001 /* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at 010 * trunk/opends/resource/legal-notices/OpenDS.LICENSE 011 * or https://OpenDS.dev.java.net/OpenDS.LICENSE. 012 * See the License for the specific language governing permissions 013 * and limitations under the License. 014 * 015 * When distributing Covered Code, include this CDDL HEADER in each 016 * file and include the License file at 017 * trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable, 018 * add the following below this CDDL HEADER, with the fields enclosed 019 * by brackets "[]" replaced with your own identifying information: 020 * Portions Copyright [yyyy] [name of copyright owner] 021 * 022 * CDDL HEADER END 023 * 024 * 025 * Copyright 2008 Sun Microsystems, Inc. 026 */ 027 package org.opends.server.core; 028 import org.opends.messages.Message; 029 030 031 032 import java.util.HashSet; 033 import java.util.List; 034 import java.util.Set; 035 036 import org.opends.server.admin.server.ConfigurationChangeListener; 037 import org.opends.server.admin.std.meta.RootDNCfgDefn; 038 import org.opends.server.admin.std.server.RootDNCfg; 039 import org.opends.server.types.ConfigChangeResult; 040 import org.opends.server.types.Privilege; 041 import org.opends.server.types.ResultCode; 042 043 044 045 /** 046 * This class defines a data structure that is used to handle changes to the set 047 * of default root privileges. 048 */ 049 public class RootPrivilegeChangeListener 050 implements ConfigurationChangeListener<RootDNCfg> 051 { 052 // The set of privileges that will be given to root users by default. 053 private Set<Privilege> defaultRootPrivileges; 054 055 056 057 /** 058 * Creates a new instance of this root privilege change listener. 059 */ 060 public RootPrivilegeChangeListener() 061 { 062 defaultRootPrivileges = Privilege.getDefaultRootPrivileges(); 063 } 064 065 066 067 /** 068 * {@inheritDoc} 069 */ 070 public boolean isConfigurationChangeAcceptable(RootDNCfg configuration, 071 List<Message> unacceptableReasons) 072 { 073 // No special validation is required. 074 return true; 075 } 076 077 078 079 /** 080 * {@inheritDoc} 081 */ 082 public ConfigChangeResult applyConfigurationChange(RootDNCfg configuration) 083 { 084 setDefaultRootPrivileges(configuration); 085 return new ConfigChangeResult(ResultCode.SUCCESS, false); 086 } 087 088 089 090 /** 091 * Retrieves the set of privileges that will be automatically granted to root 092 * users. 093 * 094 * @return The set of privileges that will be automatically granted to root 095 * users. 096 */ 097 public Set<Privilege> getDefaultRootPrivileges() 098 { 099 return defaultRootPrivileges; 100 } 101 102 103 104 /** 105 * Specifies the set of privileges that will be automatically granted to root 106 * users. 107 * 108 * @param configuration The configuration object that specifies the set of 109 * privileges that will be automatically granted to 110 * root users. 111 */ 112 void setDefaultRootPrivileges(RootDNCfg configuration) 113 { 114 Set<RootDNCfgDefn.DefaultRootPrivilegeName> configPrivSet = 115 configuration.getDefaultRootPrivilegeName(); 116 117 HashSet<Privilege> privSet = new HashSet<Privilege>(configPrivSet.size()); 118 for (RootDNCfgDefn.DefaultRootPrivilegeName p : configPrivSet) 119 { 120 switch (p) 121 { 122 case BYPASS_ACL: 123 privSet.add(Privilege.BYPASS_ACL); 124 break; 125 case MODIFY_ACL: 126 privSet.add(Privilege.MODIFY_ACL); 127 break; 128 case CONFIG_READ: 129 privSet.add(Privilege.CONFIG_READ); 130 break; 131 case CONFIG_WRITE: 132 privSet.add(Privilege.CONFIG_WRITE); 133 break; 134 case JMX_READ: 135 privSet.add(Privilege.JMX_READ); 136 break; 137 case JMX_WRITE: 138 privSet.add(Privilege.JMX_WRITE); 139 break; 140 case JMX_NOTIFY: 141 privSet.add(Privilege.JMX_NOTIFY); 142 break; 143 case LDIF_IMPORT: 144 privSet.add(Privilege.LDIF_IMPORT); 145 break; 146 case LDIF_EXPORT: 147 privSet.add(Privilege.LDIF_EXPORT); 148 break; 149 case BACKEND_BACKUP: 150 privSet.add(Privilege.BACKEND_BACKUP); 151 break; 152 case BACKEND_RESTORE: 153 privSet.add(Privilege.BACKEND_RESTORE); 154 break; 155 case SERVER_SHUTDOWN: 156 privSet.add(Privilege.SERVER_SHUTDOWN); 157 break; 158 case SERVER_RESTART: 159 privSet.add(Privilege.SERVER_RESTART); 160 break; 161 case PROXIED_AUTH: 162 privSet.add(Privilege.PROXIED_AUTH); 163 break; 164 case DISCONNECT_CLIENT: 165 privSet.add(Privilege.DISCONNECT_CLIENT); 166 break; 167 case CANCEL_REQUEST: 168 privSet.add(Privilege.CANCEL_REQUEST); 169 break; 170 case PASSWORD_RESET: 171 privSet.add(Privilege.PASSWORD_RESET); 172 break; 173 case DATA_SYNC: 174 privSet.add(Privilege.DATA_SYNC); 175 break; 176 case UPDATE_SCHEMA: 177 privSet.add(Privilege.UPDATE_SCHEMA); 178 break; 179 case PRIVILEGE_CHANGE: 180 privSet.add(Privilege.PRIVILEGE_CHANGE); 181 break; 182 case UNINDEXED_SEARCH: 183 privSet.add(Privilege.UNINDEXED_SEARCH); 184 break; 185 } 186 } 187 188 defaultRootPrivileges = privSet; 189 } 190 } 191