From ed39262fa647434d4a0e31f07754a263ce2b16e3 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Fri, 09 Feb 2007 21:51:09 +0000
Subject: [PATCH] Add an initial set of privilege support to OpenDS.  The current privileges are currently defined and implemented: * config-read (allow reading the configuration) * config-write (allow updating the configuration) * ldif-import (allow invoking LDIF import tasks) * ldif-export (allow invoking LDIF export tasks) * backend-backup (allow invoking backup tasks) * backend-restore (allow invoking restore tasks) * server-shutdown (allow invoking server shutdown tasks) * server-restart (allow invoking server restart tasks) * server-restart (allow invoking server restart tasks) * password-reset (allow resetting user passwords) * update-schema (allow updating the server schema) * privilege-change (allow changing the set of privileges for a user)

---
 opends/src/server/org/opends/server/tasks/ShutdownTask.java |   41 +++++++++++++++++++++++++++++++++++++----
 1 files changed, 37 insertions(+), 4 deletions(-)

diff --git a/opends/src/server/org/opends/server/tasks/ShutdownTask.java b/opends/src/server/org/opends/server/tasks/ShutdownTask.java
index 827b883..6c7615b 100644
--- a/opends/src/server/org/opends/server/tasks/ShutdownTask.java
+++ b/opends/src/server/org/opends/server/tasks/ShutdownTask.java
@@ -22,7 +22,7 @@
  * CDDL HEADER END
  *
  *
- *      Portions Copyright 2006 Sun Microsystems, Inc.
+ *      Portions Copyright 2006-2007 Sun Microsystems, Inc.
  */
 package org.opends.server.tasks;
 
@@ -31,14 +31,18 @@
 import java.util.LinkedHashSet;
 import java.util.List;
 
+import org.opends.server.api.ClientConnection;
 import org.opends.server.backends.task.Task;
 import org.opends.server.backends.task.TaskState;
 import org.opends.server.core.DirectoryServer;
+import org.opends.server.core.Operation;
 import org.opends.server.types.Attribute;
 import org.opends.server.types.AttributeType;
 import org.opends.server.types.AttributeValue;
 import org.opends.server.types.DirectoryException;
 import org.opends.server.types.Entry;
+import org.opends.server.types.Privilege;
+import org.opends.server.types.ResultCode;
 
 import static org.opends.server.config.ConfigConstants.*;
 import static org.opends.server.loggers.Debug.*;
@@ -88,9 +92,6 @@
     assert debugEnter(CLASS_NAME, "initializeTask");
 
 
-    // FIXME -- Do we need any special authorization here?
-
-
     // See if the entry contains a shutdown message.  If so, then use it.
     // Otherwise, use a default message.
     Entry taskEntry = getTaskEntry();
@@ -132,6 +133,38 @@
                    valueString.equals("on") || valueString.equals("1"));
       }
     }
+
+
+    // If the client connection is available, then make sure the associated
+    // client has either the SERVER_SHUTDOWN or SERVER_RESTART privilege, based
+    // on the appropriate action.
+    Operation operation = getOperation();
+    if (operation != null)
+    {
+      ClientConnection clientConnection = operation.getClientConnection();
+      if (restart)
+      {
+        if (! clientConnection.hasPrivilege(Privilege.SERVER_RESTART,
+                                            operation))
+        {
+          int    msgID   = MSGID_TASK_SHUTDOWN_INSUFFICIENT_RESTART_PRIVILEGES;
+          String message = getMessage(msgID);
+          throw new DirectoryException(ResultCode.INSUFFICIENT_ACCESS_RIGHTS,
+                                       message, msgID);
+        }
+      }
+      else
+      {
+        if (! clientConnection.hasPrivilege(Privilege.SERVER_SHUTDOWN,
+                                            operation))
+        {
+          int    msgID   = MSGID_TASK_SHUTDOWN_INSUFFICIENT_SHUTDOWN_PRIVILEGES;
+          String message = getMessage(msgID);
+          throw new DirectoryException(ResultCode.INSUFFICIENT_ACCESS_RIGHTS,
+                                       message, msgID);
+        }
+      }
+    }
   }
 
 

--
Gitblit v1.10.0