From d428f48a4cf79de5e3f7cbc38a2c1af7a0b80e4f Mon Sep 17 00:00:00 2001
From: dugan <dugan@localhost>
Date: Sat, 21 Jul 2007 00:56:42 +0000
Subject: [PATCH] Add the new ACI keyword  "targetcontrol"  that can be used to enforce access based on the OID of a control. For example, a new global access control rule is also being added: 

---
 opends/src/server/org/opends/server/core/ExtendedOperationBasis.java |   10 ++++++++++
 1 files changed, 10 insertions(+), 0 deletions(-)

diff --git a/opends/src/server/org/opends/server/core/ExtendedOperationBasis.java b/opends/src/server/org/opends/server/core/ExtendedOperationBasis.java
index 3b5b432..6955d0e 100644
--- a/opends/src/server/org/opends/server/core/ExtendedOperationBasis.java
+++ b/opends/src/server/org/opends/server/core/ExtendedOperationBasis.java
@@ -60,6 +60,7 @@
 import org.opends.server.types.DebugLogLevel;
 import static org.opends.server.messages.CoreMessages.*;
 import static org.opends.server.messages.MessageHandler.*;
+import static org.opends.server.messages.MessageHandler.getMessage;
 import static org.opends.server.util.ServerConstants.*;
 
 
@@ -487,6 +488,15 @@
       {
         for (Control c : requestControls)
         {
+          if (!AccessControlConfigManager.getInstance().
+                  getAccessControlHandler().
+                  isAllowed(this.getAuthorizationDN(), this, c)) {
+            setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);
+            int msgID = MSGID_CONTROL_INSUFFICIENT_ACCESS_RIGHTS;
+            appendErrorMessage(getMessage(msgID, c.getOID()));
+            skipPostOperation=true;
+            break extendedProcessing;
+          }
           if (! c.isCritical())
           {
             // The control isn't critical, so we don't care if it's supported

--
Gitblit v1.10.0