1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21 package org.apache.directory.server.core.subtree;
22
23
24 import org.apache.directory.server.core.DirectoryService;
25 import org.apache.directory.server.core.integ.CiRunner;
26 import static org.apache.directory.server.core.integ.IntegrationUtils.getSystemContext;
27 import org.apache.directory.shared.ldap.constants.SchemaConstants;
28 import static org.junit.Assert.assertEquals;
29 import static org.junit.Assert.assertTrue;
30 import static org.junit.Assert.assertFalse;
31 import org.junit.Test;
32 import org.junit.runner.RunWith;
33
34 import javax.naming.NamingEnumeration;
35 import javax.naming.directory.Attribute;
36 import javax.naming.directory.Attributes;
37 import javax.naming.directory.BasicAttribute;
38 import javax.naming.directory.BasicAttributes;
39 import javax.naming.directory.DirContext;
40 import javax.naming.directory.ModificationItem;
41 import javax.naming.directory.SearchControls;
42 import javax.naming.directory.SearchResult;
43 import javax.naming.ldap.LdapContext;
44 import java.util.HashMap;
45 import java.util.Map;
46
47
48
49
50
51
52
53
54 @RunWith ( CiRunner.class )
55 public class BadSubentryServiceIT
56 {
57 public static DirectoryService service;
58
59
60 public Attributes getTestEntry( String cn )
61 {
62 Attributes entry = new BasicAttributes( true );
63 Attribute objectClass = new BasicAttribute( "objectClass" );
64 objectClass.add( "top" );
65 objectClass.add( "person" );
66 entry.put( objectClass );
67 entry.put( "cn", cn );
68 entry.put( "sn", cn );
69 return entry;
70 }
71
72
73 public Attributes getCollectiveAttributeTestSubentry( String cn )
74 {
75 Attributes subentry = new BasicAttributes( true );
76 Attribute objectClass = new BasicAttribute( "objectClass" );
77 objectClass.add( "top" );
78 objectClass.add( SchemaConstants.SUBENTRY_OC );
79 objectClass.add( "collectiveAttributeSubentry" );
80 subentry.put( objectClass );
81 subentry.put( "subtreeSpecification", "{ }" );
82 subentry.put( "c-o", "Test Org" );
83 subentry.put( "cn", cn );
84 return subentry;
85 }
86
87
88 public Attributes getAccessControlTestSubentry( String cn )
89 {
90 Attributes subentry = new BasicAttributes( true );
91 Attribute objectClass = new BasicAttribute( "objectClass" );
92 objectClass.add( "top" );
93 objectClass.add( SchemaConstants.SUBENTRY_OC );
94 objectClass.add( "accessControlSubentry" );
95 subentry.put( objectClass );
96 subentry.put( "subtreeSpecification", "{ }" );
97 subentry.put( "prescriptiveACI",
98 "{ " +
99 "identificationTag \"alllUsersFullAccessACI\", " +
100 "precedence 14, " +
101 "authenticationLevel none, " +
102 "itemOrUserFirst userFirst: " +
103 "{ " +
104 "userClasses " +
105 "{ " +
106 "allUsers " +
107 "}, " +
108 "userPermissions " +
109 "{ " +
110 "{ " +
111 "protectedItems " +
112 "{ " +
113 "entry, allUserAttributeTypesAndValues " +
114 "}, " +
115 "grantsAndDenials " +
116 "{ " +
117 "grantAdd, grantDiscloseOnError, grantRead, " +
118 "grantRemove, grantBrowse, grantExport, grantImport, " +
119 "grantModify, grantRename, grantReturnDN, " +
120 "grantCompare, grantFilterMatch, grantInvoke " +
121 "} " +
122 "} " +
123 "} " +
124 "} " +
125 "} "
126 );
127 subentry.put( "cn", cn );
128 return subentry;
129 }
130
131
132 public void addAdministrativeRoles() throws Exception
133 {
134 LdapContext sysRoot = getSystemContext( service );
135 Attribute attribute = new BasicAttribute( "administrativeRole" );
136 attribute.add( "autonomousArea" );
137 attribute.add( "collectiveAttributeSpecificArea" );
138 attribute.add( "accessControlSpecificArea" );
139 ModificationItem item = new ModificationItem( DirContext.ADD_ATTRIBUTE, attribute );
140 sysRoot.modifyAttributes( "", new ModificationItem[] { item } );
141 }
142
143
144 public Map<String, Attributes> getAllEntries() throws Exception
145 {
146 LdapContext sysRoot = getSystemContext( service );
147 Map<String, Attributes> resultMap = new HashMap<String, Attributes>();
148 SearchControls controls = new SearchControls();
149 controls.setSearchScope( SearchControls.SUBTREE_SCOPE );
150 controls.setReturningAttributes( new String[] { "+", "*" } );
151 NamingEnumeration<SearchResult> results = sysRoot.search( "", "(objectClass=*)", controls );
152
153 while ( results.hasMore() )
154 {
155 SearchResult result = results.next();
156 resultMap.put( result.getName(), result.getAttributes() );
157 }
158
159 return resultMap;
160 }
161
162
163
164
165
166 @Test
167 public void testTrackingOfSubentryOperationals() throws Exception
168 {
169 LdapContext sysRoot = getSystemContext( service );
170 addAdministrativeRoles();
171 sysRoot.createSubcontext( "cn=collectiveAttributeTestSubentry",
172 getCollectiveAttributeTestSubentry( "collectiveAttributeTestSubentry" ) );
173 sysRoot.createSubcontext( "cn=accessControlTestSubentry",
174 getAccessControlTestSubentry( "accessControlTestSubentry" ) );
175 sysRoot.createSubcontext( "cn=testEntry", getTestEntry( "testEntry" ) );
176
177 Map<String, Attributes> results = getAllEntries();
178 Attributes testEntry = results.get( "cn=testEntry,ou=system" );
179
180
181
182 Attribute collectiveAttributeSubentries = testEntry.get( "collectiveAttributeSubentries" );
183
184 assertTrue( collectiveAttributeSubentries.contains( "2.5.4.3=collectiveattributetestsubentry,2.5.4.11=system" ) );
185
186 assertFalse( "'collectiveAttributeSubentries' operational attribute SHOULD NOT " +
187 "contain references to non-'collectiveAttributeSubentry's like 'accessControlSubentry's",
188 collectiveAttributeSubentries.contains( "2.5.4.3=accesscontroltestsubentry,2.5.4.11=system" ) );
189
190 assertEquals( 1, collectiveAttributeSubentries.size() );
191
192
193
194 Attribute accessControlSubentries = testEntry.get( "accessControlSubentries" );
195
196 assertTrue( accessControlSubentries.contains( "2.5.4.3=accesscontroltestsubentry,2.5.4.11=system" ) );
197
198 assertFalse( "'accessControlSubentries' operational attribute SHOULD NOT " +
199 "contain references to non-'accessControlSubentry's like 'collectiveAttributeSubentry's",
200 accessControlSubentries.contains( "2.5.4.3=collectiveattributetestsubentry,2.5.4.11=system" ) );
201
202 assertEquals( 1, accessControlSubentries.size() );
203
204 }
205 }