mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
opends/src/server/org/opends/server/core/networkgroups/IPConnectionCriteria.java
@@ -23,7 +23,7 @@ * * * Copyright 2009 Sun Microsystems, Inc. * Portions copyright 2011 ForgeRock AS. * Portions copyright 2011-2013 ForgeRock AS. */ package org.opends.server.core.networkgroups; @@ -46,11 +46,11 @@ final class IPConnectionCriteria implements ConnectionCriteria { // The list of allowed client address masks. private final AddressMask[] allowedClients; /** The collection of allowed client address masks. */ private final Collection<AddressMask> allowedClients; // The list of denied client address masks. private final AddressMask[] deniedClients; /** The collection of denied client address masks. */ private final Collection<AddressMask> deniedClients; @@ -66,8 +66,8 @@ public IPConnectionCriteria(Collection<AddressMask> allowedClients, Collection<AddressMask> deniedClients) { this.allowedClients = allowedClients.toArray(new AddressMask[0]); this.deniedClients = deniedClients.toArray(new AddressMask[0]); this.allowedClients = allowedClients; this.deniedClients = deniedClients; } @@ -79,21 +79,17 @@ { InetAddress ipAddr = connection.getRemoteAddress(); if (deniedClients.length > 0) { if (AddressMask.maskListContains(ipAddr, deniedClients)) if (!deniedClients.isEmpty() && AddressMask.maskListContains(ipAddr, deniedClients)) { return false; } } if (allowedClients.length > 0) { if (!AddressMask.maskListContains(ipAddr, allowedClients)) if (!allowedClients.isEmpty() && !AddressMask.maskListContains(ipAddr, allowedClients)) { return false; } } return true; } opends/src/server/org/opends/server/loggers/AbstractTextAccessLogPublisher.java
@@ -22,7 +22,7 @@ * CDDL HEADER END * * * Copyright 2011 ForgeRock AS * Copyright 2011-2013 ForgeRock AS */ package org.opends.server.loggers; @@ -35,6 +35,7 @@ import java.net.InetAddress; import java.util.ArrayList; import java.util.Collection; import java.util.EnumSet; import java.util.List; @@ -76,8 +77,8 @@ private final boolean logConnectRecords; private final boolean logDisconnectRecords; private final EnumSet<OperationType> logOperationRecords; private final AddressMask[] clientAddressEqualTo; private final AddressMask[] clientAddressNotEqualTo; private final Collection<AddressMask> clientAddressEqualTo; private final Collection<AddressMask> clientAddressNotEqualTo; private final int[] clientPorts; private final String[] clientProtocols; private final PatternDN[] userDNEqualTo; @@ -179,10 +180,8 @@ clientProtocols[i++] = toLowerCase(protocol); } clientAddressEqualTo = cfg.getConnectionClientAddressEqualTo().toArray( new AddressMask[0]); clientAddressNotEqualTo = cfg.getConnectionClientAddressNotEqualTo() .toArray(new AddressMask[0]); clientAddressEqualTo = cfg.getConnectionClientAddressEqualTo(); clientAddressNotEqualTo = cfg.getConnectionClientAddressNotEqualTo(); userDNEqualTo = new PatternDN[cfg.getUserDNEqualTo().size()]; i = 0; @@ -402,20 +401,16 @@ // Check client address. final InetAddress ipAddr = connection.getRemoteAddress(); if (clientAddressNotEqualTo.length > 0) { if (AddressMask.maskListContains(ipAddr, clientAddressNotEqualTo)) if (!clientAddressNotEqualTo.isEmpty() && AddressMask.maskListContains(ipAddr, clientAddressNotEqualTo)) { return false; } } if (clientAddressEqualTo.length > 0) { if (!AddressMask.maskListContains(ipAddr, clientAddressEqualTo)) if (!clientAddressEqualTo.isEmpty() && !AddressMask.maskListContains(ipAddr, clientAddressEqualTo)) { return false; } } return true; } opends/src/server/org/opends/server/protocols/ldap/LDAPConnectionHandler.java
@@ -171,12 +171,12 @@ private boolean enabled; /** The set of clients that are explicitly allowed access to the server. */ private AddressMask[] allowedClients; private Collection<AddressMask> allowedClients; /** * The set of clients that have been explicitly denied access to the server. */ private AddressMask[] deniedClients; private Collection<AddressMask> deniedClients; /** * The index to the request handler that will be used for the next connection @@ -348,8 +348,8 @@ // Apply the changes. currentConfig = config; enabled = config.isEnabled(); allowedClients = config.getAllowedClient().toArray(new AddressMask[0]); deniedClients = config.getDeniedClient().toArray(new AddressMask[0]); allowedClients = config.getAllowedClient(); deniedClients = config.getDeniedClient(); // Reconfigure SSL if needed. protocol = config.isUseSSL() ? "LDAPS" : "LDAP"; @@ -712,8 +712,8 @@ currentConfig = config; enabled = config.isEnabled(); requestHandlerIndex = 0; allowedClients = config.getAllowedClient().toArray(new AddressMask[0]); deniedClients = config.getDeniedClient().toArray(new AddressMask[0]); allowedClients = config.getAllowedClient(); deniedClients = config.getDeniedClient(); // Configure SSL if needed. protocol = config.isUseSSL() ? "LDAPS" : "LDAP"; @@ -1251,7 +1251,7 @@ InetAddress clientAddr = clientConnection.getRemoteAddress(); // Check to see if the client is on the denied list. // If so, then reject it immediately. if ((deniedClients.length > 0) if ((!deniedClients.isEmpty()) && AddressMask.maskListContains(clientAddr, deniedClients)) { clientConnection.disconnect( @@ -1265,7 +1265,7 @@ // Check to see if there is an allowed list and if // there is whether the client is on that list. If // not, then reject the connection. if ((allowedClients.length > 0) if ((!allowedClients.isEmpty()) && (!AddressMask.maskListContains(clientAddr, allowedClients))) { clientConnection.disconnect( opends/src/server/org/opends/server/types/AddressMask.java
@@ -23,7 +23,7 @@ * * * Copyright 2006-2009 Sun Microsystems, Inc. * Portions copyright 2011 ForgeRock AS. * Portions copyright 2011-2013 ForgeRock AS */ package org.opends.server.types; import org.opends.messages.Message; @@ -31,6 +31,7 @@ import org.opends.server.config.ConfigException; import static org.opends.messages.ProtocolMessages.*; import java.util.BitSet; import java.util.Collection; import java.net.Inet6Address; import java.net.InetAddress; import java.net.UnknownHostException; @@ -381,17 +382,17 @@ /** * Indicates whether provided address matches one of the address masks in * the provided array. * the provided collection. * * @param address * The address to check. * @param masks * An array of address masks to check. * A collection of address masks to check. * @return <CODE>true</CODE> if the provided address matches one of the * given address masks, or <CODE>false</CODE> if it does not. */ public static boolean maskListContains(InetAddress address, AddressMask[] masks) Collection<AddressMask> masks) { for (AddressMask mask : masks) { opends/tests/unit-tests-testng/src/server/org/opends/server/types/TestAddressMask.java
@@ -23,7 +23,7 @@ * * * Copyright 2006-2008 Sun Microsystems, Inc. * Portions copyright 2011 ForgeRock AS. * Portions copyright 2011-2013 ForgeRock AS */ package org.opends.server.types; @@ -33,7 +33,8 @@ import static org.testng.Assert.*; import java.net.InetAddress; import java.net.UnknownHostException; import java.util.ArrayList; import java.util.Collection; public class TestAddressMask extends TypesTestCase { @@ -207,48 +208,42 @@ } @Test(dataProvider = "matchRules") public void testMatch(String[] rules, String[] addrs, String[]hostNames) { boolean ret; ret=match(rules,addrs,hostNames); assertTrue(ret); public void testMatch(String[] rules, String[] addrs, String[] hostNames) throws Exception { assertTrue(match(rules, addrs, hostNames)); } @Test(dataProvider = "matchWCRules") public void testWildCardMatch(String[] rules, String[] addrs, String[]hostNames) { boolean ret; ret=match(rules,addrs,hostNames); assertTrue(ret); String[] hostNames) throws Exception { assertTrue(match(rules, addrs, hostNames)); } @Test(dataProvider = "noMatchRules") public void testNoMatch(String[] rules, String[] addrs, String[] hostNames) { boolean ret; ret=match(rules,addrs,hostNames); assertFalse(ret); public void testNoMatch(String[] rules, String[] addrs, String[] hostNames) throws Exception { assertFalse(match(rules, addrs, hostNames)); } @Test(dataProvider="toStringRule") public void testToString(String rule) { try { public void testToString(String rule) throws Exception { AddressMask m = AddressMask.decode(rule); assertEquals(rule, m.toString()); } catch (ConfigException ce) { throw new RuntimeException( "Invalid mask <" + rule + "> all data should be valid for this test"); } } private boolean match(String[] rules, String[] addrs, String[]hostNames) { boolean ret=true; private boolean match(String[] rules, String[] addrs, String[] hostNames) throws Exception { int i=0; AddressMask[] m = new AddressMask[rules.length]; Collection<AddressMask> m = new ArrayList<AddressMask>(rules.length); try { for (i = 0; i < rules.length; i++) { m[i] = AddressMask.decode(rules[i]); m.add(AddressMask.decode(rules[i])); } } catch (ConfigException ce) { throw new RuntimeException( @@ -256,18 +251,15 @@ "> all data must be valid for this test"); } for(int j = 0; j < addrs.length; j++) { try { InetAddress addr = InetAddress.getByAddress(hostNames[j], InetAddress InetAddress addr = InetAddress.getByAddress(hostNames[j], InetAddress .getByName(addrs[j]).getAddress()); if(!AddressMask.maskListContains(addr, m)) { ret=false; break; } } catch (UnknownHostException ex) { ret=false; if (!AddressMask.maskListContains(addr, m)) { return false; } } return ret; return true; } /* @@ -358,9 +350,9 @@ } @Test(dataProvider = "match6Rules") public void testMatch6(String[] rules, String[] addrs, String[]hostNames) { boolean ret; ret=match(rules,addrs,hostNames); assertTrue(ret); public void testMatch6(String[] rules, String[] addrs, String[] hostNames) throws Exception { assertTrue(match(rules, addrs, hostNames)); } }
