static void init() {
TargetType.account.setInheritedByTargetTypes(new TargetType[] {TargetType.account});
TargetType.calresource.setInheritedByTargetTypes(
new TargetType[] {TargetType.account, TargetType.calresource});
TargetType.dl.setInheritedByTargetTypes(
new TargetType[] {TargetType.account, TargetType.calresource, TargetType.dl});
TargetType.domain.setInheritedByTargetTypes(
new TargetType[] {
TargetType.account, TargetType.calresource, TargetType.dl, TargetType.domain
});
TargetType.cos.setInheritedByTargetTypes(new TargetType[] {TargetType.cos});
TargetType.server.setInheritedByTargetTypes(new TargetType[] {TargetType.server});
TargetType.xmppcomponent.setInheritedByTargetTypes(new TargetType[] {TargetType.xmppcomponent});
TargetType.zimlet.setInheritedByTargetTypes(new TargetType[] {TargetType.zimlet});
TargetType.config.setInheritedByTargetTypes(new TargetType[] {TargetType.config});
TargetType.global.setInheritedByTargetTypes(
new TargetType[] {
TargetType.account,
TargetType.calresource,
TargetType.cos,
TargetType.dl,
domain,
server,
xmppcomponent,
zimlet,
config,
global
}); // inherited by all
// compute mInheritFromTargetTypes and mInheritedByOtherTargetTypes
// from mInheritedByTargetTypes
for (TargetType inheritFrom : TargetType.values()) {
inheritFrom.mInheritFromTargetTypes = new HashSet<TargetType>();
inheritFrom.mSubTargetTypes = new HashSet<TargetType>();
for (TargetType inheritedBy : TargetType.values()) {
if (inheritedBy.mInheritedByTargetTypes.contains(inheritFrom))
inheritFrom.mInheritFromTargetTypes.add(inheritedBy);
}
for (TargetType tt : inheritFrom.mInheritedByTargetTypes) {
// add this ugly check, see comments for mSubTargetTypes above
if (inheritFrom == TargetType.calresource) {
if (inheritFrom != tt && tt != TargetType.account) inheritFrom.mSubTargetTypes.add(tt);
} else {
if (inheritFrom != tt) inheritFrom.mSubTargetTypes.add(tt);
}
}
}
for (TargetType tt : TargetType.values()) {
tt.mInheritedByTargetTypes = Collections.unmodifiableSet(tt.mInheritedByTargetTypes);
tt.mInheritFromTargetTypes = Collections.unmodifiableSet(tt.mInheritFromTargetTypes);
tt.mSubTargetTypes = Collections.unmodifiableSet(tt.mSubTargetTypes);
}
}
Entry getTargetEntry(Provisioning prov, Element eTarget, TargetType targetType)
throws ServiceException {
TargetBy targetBy = TargetBy.fromString(eTarget.getAttribute(AdminConstants.A_BY));
String target = eTarget.getText();
return TargetType.lookupTarget(prov, targetType, targetBy, target);
}
private void upgradeZimbraContactHiddenAttributes(Entry entry) throws ServiceException {
final String attrName = Provisioning.A_zimbraContactHiddenAttributes;
final String SMIMECertificate = "SMIMECertificate";
String curValue = entry.getAttr(attrName, false);
if (curValue == null || !curValue.contains(SMIMECertificate)) {
return;
}
String[] hiddenAttrs = curValue.split(",");
StringBuilder sb = new StringBuilder();
boolean first = true;
for (String hiddenAttr : hiddenAttrs) {
if (!hiddenAttr.equals(SMIMECertificate)) {
if (!first) {
sb.append(",");
} else {
first = false;
}
sb.append(hiddenAttr);
}
}
printer.println(
"Upgrading " + TargetType.getTargetType(entry).getPrettyName() + " " + entry.getLabel());
printer.println(" Current value of " + attrName + ": " + curValue);
printer.println(" New value of " + attrName + ": " + sb.toString());
Map<String, Object> attrs = new HashMap<String, Object>();
attrs.put(attrName, sb.toString());
modifyAttrs(entry, attrs);
}
public static TargetType fromCode(String s) throws ServiceException {
try {
return TargetType.valueOf(s);
} catch (IllegalArgumentException e) {
throw ServiceException.INVALID_REQUEST("unknown target type: " + s, e);
}
}
/**
* central place where a target should be loaded
*
* @param prov
* @param targetType
* @param targetBy
* @param target
* @return
* @throws ServiceException
*/
static Entry lookupTarget(
Provisioning prov, TargetType targetType, TargetBy targetBy, String target, boolean mustFind)
throws ServiceException {
Entry targetEntry = null;
switch (targetType) {
case account:
targetEntry = prov.get(AccountBy.fromString(targetBy.name()), target);
if (targetEntry == null && mustFind) throw AccountServiceException.NO_SUCH_ACCOUNT(target);
break;
case calresource:
targetEntry = prov.get(CalendarResourceBy.fromString(targetBy.name()), target);
if (targetEntry == null && mustFind)
throw AccountServiceException.NO_SUCH_CALENDAR_RESOURCE(target);
break;
case dl:
targetEntry = prov.getAclGroup(DistributionListBy.fromString(targetBy.name()), target);
if (targetEntry == null && mustFind)
throw AccountServiceException.NO_SUCH_DISTRIBUTION_LIST(target);
break;
case domain:
targetEntry = prov.get(DomainBy.fromString(targetBy.name()), target);
if (targetEntry == null && mustFind) throw AccountServiceException.NO_SUCH_DOMAIN(target);
break;
case cos:
targetEntry = prov.get(CosBy.fromString(targetBy.name()), target);
if (targetEntry == null && mustFind) throw AccountServiceException.NO_SUCH_COS(target);
break;
case server:
targetEntry = prov.get(ServerBy.fromString(targetBy.name()), target);
if (targetEntry == null && mustFind) throw AccountServiceException.NO_SUCH_SERVER(target);
break;
case xmppcomponent:
targetEntry = prov.get(XMPPComponentBy.fromString(targetBy.name()), target);
if (targetEntry == null && mustFind)
throw AccountServiceException.NO_SUCH_XMPP_COMPONENT(target);
break;
case zimlet:
ZimletBy zimletBy = ZimletBy.fromString(targetBy.name());
if (zimletBy != ZimletBy.name)
throw ServiceException.INVALID_REQUEST("zimlet must be by name", null);
targetEntry = prov.getZimlet(target);
if (targetEntry == null && mustFind) throw AccountServiceException.NO_SUCH_ZIMLET(target);
break;
case config:
targetEntry = prov.getConfig();
break;
case global:
targetEntry = prov.getGlobalGrant();
break;
default:
ServiceException.INVALID_REQUEST(
"invallid target type for lookupTarget:" + targetType.toString(), null);
}
return targetEntry;
}
/* * This method is called for searching for negative grants granted on a * "sub-target" of a target on which we are granting a right. If the * granting account has any negative grants for a right that is a * "sub-right" of the right he is trying to grant to someone else, * and this negative grant is on a "sub-target" of the target he is * trying to grant on, then sorry, it is not allowed. Because otherwise * the person receiving the grant can end up getting "more" rights * than the granting person. * * e.g. on domain D.com, adminA +domainAdminRights * on dl [email protected], adminA -setPassword * * When adminA tries to grant domainAdminRights to adminB on * domain D.com, it should not be allowed; otherwise adminB * can setPassword for accounts in [email protected], but adminA cannot. * * The targetTypes parameter contains a set of target types that are * "sub-target" of the target type on which we are trying to grant. * * SO, for the search base: * - for domain-ed targets, dls must be under the domain, but accounts * in dls can be in any domain, so the search base is the mail branch base. * - for non domain-ed targets, the search base is the base DN for the type * * we go through all wanted target types, find the least common base */ static Map<String, Set<String>> getSearchBasesAndOCs( Provisioning prov, Set<TargetType> targetTypes) throws ServiceException { // sanity check, is really an internal error if targetTypes is empty if (targetTypes.isEmpty()) return null; Map<String, Set<String>> tempResult = new HashMap<String, Set<String>>(); for (TargetType tt : targetTypes) { String base = getSearchBase(prov, tt); String oc = tt.getAttributeClass().getOCName(); Set<String> ocs = tempResult.get(base); if (ocs == null) ocs = new HashSet<String>(); ocs.add(oc); tempResult.put(base, ocs); } // optimize LdapDIT dit = ((LdapProvisioning) prov).getDIT(); String configBranchBase = dit.configBranchBaseDN(); Set<String> mailBranchOCs = new HashSet<String>(); Set<String> configBranchOCs = new HashSet<String>(); String leastCommonBaseInMailBranch = null; String leastCommonBaseInConfigBranch = null; for (Map.Entry<String, Set<String>> entry : tempResult.entrySet()) { String base = entry.getKey(); Set<String> ocs = entry.getValue(); boolean inConfigBranch = base.endsWith(configBranchBase); if (inConfigBranch) { configBranchOCs.addAll(ocs); if (leastCommonBaseInConfigBranch == null) leastCommonBaseInConfigBranch = base; else leastCommonBaseInConfigBranch = getCommonBase(base, leastCommonBaseInConfigBranch); } else { mailBranchOCs.addAll(ocs); if (leastCommonBaseInMailBranch == null) leastCommonBaseInMailBranch = base; else leastCommonBaseInMailBranch = getCommonBase(base, leastCommonBaseInMailBranch); } } Map<String, Set<String>> result = new HashMap<String, Set<String>>(); // if zimbra default DIT and both mail branch and config branch are needed, merge the two if (LdapDIT.isZimbraDefault(dit)) { if (leastCommonBaseInMailBranch != null && leastCommonBaseInConfigBranch != null) { // merge the two String commonBase = getCommonBase(leastCommonBaseInMailBranch, leastCommonBaseInConfigBranch); Set<String> allOCs = SetUtil.union(mailBranchOCs, configBranchOCs); result.put(commonBase, allOCs); return result; } } // bug 48272, do two searches, one based at the mail branch, one based on the config branch. if (leastCommonBaseInMailBranch != null) result.put(leastCommonBaseInMailBranch, mailBranchOCs); if (leastCommonBaseInConfigBranch != null) result.put(leastCommonBaseInConfigBranch, configBranchOCs); return result; }
static AttributeClass getAttributeClass(Entry target) throws ServiceException {
return TargetType.getTargetType(target).getAttributeClass();
}
static Set<String> getAttrsInClass(Entry target) throws ServiceException {
AttributeClass klass = TargetType.getAttributeClass(target);
return AttributeManager.getInstance().getAllAttrsInClass(klass);
}
public static boolean canBeInheritedFrom(Entry target) throws ServiceException {
TargetType targetType = TargetType.getTargetType(target);
return !targetType.subTargetTypes().isEmpty();
}
