You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by sm...@apache.org on 2021/04/06 00:55:36 UTC
[directory-fortress-core] branch relax created (now 9dffb9c)
This is an automated email from the ASF dual-hosted git repository.
smckinney pushed a change to branch relax
in repository https://gitbox.apache.org/repos/asf/directory-fortress-core.git.
at 9dffb9c FC-291 - Support Relax Control
This branch includes the following new commits:
new 9dffb9c FC-291 - Support Relax Control
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[directory-fortress-core] 01/01: FC-291 - Support Relax Control
Posted by sm...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
smckinney pushed a commit to branch relax
in repository https://gitbox.apache.org/repos/asf/directory-fortress-core.git
commit 9dffb9cc0929760aaddb87cc4d3f02c88cea8a40
Author: Shawn McKinney <sm...@symas.com>
AuthorDate: Mon Apr 5 19:55:31 2021 -0500
FC-291 - Support Relax Control
---
.../directory/fortress/core/impl/UserDAO.java | 18 ++++--
.../fortress/core/ldap/LdapDataProvider.java | 72 ++++++++++++++++------
.../directory/fortress/core/ldap/RelaxControl.java | 35 +++++++++++
.../fortress/core/ldap/RelaxControlDecorator.java | 31 ++++++++++
.../fortress/core/ldap/RelaxControlImpl.java | 39 ++++++++++++
5 files changed, 170 insertions(+), 25 deletions(-)
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java b/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java
index 9d70437..4861946 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java
@@ -52,6 +52,10 @@ import org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException;
import org.apache.directory.api.ldap.model.message.BindResponse;
import org.apache.directory.api.ldap.model.message.ResultCodeEnum;
import org.apache.directory.api.ldap.model.message.SearchScope;
+import org.apache.directory.api.ldap.model.message.controls.ManageDsaIT;
+import org.apache.directory.api.ldap.model.message.controls.ManageDsaITImpl;
+import org.apache.directory.api.ldap.model.message.controls.ProxiedAuthz;
+import org.apache.directory.api.ldap.model.message.controls.ProxiedAuthzImpl;
import org.apache.directory.fortress.core.CfgException;
import org.apache.directory.fortress.core.CreateException;
import org.apache.directory.fortress.core.FinderException;
@@ -235,7 +239,7 @@ final class UserDAO extends LdapDataProvider implements PropUpdater
User create( User entity ) throws CreateException
{
LdapConnection ld = null;
-
+ boolean setRelaxedControl = false;
try
{
entity.setInternalId();
@@ -301,6 +305,7 @@ final class UserDAO extends LdapDataProvider implements PropUpdater
if ( ( Config.getInstance().isOpenldap() || Config.getInstance().isApacheds() ) && StringUtils.isNotEmpty( entity.getPwPolicy() ) )
{
myEntry.add( OPENLDAP_POLICY_SUBENTRY, PolicyDAO.getPolicyDn( entity ) );
+ setRelaxedControl = true;
}
if ( StringUtils.isNotEmpty( entity.getOu() ) )
@@ -347,7 +352,7 @@ final class UserDAO extends LdapDataProvider implements PropUpdater
}
ld = getAdminConnection();
- add( ld, myEntry, entity );
+ add( ld, myEntry, entity, setRelaxedControl );
entity.setDn( dn );
}
catch ( LdapEntryAlreadyExistsException e )
@@ -378,7 +383,7 @@ final class UserDAO extends LdapDataProvider implements PropUpdater
{
LdapConnection ld = null;
String userDn = getDn( entity.getUserId(), entity.getContextId() );
-
+ boolean setRelaxedControl = false;
try
{
List<Modification> mods = new ArrayList<Modification>();
@@ -430,6 +435,7 @@ final class UserDAO extends LdapDataProvider implements PropUpdater
{
mods.add( new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE, OPENLDAP_POLICY_SUBENTRY,
PolicyDAO.getPolicyDn( entity ) ) );
+ setRelaxedControl = true;
}
if ( entity.isSystem() != null )
@@ -495,7 +501,7 @@ final class UserDAO extends LdapDataProvider implements PropUpdater
if ( mods.size() > 0 )
{
ld = getAdminConnection();
- modify( ld, userDn, mods, entity );
+ modify( ld, userDn, mods, entity, setRelaxedControl );
entity.setDn( userDn );
}
@@ -602,7 +608,7 @@ final class UserDAO extends LdapDataProvider implements PropUpdater
mods.add( new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE, OPENLDAP_PW_LOCKED_TIME,
LOCK_VALUE ) );
ld = getAdminConnection();
- modify( ld, userDn, mods, user );
+ modify( ld, userDn, mods, user, true );
}
catch ( LdapException e )
{
@@ -630,7 +636,7 @@ final class UserDAO extends LdapDataProvider implements PropUpdater
List<Modification> mods = new ArrayList<Modification>();
mods.add( new DefaultModification( ModificationOperation.REMOVE_ATTRIBUTE, OPENLDAP_PW_LOCKED_TIME ) );
ld = getAdminConnection();
- modify( ld, userDn, mods, user );
+ modify( ld, userDn, mods, user, true );
}
catch ( LdapNoSuchAttributeException e )
{
diff --git a/src/main/java/org/apache/directory/fortress/core/ldap/LdapDataProvider.java b/src/main/java/org/apache/directory/fortress/core/ldap/LdapDataProvider.java
index 1c0cf42..887a7a9 100644
--- a/src/main/java/org/apache/directory/fortress/core/ldap/LdapDataProvider.java
+++ b/src/main/java/org/apache/directory/fortress/core/ldap/LdapDataProvider.java
@@ -47,18 +47,7 @@ import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException;
import org.apache.directory.api.ldap.model.exception.LdapInvalidDnException;
import org.apache.directory.api.ldap.model.exception.LdapOperationErrorException;
-import org.apache.directory.api.ldap.model.message.BindRequest;
-import org.apache.directory.api.ldap.model.message.BindRequestImpl;
-import org.apache.directory.api.ldap.model.message.BindResponse;
-import org.apache.directory.api.ldap.model.message.CompareRequest;
-import org.apache.directory.api.ldap.model.message.CompareRequestImpl;
-import org.apache.directory.api.ldap.model.message.CompareResponse;
-import org.apache.directory.api.ldap.model.message.Control;
-import org.apache.directory.api.ldap.model.message.Response;
-import org.apache.directory.api.ldap.model.message.ResultCodeEnum;
-import org.apache.directory.api.ldap.model.message.SearchRequest;
-import org.apache.directory.api.ldap.model.message.SearchRequestImpl;
-import org.apache.directory.api.ldap.model.message.SearchScope;
+import org.apache.directory.api.ldap.model.message.*;
import org.apache.directory.api.ldap.model.message.controls.ProxiedAuthz;
import org.apache.directory.api.ldap.model.message.controls.ProxiedAuthzImpl;
import org.apache.directory.api.ldap.model.name.Dn;
@@ -230,6 +219,21 @@ public abstract class LdapDataProvider
*/
protected void add( LdapConnection connection, Entry entry, FortEntity entity ) throws LdapException
{
+ add( connection, entry, entity, false );
+ }
+
+
+ /**
+ * Add a new ldap entry to the directory. Add audit context.
+ *
+ * @param connection handle to ldap connection.
+ * @param entry contains data to add..
+ * @param entity contains audit context.
+ * @param setRelaxedControl when true adds managed dsa control to request
+ * @throws LdapException in the event system error occurs.
+ */
+ protected void add( LdapConnection connection, Entry entry, FortEntity entity, boolean setRelaxedControl ) throws LdapException
+ {
COUNTERS.incrementAdd();
if ( !Config.getInstance().isAuditDisabled() && ( entity != null ) && ( entity.getAdminSession() != null ) )
@@ -249,8 +253,13 @@ public abstract class LdapDataProvider
entry.add( GlobalIds.FT_MODIFIER_ID, entity.getModId() );
}
}
-
- connection.add( entry );
+ AddRequest addRequest = new AddRequestImpl();
+ addRequest.setEntry( entry );
+ if ( setRelaxedControl )
+ {
+ addRequest.addControl( new RelaxControlImpl() );
+ }
+ AddResponse response = connection.add( addRequest );
}
@@ -297,10 +306,36 @@ public abstract class LdapDataProvider
protected void modify( LdapConnection connection, String dn, List<Modification> mods,
FortEntity entity ) throws LdapException
{
+ modify( connection, dn, mods, entity, false );
+ }
+
+
+ /**
+ * Update exiting ldap entry to the directory. Add audit context.
+ *
+ * @param connection handle to ldap connection.
+ * @param dn contains distinguished node of entry.
+ * @param mods contains data to modify.
+ * @param entity contains audit context.
+ * @param setRelaxedControl when true adds managed dsa control to request
+ * @throws LdapException in the event system error occurs.
+ */
+ protected void modify( LdapConnection connection, String dn, List<Modification> mods,
+ FortEntity entity, boolean setRelaxedControl ) throws LdapException
+ {
COUNTERS.incrementMod();
audit( mods, entity );
- connection.modify( dn, mods.toArray( new Modification[]
- {} ) );
+ ModifyRequest modRequest = new ModifyRequestImpl();
+ for( Modification mod : mods )
+ {
+ modRequest.addModification( mod );
+ }
+ if ( setRelaxedControl )
+ {
+ modRequest.addControl( new RelaxControlImpl() );
+ }
+ modRequest.setName( new Dn( dn ) );
+ ModifyResponse response = connection.modify( modRequest );
}
@@ -318,8 +353,7 @@ public abstract class LdapDataProvider
{
COUNTERS.incrementMod();
audit( mods, entity );
- connection.modify( dn, mods.toArray( new Modification[]
- {} ) );
+ connection.modify( dn, mods.toArray( new Modification[] {} ) );
}
@@ -1337,4 +1371,4 @@ public abstract class LdapDataProvider
LdapConnectionProvider.closeAllConnectionPools();
}
-}
\ No newline at end of file
+}
diff --git a/src/main/java/org/apache/directory/fortress/core/ldap/RelaxControl.java b/src/main/java/org/apache/directory/fortress/core/ldap/RelaxControl.java
new file mode 100644
index 0000000..96f33dc
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/ldap/RelaxControl.java
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.core.ldap;
+
+
+import org.apache.directory.api.ldap.model.message.Control;
+
+/**
+ * The LDAP Relax Rules Control. It's defined in https://tools.ietf.org/html/draft-zeilenga-ldap-relax-03.
+ * This control is sent with every update of pwdPolicySubEntry on user.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public interface RelaxControl extends Control
+{
+ /** The LDAP Relax Rules Control OID */
+ String OID = "1.3.6.1.4.1.4203.666.5.12";
+}
diff --git a/src/main/java/org/apache/directory/fortress/core/ldap/RelaxControlDecorator.java b/src/main/java/org/apache/directory/fortress/core/ldap/RelaxControlDecorator.java
new file mode 100644
index 0000000..565cbc8
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/ldap/RelaxControlDecorator.java
@@ -0,0 +1,31 @@
+package org.apache.directory.fortress.core.ldap;
+
+
+import org.apache.directory.api.asn1.Asn1Object;
+import org.apache.directory.api.asn1.DecoderException;
+import org.apache.directory.api.asn1.EncoderException;
+import org.apache.directory.api.ldap.codec.api.ControlDecorator;
+import org.apache.directory.api.ldap.codec.api.LdapApiService;
+
+import java.nio.ByteBuffer;
+
+
+public class RelaxControlDecorator extends ControlDecorator<RelaxControl> implements RelaxControl
+{
+ public RelaxControlDecorator(LdapApiService codec, RelaxControl control) {
+ super(codec, control);
+ }
+ public int computeLength() {
+ return 0;
+ }
+
+ public Asn1Object decode(byte[] controlBytes) throws DecoderException
+ {
+ return this;
+ }
+
+ public ByteBuffer encode(ByteBuffer buffer) throws EncoderException
+ {
+ return buffer;
+ }
+}
diff --git a/src/main/java/org/apache/directory/fortress/core/ldap/RelaxControlImpl.java b/src/main/java/org/apache/directory/fortress/core/ldap/RelaxControlImpl.java
new file mode 100644
index 0000000..5e5f926
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/ldap/RelaxControlImpl.java
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.fortress.core.ldap;
+
+import org.apache.directory.api.ldap.model.message.controls.AbstractControl;
+
+/**
+ * The LDAP Relax Rules Control. It's defined in https://tools.ietf.org/html/draft-zeilenga-ldap-relax-03.
+ * This control is sent with every update of pwdPolicySubEntry on user.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class RelaxControlImpl extends AbstractControl implements RelaxControl {
+ public RelaxControlImpl() {
+ super("1.3.6.1.4.1.4203.666.5.12");
+ }
+
+ public RelaxControlImpl(boolean isCritical) {
+ super("1.3.6.1.4.1.4203.666.5.12");
+ this.setCritical(isCritical);
+ }
+}