From a791a43de44115e6e7f9de49a88cc2d452eb91a4 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Sun, 29 Jul 2007 21:30:06 +0000
Subject: [PATCH] Implement support for restricting the set of tasks that can be invoked in the server.  A new configuration attribute, ds-cfg-allowed-task, is now available in the cn=config entry, and any attempt to invoke a task whose fully-qualified class name is not included in this attribute will be rejected.

---
 opends/src/server/org/opends/server/core/DirectoryServer.java |   31 +++++++++++++++++++++++++++++++
 1 files changed, 31 insertions(+), 0 deletions(-)

diff --git a/opends/src/server/org/opends/server/core/DirectoryServer.java b/opends/src/server/org/opends/server/core/DirectoryServer.java
index 10e3e66..865a256 100644
--- a/opends/src/server/org/opends/server/core/DirectoryServer.java
+++ b/opends/src/server/org/opends/server/core/DirectoryServer.java
@@ -522,6 +522,9 @@
   // The error logger that will be used during the Directory Server startup.
   private TextErrorLogPublisher startupErrorLogPublisher;
 
+  // The set of allowed task classes.
+  private Set<String> allowedTasks;
+
   // The fully-qualified name of the configuration handler class.
   private String configClass;
 
@@ -718,6 +721,7 @@
          new CopyOnWriteArrayList<ExportTaskListener>();
     directoryServer.importTaskListeners =
          new CopyOnWriteArrayList<ImportTaskListener>();
+    directoryServer.allowedTasks = new LinkedHashSet<String>(0);
   }
 
 
@@ -7392,6 +7396,33 @@
 
 
   /**
+   * Retrieves a set containing the names of the allowed tasks that may be
+   * invoked in the server.
+   *
+   * @return  A set containing the names of the allowed tasks that may be
+   *          invoked in the server.
+   */
+  public static Set<String> getAllowedTasks()
+  {
+    return directoryServer.allowedTasks;
+  }
+
+
+
+  /**
+   * Specifies the set of allowed tasks that may be invoked in the server.
+   *
+   * @param  allowedTasks  A set containing the names of the allowed tasks that
+   *                       may be invoked in the server.
+   */
+  public static void setAllowedTasks(Set<String> allowedTasks)
+  {
+    directoryServer.allowedTasks = allowedTasks;
+  }
+
+
+
+  /**
    * Registers the provided backup task listener with the Directory Server.
    *
    * @param  listener  The backup task listener to register with the Directory

--
Gitblit v1.10.0