProperty.PASSWORD;
      String attName = prop.getAttributeName();
      StringArgument arg = new StringArgument(attName, null,
          prop.getAttributeName(), false, false, true, "", null, null, null);
          attName, false, false, true, "", null, null, null);
      userAdminProperties.put(prop, arg);
    }

@@ -388,7 +389,7 @@
      AdministratorProperty prop = AdministratorProperty.DESCRIPTION;
      String attName = prop.getAttributeName();
      StringArgument arg = new StringArgument(attName, null,
          prop.getAttributeName(), false, false, true, "", null, null, null);
          attName, false, false, true, "", null, null, null);
      userAdminProperties.put(prop, arg);
    }

@@ -399,10 +400,21 @@
      AdministratorProperty prop = AdministratorProperty.ADMINISTRATOR_DN;
      String attName = prop.getAttributeName();
      StringArgument arg = new StringArgument(attName, null,
          prop.getAttributeName(), false, false, true, "", null, null, null);
          attName, false, false, true, "", null, null, null);
      userAdminProperties.put(prop, arg);
      readonlyadminUserProperties.add(prop);
    }

    /**
     * The PRIVILEGE associated to the user.
     */
    {
      AdministratorProperty prop = AdministratorProperty.PRIVILEGE;
      String attName = prop.getAttributeName();
      StringArgument arg = new StringArgument(attName, null,
          attName, true, true, true, "", "root", null, null);
      userAdminProperties.put(prop, arg);
    }
  }

  /**
@@ -667,6 +679,7 @@
  {
    HashMap<AdministratorProperty, Object> map =
      new HashMap<AdministratorProperty, Object>();
    boolean rootPrivileges = false ;
    for (String m : propertySetArgument.getValues())
    {
      // Parse the property "property:value".
@@ -714,10 +727,61 @@
            ERR_CLI_ERROR_INVALID_PROPERTY_VALUE.get(propertyName, value);
        throw new ArgumentException(message);
      }
      userAdminProperties.get(adminUserProperty).addValue(value);
      if (adminUserProperty.equals(AdministratorProperty.PRIVILEGE))
      {
        // Check if 'root' privilege is requested, or
        // if it's a valid privilege
        if (value.equals(arg.getDefaultValue()))
        {
          rootPrivileges = true ;
        }
        else
        {
          String valueToCheck = value ;
          if (value.startsWith("-"))
          {
            valueToCheck = value.substring(1);
          }
          if (Privilege.privilegeForName(valueToCheck) == null)
          {
            Message message = ERR_CLI_ERROR_INVALID_PROPERTY_VALUE.get(
                AdministratorProperty.PRIVILEGE.getAttributeName(),
                valueToCheck);
            throw new ArgumentException(message);
          }
        }
      }

      // Add the value to the argument.
      arg.addValue(value);

      // add to the map.
      map.put(adminUserProperty, value);
      if (arg.isMultiValued())
      {
        map.put(adminUserProperty, arg.getValues());
      }
      else
      {
        map.put(adminUserProperty, value);
      }
    }

    // If privileges was not provided by the user, set the default value
    if (! map.containsKey(AdministratorProperty.PRIVILEGE))
    {
      rootPrivileges = true ;
    }

    // If we have root privilege, translate it to the corresponding
    // list of privileges associated to 'root' user.
    if (rootPrivileges)
    {
      LinkedList<String> privilegesList = new LinkedList<String>();
      for (Privilege p : Privilege.getDefaultRootPrivileges())
      {
        privilegesList.add(p.getName());
      }
      map.put(AdministratorProperty.PRIVILEGE,privilegesList);
    }

    // Check that all mandatory props are set.

			@@ -27,6 +27,8 @@

			package org.opends.admin.ads;

			import java.util.LinkedHashSet;
			import java.util.LinkedList;
			import java.util.Set;
			import java.util.HashSet;
			import java.util.Map;
			@@ -318,7 +320,11 @@
			/**
			* The DN of the administrator.
			*/
			ADMINISTRATOR_DN("administrator dn",ADSPropertySyntax.STRING);
			ADMINISTRATOR_DN("administrator dn",ADSPropertySyntax.STRING),
			/**
			* The administrator privilege.
			*/
			PRIVILEGE("privilege",ADSPropertySyntax.STRING);

			private String attrName;
			private ADSPropertySyntax attrSyntax;
			@@ -911,6 +917,9 @@
			SearchControls sc = new SearchControls();

			sc.setSearchScope(SearchControls.ONELEVEL_SCOPE);
			String[] attList = { "cn", "userpassword", "ds-privilege-name",
			"description" };
			sc.setReturningAttributes(attList);
			ne = dirContext.search(getAdministratorContainerDN(), "(objectclass=*)",
			sc);
			while (ne.hasMore())
			@@ -1017,7 +1026,7 @@
			LdapName dnCentralAdmin =
			makeDNFromAdministratorProperties(adminProperties);
			BasicAttributes attrs = makeAttrsFromAdministratorProperties(
			adminProperties, true);
			adminProperties, true, null);

			try
			{
			@@ -1107,11 +1116,29 @@
			adminProperties.put(AdministratorProperty.UID,newAdminUserId);
			}

			// if modification includes 'privilege', we have to get first the
			// current privileges list.
			NamingEnumeration currentPrivileges = null;
			if (adminProperties.containsKey(AdministratorProperty.PRIVILEGE))
			{
			SearchControls sc = new SearchControls();
			sc.setSearchScope(SearchControls.OBJECT_SCOPE);
			String[] attList = {"ds-privilege-name"};
			sc.setReturningAttributes(attList);
			NamingEnumeration ne = dirContext.search(
			dnCentralAdmin, "(objectclass=*)", sc);
			SearchResult sr = (SearchResult)ne.next();

			currentPrivileges = sr.getAttributes().get("ds-privilege-name")
			.getAll();
			}

			// Replace properties, if needed.
			if (adminProperties.size() > 1)
			{
			BasicAttributes attrs =
			makeAttrsFromAdministratorProperties(adminProperties, false);
			makeAttrsFromAdministratorProperties(
			adminProperties, false, currentPrivileges);
			dirContext.modifyAttributes(dnCentralAdmin,
			DirContext.REPLACE_ATTRIBUTE, attrs);
			}
			@@ -1267,12 +1294,13 @@
			* @param adminProperties the administrator properties.
			* @param passwordRequired Indicates if the properties should include
			* the password.
			* @param currentPrivileges The current privilege list or null.
			* @return the attributes for the given administrator properties.
			* @throws ADSContextException if something goes wrong.
			*/
			private static BasicAttributes makeAttrsFromAdministratorProperties(
			Map<AdministratorProperty, Object> adminProperties,
			boolean passwordRequired)
			boolean passwordRequired, NamingEnumeration currentPrivileges)
			throws ADSContextException
			{
			BasicAttributes attrs = new BasicAttributes();
			@@ -1290,6 +1318,51 @@
			attrs.put("description", adminProperties
			.get(AdministratorProperty.DESCRIPTION));
			}
			Attribute privilegeAtt;
			if (adminProperties.containsKey(AdministratorProperty.PRIVILEGE))
			{
			// We assume that privilege strings provided in
			// AdministratorProperty.PRIVILEGE
			// are valid privileges represented as a LinkedList of string.
			privilegeAtt = new BasicAttribute("ds-privilege-name");
			if (currentPrivileges != null)
			{
			while (currentPrivileges.hasMoreElements())
			{
			privilegeAtt.add(currentPrivileges.nextElement().toString());
			}
			}

			LinkedList privileges = (LinkedList)
			adminProperties.get(AdministratorProperty.PRIVILEGE);
			for( Object o : privileges)
			{
			String p = o.toString() ;
			if (p.startsWith("-"))
			{
			privilegeAtt.remove(p.substring(1));
			}
			else
			{
			privilegeAtt.add(p.toString());
			}
			}
			}
			else
			{
			privilegeAtt = addRootPrivileges();
			}
			attrs.put(privilegeAtt);
			return attrs;
			}


			/**
			* Builds an attribute which contains 'root' privileges.
			* @return The attribute which contains 'root' privileges.
			*/
			private static Attribute addRootPrivileges()
			{
			Attribute privilege = new BasicAttribute("ds-privilege-name");
			privilege.add("bypass-acl");
			privilege.add("modify-acl");
			@@ -1307,8 +1380,7 @@
			privilege.add("update-schema");
			privilege.add("privilege-change");
			privilege.add("unindexed-search");
			attrs.put(privilege);
			return attrs;
			return privilege;
			}

			/**
			@@ -1604,6 +1676,16 @@
			value = attr.get(0);
			result.put(AdministratorProperty.DESCRIPTION, value);
			}
			else if (attrID.equalsIgnoreCase("ds-privilege-name"))
			{
			LinkedHashSet<String> privileges = new LinkedHashSet<String>();
			NamingEnumeration attValueList = attr.getAll();
			while (attValueList.hasMoreElements())
			{
			privileges.add(attValueList.next().toString());
			}
			result.put(AdministratorProperty.PRIVILEGE, privileges);
			}
			}
			}
			catch(NamingException x)

			@@ -51,6 +51,7 @@
			import org.opends.admin.ads.ADSContext.AdministratorProperty;
			import org.opends.admin.ads.ADSContextException.ErrorType;
			import org.opends.server.tools.dsconfig.ArgumentExceptionFactory;
			import org.opends.server.types.Privilege;
			import org.opends.server.util.args.Argument;
			import org.opends.server.util.args.ArgumentException;
			import org.opends.server.util.args.BooleanArgument;
			@@ -365,7 +366,7 @@
			AdministratorProperty prop = AdministratorProperty.UID;
			String attName = prop.getAttributeName();
			StringArgument arg = new StringArgument(attName, null,
			prop.getAttributeName(), false, false, true, "", null, null, null);
			attName, false, false, true, "", null, null, null);
			userAdminProperties.put(prop, arg);
			}

			@@ -377,7 +378,7 @@
			AdministratorProperty prop = AdministratorProperty.PASSWORD;
			String attName = prop.getAttributeName();
			StringArgument arg = new StringArgument(attName, null,
			prop.getAttributeName(), false, false, true, "", null, null, null);
			attName, false, false, true, "", null, null, null);
			userAdminProperties.put(prop, arg);
			}

			@@ -388,7 +389,7 @@
			AdministratorProperty prop = AdministratorProperty.DESCRIPTION;
			String attName = prop.getAttributeName();
			StringArgument arg = new StringArgument(attName, null,
			prop.getAttributeName(), false, false, true, "", null, null, null);
			attName, false, false, true, "", null, null, null);
			userAdminProperties.put(prop, arg);
			}

			@@ -399,10 +400,21 @@
			AdministratorProperty prop = AdministratorProperty.ADMINISTRATOR_DN;
			String attName = prop.getAttributeName();
			StringArgument arg = new StringArgument(attName, null,
			prop.getAttributeName(), false, false, true, "", null, null, null);
			attName, false, false, true, "", null, null, null);
			userAdminProperties.put(prop, arg);
			readonlyadminUserProperties.add(prop);
			}

			/**
			* The PRIVILEGE associated to the user.
			*/
			{
			AdministratorProperty prop = AdministratorProperty.PRIVILEGE;
			String attName = prop.getAttributeName();
			StringArgument arg = new StringArgument(attName, null,
			attName, true, true, true, "", "root", null, null);
			userAdminProperties.put(prop, arg);
			}
			}

			/**
			@@ -667,6 +679,7 @@
			{
			HashMap<AdministratorProperty, Object> map =
			new HashMap<AdministratorProperty, Object>();
			boolean rootPrivileges = false ;
			for (String m : propertySetArgument.getValues())
			{
			// Parse the property "property:value".
			@@ -714,10 +727,61 @@
			ERR_CLI_ERROR_INVALID_PROPERTY_VALUE.get(propertyName, value);
			throw new ArgumentException(message);
			}
			userAdminProperties.get(adminUserProperty).addValue(value);
			if (adminUserProperty.equals(AdministratorProperty.PRIVILEGE))
			{
			// Check if 'root' privilege is requested, or
			// if it's a valid privilege
			if (value.equals(arg.getDefaultValue()))
			{
			rootPrivileges = true ;
			}
			else
			{
			String valueToCheck = value ;
			if (value.startsWith("-"))
			{
			valueToCheck = value.substring(1);
			}
			if (Privilege.privilegeForName(valueToCheck) == null)
			{
			Message message = ERR_CLI_ERROR_INVALID_PROPERTY_VALUE.get(
			AdministratorProperty.PRIVILEGE.getAttributeName(),
			valueToCheck);
			throw new ArgumentException(message);
			}
			}
			}

			// Add the value to the argument.
			arg.addValue(value);

			// add to the map.
			map.put(adminUserProperty, value);
			if (arg.isMultiValued())
			{
			map.put(adminUserProperty, arg.getValues());
			}
			else
			{
			map.put(adminUserProperty, value);
			}
			}

			// If privileges was not provided by the user, set the default value
			if (! map.containsKey(AdministratorProperty.PRIVILEGE))
			{
			rootPrivileges = true ;
			}

			// If we have root privilege, translate it to the corresponding
			// list of privileges associated to 'root' user.
			if (rootPrivileges)
			{
			LinkedList<String> privilegesList = new LinkedList<String>();
			for (Privilege p : Privilege.getDefaultRootPrivileges())
			{
			privilegesList.add(p.getName());
			}
			map.put(AdministratorProperty.PRIVILEGE,privilegesList);
			}

			// Check that all mandatory props are set.