From 95780900edac514e060d5289b8b0e476aa517dbf Mon Sep 17 00:00:00 2001
From: Gaetan Boismal <gaetan.boismal@forgerock.com>
Date: Fri, 20 Jun 2014 12:49:48 +0000
Subject: [PATCH] OPENDJ-1351 (CR-3814) Require a privilege needed for searching cn=changelog * config.ldiff ** Add the 'changelog-read' value to the 'ds-default-root-privilege-name' multi-valued attribute * GlobalConfiguration.xml RootDNConfiguration.xml ADSContext.java Privilege.java RootPrivilegeChangeListener.java ** Add the 'changelog-read' privilege where is was needed * GlobalCfgDefn.properties RootDNCfgDefn.properties ** Add 'changelog-read' privilege definition * replication.properties replication_fr.properties ** Add messages to prevent user that he needs to have the 'changelog-read' privilege if he wants to search on changelog * ECLSearchOperation.java ** Add a check to verify that the current connection has the 'changelog-read' privilege before starting the changelog search * ExternalChangeLogTest.java ** Unit test which ensure that is not possible to perform a changelog search without the 'changelog-read' privilege 

---
 opends/src/server/org/opends/server/workflowelement/externalchangelog/ECLSearchOperation.java |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/opends/src/server/org/opends/server/workflowelement/externalchangelog/ECLSearchOperation.java b/opends/src/server/org/opends/server/workflowelement/externalchangelog/ECLSearchOperation.java
index f26b81d..8c4ab33 100644
--- a/opends/src/server/org/opends/server/workflowelement/externalchangelog/ECLSearchOperation.java
+++ b/opends/src/server/org/opends/server/workflowelement/externalchangelog/ECLSearchOperation.java
@@ -207,6 +207,13 @@
       replicationServer  = wfe.getReplicationServer();
       clientConnection   = getClientConnection();
 
+      if (!clientConnection.hasPrivilege(Privilege.CHANGELOG_READ, this))
+      {
+        setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);
+        appendErrorMessage(NOTE_SEARCH_CHANGELOG_INSUFFICIENT_PRIVILEGES.get());
+        return;
+      }
+
       final StartECLSessionMsg startECLSessionMsg = new StartECLSessionMsg();
 
       // Set default behavior as "from change number".

--
Gitblit v1.10.0