1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.server.core.schema;
21
22
23 import junit.framework.TestCase;
24
25 import javax.naming.NamingException;
26
27 import org.apache.directory.server.core.entry.DefaultServerAttribute;
28 import org.apache.directory.server.core.entry.DefaultServerEntry;
29 import org.apache.directory.server.core.entry.ServerAttribute;
30 import org.apache.directory.server.core.entry.ServerEntry;
31 import org.apache.directory.server.core.schema.SchemaChecker;
32 import org.apache.directory.server.schema.bootstrap.ApacheSchema;
33 import org.apache.directory.server.schema.bootstrap.BootstrapSchemaLoader;
34 import org.apache.directory.server.schema.bootstrap.CoreSchema;
35 import org.apache.directory.server.schema.bootstrap.Schema;
36 import org.apache.directory.server.schema.bootstrap.SystemSchema;
37 import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
38 import org.apache.directory.server.schema.registries.DefaultOidRegistry;
39 import org.apache.directory.server.schema.registries.DefaultRegistries;
40 import org.apache.directory.server.schema.registries.ObjectClassRegistry;
41 import org.apache.directory.server.schema.registries.OidRegistry;
42 import org.apache.directory.server.schema.registries.Registries;
43 import org.apache.directory.shared.ldap.entry.EntryAttribute;
44 import org.apache.directory.shared.ldap.entry.ModificationOperation;
45 import org.apache.directory.shared.ldap.exception.LdapSchemaViolationException;
46 import org.apache.directory.shared.ldap.message.ResultCodeEnum;
47 import org.apache.directory.shared.ldap.name.LdapDN;
48 import org.apache.directory.shared.ldap.schema.AttributeType;
49 import org.apache.directory.shared.ldap.util.StringTools;
50 import org.junit.BeforeClass;
51 import org.junit.Test;
52
53 import java.util.Collections;
54 import java.util.Iterator;
55 import java.util.List;
56 import java.util.Map;
57 import java.util.Set;
58 import java.util.HashSet;
59
60
61
62
63
64
65
66
67 public class SchemaCheckerTest extends TestCase
68 {
69 static Registries registries;
70
71
72 @BeforeClass
73 protected void setUp() throws Exception
74 {
75 BootstrapSchemaLoader loader = new BootstrapSchemaLoader();
76 registries = new DefaultRegistries( "bootstrap", loader, new DefaultOidRegistry() );
77
78 Set<Schema> schemas = new HashSet<Schema>();
79 schemas.add( new SystemSchema() );
80 schemas.add( new ApacheSchema() );
81 schemas.add( new CoreSchema() );
82 loader.loadWithDependencies( schemas,registries );
83
84 List<Throwable> errors = registries.checkRefInteg();
85
86 if ( !errors.isEmpty() )
87 {
88 NamingException e = new NamingException();
89 e.setRootCause( ( Throwable ) errors.get( 0 ) );
90 throw e;
91 }
92 }
93
94
95
96
97
98
99 @Test
100 public void testPreventStructuralClassRemovalOnModifyReplace() throws Exception
101 {
102 LdapDN name = new LdapDN( "uid=akarasulu,ou=users,dc=example,dc=com" );
103 ModificationOperation mod = ModificationOperation.REPLACE_ATTRIBUTE;
104 ServerEntry modifyAttributes = new DefaultServerEntry( registries );
105 AttributeType atCN = registries.getAttributeTypeRegistry().lookup( "cn" );
106 modifyAttributes.put( new DefaultServerAttribute( atCN ) );
107
108 ObjectClassRegistry ocRegistry = registries.getObjectClassRegistry();
109
110
111 SchemaChecker.preventStructuralClassRemovalOnModifyReplace( ocRegistry, name, mod, modifyAttributes );
112
113
114 modifyAttributes.removeAttributes( atCN );
115 AttributeType atOC = registries.getAttributeTypeRegistry().lookup( "objectClass" );
116 EntryAttribute objectClassesReplaced = new DefaultServerAttribute( atOC );
117 objectClassesReplaced.add( "top" );
118 objectClassesReplaced.add( "person" );
119 modifyAttributes.put( objectClassesReplaced );
120 SchemaChecker.preventStructuralClassRemovalOnModifyReplace( ocRegistry, name, mod, modifyAttributes );
121
122
123 objectClassesReplaced = new DefaultServerAttribute( atOC );
124 objectClassesReplaced.add( "top" );
125 modifyAttributes.put( objectClassesReplaced );
126 try
127 {
128 SchemaChecker.preventStructuralClassRemovalOnModifyReplace( ocRegistry, name, mod, modifyAttributes );
129 fail( "should never get here due to an LdapSchemaViolationException" );
130 }
131 catch ( LdapSchemaViolationException e )
132 {
133 assertEquals( e.getResultCode(), ResultCodeEnum.OBJECT_CLASS_MODS_PROHIBITED );
134 }
135
136
137
138 modifyAttributes.removeAttributes( "cn" );
139 objectClassesReplaced = new DefaultServerAttribute( atOC );
140 modifyAttributes.put( objectClassesReplaced );
141 try
142 {
143 SchemaChecker.preventStructuralClassRemovalOnModifyReplace( ocRegistry, name, mod, modifyAttributes );
144 fail( "should never get here due to an LdapSchemaViolationException" );
145 }
146 catch ( LdapSchemaViolationException e )
147 {
148 assertEquals( e.getResultCode(), ResultCodeEnum.OBJECT_CLASS_MODS_PROHIBITED );
149 }
150 }
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221 @Test
222 public void testPreventRdnChangeOnModifyRemove() throws Exception
223 {
224 ModificationOperation mod = ModificationOperation.REMOVE_ATTRIBUTE;
225 LdapDN name = new LdapDN( "ou=user,dc=example,dc=com" );
226 ServerEntry attributes = new DefaultServerEntry( registries, name );
227 attributes.put( "cn", "does not matter" );
228
229
230 SchemaChecker.preventRdnChangeOnModifyRemove( name, mod, attributes, registries.getOidRegistry() );
231
232
233 AttributeType OU_AT = registries.getAttributeTypeRegistry().lookup( "ou" );
234 attributes.put( new DefaultServerAttribute( "ou", OU_AT ) );
235
236 try
237 {
238 SchemaChecker.preventRdnChangeOnModifyRemove( name, mod, attributes, registries.getOidRegistry() );
239 fail( "should never get here due to a LdapSchemaViolationException being thrown" );
240 }
241 catch ( LdapSchemaViolationException e )
242 {
243 assertEquals( ResultCodeEnum.NOT_ALLOWED_ON_RDN, e.getResultCode() );
244 }
245
246
247 name = new LdapDN( "ou=users+cn=system users,dc=example,dc=com" );
248 attributes = new DefaultServerEntry( registries, name );
249 attributes.put( "sn", "does not matter" );
250 SchemaChecker.preventRdnChangeOnModifyRemove( name, mod, attributes, registries.getOidRegistry() );
251
252
253 AttributeType CN_AT = registries.getAttributeTypeRegistry().lookup( "cn" );
254 attributes.put( new DefaultServerAttribute( "cn", CN_AT ) );
255
256 try
257 {
258 SchemaChecker.preventRdnChangeOnModifyRemove( name, mod, attributes, registries.getOidRegistry() );
259 fail( "should never get here due to a LdapSchemaViolationException being thrown" );
260 }
261 catch ( LdapSchemaViolationException e )
262 {
263 assertEquals( ResultCodeEnum.NOT_ALLOWED_ON_RDN, e.getResultCode() );
264 }
265
266
267
268 attributes = new DefaultServerEntry( registries, name );
269 attributes.put( "ou", "container" );
270 SchemaChecker.preventRdnChangeOnModifyRemove( name, mod, attributes, registries.getOidRegistry() );
271
272
273 attributes = new DefaultServerEntry( registries, name );
274 attributes.put( "ou", "users" );
275 try
276 {
277 SchemaChecker.preventRdnChangeOnModifyRemove( name, mod, attributes, registries.getOidRegistry() );
278 fail( "should never get here due to a LdapSchemaViolationException being thrown" );
279 }
280 catch ( LdapSchemaViolationException e )
281 {
282 assertEquals( ResultCodeEnum.NOT_ALLOWED_ON_RDN, e.getResultCode() );
283 }
284 }
285
286
287
288
289
290
291 @Test
292 public void testPreventRdnChangeOnModifyReplace() throws Exception
293 {
294 ModificationOperation mod = ModificationOperation.REPLACE_ATTRIBUTE;
295 LdapDN name = new LdapDN( "ou=user,dc=example,dc=com" );
296 ServerEntry attributes = new DefaultServerEntry( registries, name );
297 attributes.put( "cn", "does not matter" );
298
299
300 SchemaChecker.preventRdnChangeOnModifyReplace( name, mod, attributes, registries.getOidRegistry() );
301
302
303 attributes.put( "ou", (String)null );
304
305 try
306 {
307 SchemaChecker.preventRdnChangeOnModifyReplace( name, mod, attributes, registries.getOidRegistry() );
308 fail( "should never get here due to a LdapSchemaViolationException being thrown" );
309 }
310 catch ( LdapSchemaViolationException e )
311 {
312 assertEquals( ResultCodeEnum.NOT_ALLOWED_ON_RDN, e.getResultCode() );
313 }
314
315
316 name = new LdapDN( "ou=users+cn=system users,dc=example,dc=com" );
317 attributes = new DefaultServerEntry( registries, name );
318 attributes.put( "sn", "does not matter" );
319 SchemaChecker.preventRdnChangeOnModifyReplace( name, mod, attributes, registries.getOidRegistry() );
320
321
322 attributes.put("cn", (String)null );
323
324 try
325 {
326 SchemaChecker.preventRdnChangeOnModifyReplace( name, mod, attributes, registries.getOidRegistry() );
327 fail( "should never get here due to a LdapSchemaViolationException being thrown" );
328 }
329 catch ( LdapSchemaViolationException e )
330 {
331 assertEquals( ResultCodeEnum.NOT_ALLOWED_ON_RDN, e.getResultCode() );
332 }
333
334
335
336 attributes = new DefaultServerEntry( registries, name );
337 attributes.put( "ou", "container" );
338 attributes.put( "ou", "users" );
339 SchemaChecker.preventRdnChangeOnModifyReplace( name, mod, attributes, registries.getOidRegistry() );
340
341
342 attributes = new DefaultServerEntry( registries, name );
343 attributes.put( "ou", "container" );
344 try
345 {
346 SchemaChecker.preventRdnChangeOnModifyReplace( name, mod, attributes, registries.getOidRegistry() );
347 fail( "should never get here due to a LdapSchemaViolationException being thrown" );
348 }
349 catch ( LdapSchemaViolationException e )
350 {
351 assertEquals( ResultCodeEnum.NOT_ALLOWED_ON_RDN, e.getResultCode() );
352 }
353 }
354
355
356
357
358
359
360
361
362
363
364 @Test
365 public void testPreventStructuralClassRemovalOnModifyReplaceAttribute() throws Exception
366 {
367 ObjectClassRegistry ocRegistry = registries.getObjectClassRegistry();
368 AttributeType OBJECT_CLASS = registries.getAttributeTypeRegistry().lookup( "objectClass" );
369 AttributeType CN_AT = registries.getAttributeTypeRegistry().lookup( "cn" );
370
371
372 LdapDN name = new LdapDN( "uid=akarasulu,ou=users,dc=example,dc=com" );
373 ModificationOperation mod = ModificationOperation.REPLACE_ATTRIBUTE;
374 SchemaChecker.preventStructuralClassRemovalOnModifyReplace( ocRegistry, name, mod, new DefaultServerAttribute( "cn", CN_AT ) );
375
376
377 ServerAttribute objectClassesReplaced = new DefaultServerAttribute( "objectClass", OBJECT_CLASS );
378 objectClassesReplaced.add( "top" );
379 objectClassesReplaced.add( "person" );
380 SchemaChecker.preventStructuralClassRemovalOnModifyReplace( ocRegistry, name, mod, objectClassesReplaced );
381
382
383 objectClassesReplaced = new DefaultServerAttribute( "objectClass", OBJECT_CLASS );
384 objectClassesReplaced.add( "top" );
385 try
386 {
387 SchemaChecker.preventStructuralClassRemovalOnModifyReplace( ocRegistry, name, mod, objectClassesReplaced );
388 fail( "should never get here due to an LdapSchemaViolationException" );
389 }
390 catch ( LdapSchemaViolationException e )
391 {
392 assertEquals( e.getResultCode(), ResultCodeEnum.OBJECT_CLASS_MODS_PROHIBITED );
393 }
394
395
396
397 objectClassesReplaced = new DefaultServerAttribute( "objectClass", OBJECT_CLASS );
398 try
399 {
400 SchemaChecker.preventStructuralClassRemovalOnModifyReplace( ocRegistry, name, mod, objectClassesReplaced );
401 fail( "should never get here due to an LdapSchemaViolationException" );
402 }
403 catch ( LdapSchemaViolationException e )
404 {
405 assertEquals( e.getResultCode(), ResultCodeEnum.OBJECT_CLASS_MODS_PROHIBITED );
406 }
407 }
408
409
410
411
412
413
414 @Test
415 public void testPreventStructuralClassRemovalOnModifyRemoveAttribute() throws Exception
416 {
417 AttributeTypeRegistry atReg = registries.getAttributeTypeRegistry();
418 LdapDN name = new LdapDN( "uid=akarasulu,ou=users,dc=example,dc=com" );
419 ModificationOperation mod = ModificationOperation.REMOVE_ATTRIBUTE;
420 AttributeType ocAt = atReg.lookup( "objectClass" );
421
422 ServerAttribute entryObjectClasses = new DefaultServerAttribute( "objectClass", ocAt );
423 entryObjectClasses.add( "top", "person", "organizationalPerson" );
424
425 ObjectClassRegistry ocRegistry = registries.getObjectClassRegistry();
426
427
428 SchemaChecker.preventStructuralClassRemovalOnModifyRemove(
429 ocRegistry,
430 name,
431 mod,
432 new DefaultServerAttribute( "cn", atReg.lookup( "cn" ) ),
433 entryObjectClasses );
434
435
436 ServerAttribute objectClassesRemoved = new DefaultServerAttribute(
437 "objectClass", ocAt );
438 objectClassesRemoved.add( "person" );
439 SchemaChecker.preventStructuralClassRemovalOnModifyRemove( ocRegistry, name, mod, objectClassesRemoved,
440 entryObjectClasses );
441
442
443 objectClassesRemoved = new DefaultServerAttribute( "objectClass", ocAt );
444 objectClassesRemoved.add( "person", "organizationalPerson" );
445
446 try
447 {
448 SchemaChecker.preventStructuralClassRemovalOnModifyRemove( ocRegistry, name, mod, objectClassesRemoved,
449 entryObjectClasses );
450 fail( "should never get here due to an LdapSchemaViolationException" );
451 }
452 catch ( LdapSchemaViolationException e )
453 {
454 assertEquals( e.getResultCode(), ResultCodeEnum.OBJECT_CLASS_MODS_PROHIBITED );
455 }
456
457
458
459 objectClassesRemoved = new DefaultServerAttribute( "objectClass", ocAt );
460
461 try
462 {
463 SchemaChecker.preventStructuralClassRemovalOnModifyRemove( ocRegistry, name, mod, objectClassesRemoved,
464 entryObjectClasses );
465 fail( "should never get here due to an LdapSchemaViolationException" );
466 }
467 catch ( LdapSchemaViolationException e )
468 {
469 assertEquals( e.getResultCode(), ResultCodeEnum.OBJECT_CLASS_MODS_PROHIBITED );
470 }
471 }
472
473
474
475
476
477
478 @Test
479 public void testPreventRdnChangeOnModifyRemoveAttribute() throws Exception
480 {
481 OidRegistry registry = new MockOidRegistry();
482 ModificationOperation mod = ModificationOperation.REMOVE_ATTRIBUTE;
483 LdapDN name = new LdapDN( "ou=user,dc=example,dc=com" );
484 AttributeType cnAt = registries.getAttributeTypeRegistry().lookup( "cn" );
485 AttributeType ouAt = registries.getAttributeTypeRegistry().lookup( "ou" );
486 AttributeType snAt = registries.getAttributeTypeRegistry().lookup( "sn" );
487
488
489 SchemaChecker.preventRdnChangeOnModifyRemove( name, mod,
490 new DefaultServerAttribute( "cn", cnAt, "does not matter" ), registry );
491
492
493 try
494 {
495 SchemaChecker.preventRdnChangeOnModifyRemove( name, mod,
496 new DefaultServerAttribute( "ou", ouAt ), registry );
497 fail( "should never get here due to a LdapSchemaViolationException being thrown" );
498 }
499 catch ( LdapSchemaViolationException e )
500 {
501 assertEquals( ResultCodeEnum.NOT_ALLOWED_ON_RDN, e.getResultCode() );
502 }
503
504
505 name = new LdapDN( "ou=users+cn=system users,dc=example,dc=com" );
506 SchemaChecker.preventRdnChangeOnModifyRemove( name, mod,
507 new DefaultServerAttribute( "sn", snAt, "does not matter" ), registry );
508
509
510 try
511 {
512 SchemaChecker.preventRdnChangeOnModifyRemove( name, mod,
513 new DefaultServerAttribute( "cn", cnAt ), registry );
514 fail( "should never get here due to a LdapSchemaViolationException being thrown" );
515 }
516 catch ( LdapSchemaViolationException e )
517 {
518 assertEquals( ResultCodeEnum.NOT_ALLOWED_ON_RDN, e.getResultCode() );
519 }
520
521
522
523 SchemaChecker.preventRdnChangeOnModifyRemove( name, mod,
524 new DefaultServerAttribute( "ou", ouAt, "container" ), registry );
525
526
527 try
528 {
529 SchemaChecker.preventRdnChangeOnModifyRemove( name, mod,
530 new DefaultServerAttribute( "ou", ouAt, "users" ), registry );
531 fail( "should never get here due to a LdapSchemaViolationException being thrown" );
532 }
533 catch ( LdapSchemaViolationException e )
534 {
535 assertEquals( ResultCodeEnum.NOT_ALLOWED_ON_RDN, e.getResultCode() );
536 }
537 }
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600 class MockOidRegistry implements OidRegistry
601 {
602 public String getOid( String name ) throws NamingException
603 {
604 return StringTools.deepTrimToLower( name );
605 }
606
607 public boolean hasOid( String id )
608 {
609 return true;
610 }
611
612 public String getPrimaryName( String oid ) throws NamingException
613 {
614 return oid;
615 }
616
617 public List getNameSet( String oid ) throws NamingException
618 {
619 return Collections.singletonList( oid );
620 }
621
622 public Iterator list()
623 {
624 return Collections.EMPTY_LIST.iterator();
625 }
626
627 public void register( String name, String oid )
628 {
629 }
630
631 public Map getOidByName()
632 {
633 return null;
634 }
635
636 public Map getNameByOid()
637 {
638 return null;
639 }
640
641 public void unregister( String numericOid ) throws NamingException
642 {
643 }
644 }
645 }