From d428f48a4cf79de5e3f7cbc38a2c1af7a0b80e4f Mon Sep 17 00:00:00 2001
From: dugan <dugan@localhost>
Date: Sat, 21 Jul 2007 00:56:42 +0000
Subject: [PATCH] Add the new ACI keyword  "targetcontrol"  that can be used to enforce access based on the OID of a control. For example, a new global access control rule is also being added: 

---
 opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java |   31 ++++++++++++++++++++++++++-----
 1 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java b/opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java
index 06e9a8f..54fd4dc 100644
--- a/opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java
+++ b/opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java
@@ -107,17 +107,17 @@
      * restore the current resource entry state after a read right was
      * evaluated.
      */
-    private Entry saveResourceEntry;
+    private final Entry saveResourceEntry;
 
     /*
      * The client connection information.
      */
-    private ClientConnection clientConnection;
+    private final ClientConnection clientConnection;
 
     /*
      * The operation being evaluated.
      */
-    private Operation operation;
+    private final Operation operation;
 
     /*
      * True if a targattrfilters match was found.
@@ -138,7 +138,7 @@
      * Used to save the current authorization entry when the authorization
      * entry is switched during a proxy access check.
      */
-    private Entry saveAuthorizationEntry;
+    private final Entry saveAuthorizationEntry;
 
     /*
      * This entry is only used if proxied authorization is being used.  It is
@@ -196,7 +196,7 @@
      * Table of ACIs that have targattrfilter keywords that matched. Used
      * in geteffectiverights attributeLevel write evaluation.
      */
-    private HashMap<Aci,Aci> targAttrFilterAcis=new HashMap<Aci, Aci>();
+    private final HashMap<Aci,Aci> targAttrFilterAcis=new HashMap<Aci, Aci>();
 
     /*
      * The name of a ACI that decided an evaluation and contained a
@@ -236,6 +236,11 @@
     */
     private int evalAllAttributes=0;
 
+   /*
+   * String used to hold a control OID string.
+   */
+    private String controlOID;
+
   /**
      * This constructor is used by all currently supported LDAP operations.
      *
@@ -732,6 +737,22 @@
     }
 
     /**
+    * {@inheritDoc}
+    */
+    public String getControlOID() {
+      return controlOID;
+    }
+
+    /**
+     * Set the the controlOID value to the specified oid string.
+     *
+     * @param oid  The control oid string.
+     */
+    protected void setControlOID(String oid) {
+      this.controlOID=oid;
+    }
+
+    /**
      * {@inheritDoc}
      */
     public EnumEvalResult hasAuthenticationMethod(EnumAuthMethod authMethod,

--
Gitblit v1.10.0