external-software/github_OpenIdentityPlatform_OpenDJ.git - g.central-computer.de

external-software / github_OpenIdentityPlatform_OpenDJ

mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git

parent: e37bd1bf | patch | commit | ignore whitespace

Fix global ACI target evaluation to support root DSE. Issue 1623.

dugan

24.37.2007 cdbf344be3db4c423f924e0e17e22285a72a1ea8

Fix global ACI target evaluation to support root DSE. Issue 1623.

3 files modified

	opends/resource/config/config.ldif	2 ●●●●● patch \| view \| raw \| blame \| history
	opends/src/server/org/opends/server/authorization/dseecompat/Aci.java	5 ●●●●● patch \| view \| raw \| blame \| history
	opends/src/server/org/opends/server/authorization/dseecompat/Target.java	4 ●●●●● patch \| view \| raw \| blame \| history

 opends/resource/config/config.ldif

@@ -54,7 +54,7 @@
ds-cfg-global-aci: (targetattr!="userPassword||authPassword")(version 3.0; acl "Anonymous read access"; allow (read,search,compare) userdn="ldap:///anyone";)
ds-cfg-global-aci: (targetattr="*")(version 3.0; acl "Self entry modification"; allow (write) userdn="ldap:///self";)
ds-cfg-global-aci: (target="ldap:///cn=schema")(targetscope="base")(targetattr="attributeTypes||dITContentRules||dITStructureRules||ldapSyntaxes||matchingRules||matchingRuleUse||nameForms||objectClasses")(version 3.0; acl "User-Visible Schema Operational Attributes"; allow (read,search,compare) userdn="ldap:///anyone";)
ds-cfg-global-aci: (targetattr="namingContexts||supportedAuthPasswordSchemes||supportedControl||supportedExtension||supportedFeatures||supportedSASLMechanisms||vendorName||vendorVersion")(version 3.0; acl "User-Visible Root DSE Operational Attributes"; allow (read,search,compare) userdn="ldap:///anyone";)
ds-cfg-global-aci: (target="ldap:///")(targetscope="base")(targetattr="namingContexts||supportedAuthPasswordSchemes||supportedControl||supportedExtension||supportedFeatures||supportedSASLMechanisms||vendorName||vendorVersion")(version 3.0; acl "User-Visible Root DSE Operational Attributes"; allow (read,search,compare) userdn="ldap:///anyone";)
ds-cfg-global-aci: (targetattr="createTimestamp||creatorsName||modifiersName||modifyTimestamp||entryDN||subschemaSubentry")(version 3.0; acl "User-Visible Operational Attributes"; allow (read,search,compare) userdn="ldap:///anyone";)
cn: Access Control Handler
ds-cfg-acl-handler-class: org.opends.server.authorization.dseecompat.AciProvider

 opends/src/server/org/opends/server/authorization/dseecompat/Aci.java

@@ -123,6 +123,11 @@
                                                 "(ldap:///[^\\|]+)";

    /**
     *  String used to check for NULL ldap URL.
     */
     public static final String NULL_LDAP_URL = "ldap:///";

    /**
     * Regular expression used to match token that joins expressions (||).
     */
    public static final String LOGICAL_OR = "\\|\\|";

 opends/src/server/org/opends/server/authorization/dseecompat/Target.java

@@ -81,7 +81,9 @@
            throws AciException {
        this.operator = operator;
        try {
          if (!Pattern.matches(LDAP_URL, target)) {
          //The NULL_LDAP_URL corresponds to the root DSE.
          if((!target.equals(NULL_LDAP_URL)) &&
             (!Pattern.matches(LDAP_URL, target))) {
              int msgID = MSGID_ACI_SYNTAX_INVALID_TARGETKEYWORD_EXPRESSION;
              String message = getMessage(msgID, target);
              throw new AciException(msgID, message);