From 139c40de1bc595ccd4b8ca952da9e2a37bc8a18e Mon Sep 17 00:00:00 2001
From: dugan <dugan@localhost>
Date: Wed, 05 Nov 2008 13:22:43 +0000
Subject: [PATCH] These fixes add confidentiality/integrity to the SASL GSSAPI and DIGEST-MD5 mechanisms. The issue links:

---
 opends/src/server/org/opends/server/api/ClientConnection.java |   28 ++++++++++++++++++++++++----
 1 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/opends/src/server/org/opends/server/api/ClientConnection.java b/opends/src/server/org/opends/server/api/ClientConnection.java
index a9f8b5a..c56d565 100644
--- a/opends/src/server/org/opends/server/api/ClientConnection.java
+++ b/opends/src/server/org/opends/server/api/ClientConnection.java
@@ -306,7 +306,7 @@
    * @return  The connection handler that accepted this client
    *          connection.
    */
-  public abstract ConnectionHandler getConnectionHandler();
+  public abstract ConnectionHandler<?> getConnectionHandler();
 
 
 
@@ -1113,6 +1113,26 @@
   }
 
 
+  /**
+   * Indicate whether the specified authorization entry parameter
+   * has the specified privilege. The method can be used to perform
+   * a "what-if" scenario.
+   *
+ * @param authorizationEntry The authentication entry to use.
+ * @param privilege The privilege to check for.
+   *
+   * @return  {@code true} if the authentication entry has the
+   *          specified privilege, or {@code false} if not.
+   */
+  public static boolean hasPrivilege(Entry authorizationEntry,
+                                   Privilege privilege) {
+      boolean isRoot =
+          DirectoryServer.isRootDN(authorizationEntry.getDN());
+      return getPrivileges(authorizationEntry,
+              isRoot).contains(privilege) ||
+              DirectoryServer.isDisabled(privilege);
+  }
+
 
   /**
    * Indicates whether the authenticated client has the specified
@@ -1298,7 +1318,7 @@
    *
    * @return  A set of the privileges that should be assigned.
    */
-  private HashSet<Privilege> getPrivileges(Entry entry,
+  private static HashSet<Privilege> getPrivileges(Entry entry,
                                            boolean isRoot)
   {
     if (entry == null)
@@ -1579,7 +1599,7 @@
    * @throws  DirectoryException  If a problem occurs while attempting
    *                             to make the determination.
    */
-  public boolean isMemberOf(Group group, Operation operation)
+  public boolean isMemberOf(Group<?> group, Operation operation)
          throws DirectoryException
   {
     if (operation == null)
@@ -1668,7 +1688,7 @@
    * Retrieves the DN of the key manager provider that should be used
    * for operations requiring access to a key manager.  The default
    * implementation returns {@code null} to indicate that no key
-   * manager provider is avaialble, but subclasses should override
+   * manager provider is available, but subclasses should override
    * this method to return a valid DN if they perform operations which
    * may need access to a key manager.
    *

--
Gitblit v1.10.0