/** {@inheritDoc} */
public ConfigChangeResult applyConfigurationAdd(LogRotationPolicyCfg config) {
// Default result code.
ResultCode resultCode = ResultCode.SUCCESS;
boolean adminActionRequired = false;
ArrayList<Message> messages = new ArrayList<Message>();
try {
RotationPolicy rotationPolicy = getRotationPolicy(config);
DirectoryServer.registerRotationPolicy(config.dn(), rotationPolicy);
} catch (ConfigException e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
messages.add(e.getMessageObject());
resultCode = DirectoryServer.getServerErrorResultCode();
} catch (Exception e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
messages.add(
ERR_CONFIG_ROTATION_POLICY_CANNOT_CREATE_POLICY.get(
String.valueOf(config.dn().toString()), stackTraceToSingleLineString(e)));
resultCode = DirectoryServer.getServerErrorResultCode();
}
return new ConfigChangeResult(resultCode, adminActionRequired, messages);
}
/**
* Generates an entry for a backup directory based on the provided DN. The DN must contain an RDN
* component that specifies the path to the backup directory, and that directory must exist and be
* a valid backup directory.
*
* @param entryDN The DN of the backup directory entry to retrieve.
* @return The requested backup directory entry.
* @throws DirectoryException If the specified directory does not exist or is not a valid backup
* directory, or if the DN does not specify any backup directory.
*/
private Entry getBackupDirectoryEntry(DN entryDN) throws DirectoryException {
// Make sure that the DN specifies a backup directory.
AttributeType t = DirectoryServer.getAttributeType(ATTR_BACKUP_DIRECTORY_PATH, true);
AttributeValue v = entryDN.getRDN().getAttributeValue(t);
if (v == null) {
Message message = ERR_BACKUP_DN_DOES_NOT_SPECIFY_DIRECTORY.get(String.valueOf(entryDN));
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message, backupBaseDN, null);
}
// Get a handle to the backup directory and the information that it
// contains.
BackupDirectory backupDirectory;
try {
backupDirectory = BackupDirectory.readBackupDirectoryDescriptor(v.getValue().toString());
} catch (ConfigException ce) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, ce);
}
Message message =
ERR_BACKUP_INVALID_BACKUP_DIRECTORY.get(String.valueOf(entryDN), ce.getMessage());
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message);
} catch (Exception e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
Message message = ERR_BACKUP_ERROR_GETTING_BACKUP_DIRECTORY.get(getExceptionMessage(e));
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message);
}
// Construct the backup directory entry to return.
LinkedHashMap<ObjectClass, String> ocMap = new LinkedHashMap<ObjectClass, String>(2);
ocMap.put(DirectoryServer.getTopObjectClass(), OC_TOP);
ObjectClass backupDirOC = DirectoryServer.getObjectClass(OC_BACKUP_DIRECTORY, true);
ocMap.put(backupDirOC, OC_BACKUP_DIRECTORY);
LinkedHashMap<AttributeType, List<Attribute>> opAttrs =
new LinkedHashMap<AttributeType, List<Attribute>>(0);
LinkedHashMap<AttributeType, List<Attribute>> userAttrs =
new LinkedHashMap<AttributeType, List<Attribute>>(3);
ArrayList<Attribute> attrList = new ArrayList<Attribute>(1);
attrList.add(Attributes.create(t, v));
userAttrs.put(t, attrList);
t = DirectoryServer.getAttributeType(ATTR_BACKUP_BACKEND_DN, true);
attrList = new ArrayList<Attribute>(1);
attrList.add(
Attributes.create(
t, AttributeValues.create(t, backupDirectory.getConfigEntryDN().toString())));
userAttrs.put(t, attrList);
Entry e = new Entry(entryDN, ocMap, userAttrs, opAttrs);
e.processVirtualAttributes();
return e;
}
/**
* Closes this connection handler so that it will no longer accept new client connections. It may
* or may not disconnect existing client connections based on the provided flag.
*
* @param stopRegistry Indicates if the RMI registry should be stopped
*/
public void finalizeConnectionHandler(boolean stopRegistry) {
try {
if (jmxRmiConnectorNoClientCertificate != null) {
jmxRmiConnectorNoClientCertificate.stop();
}
if (jmxRmiConnectorClientCertificate != null) {
jmxRmiConnectorClientCertificate.stop();
}
} catch (Exception e) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
jmxRmiConnectorNoClientCertificate = null;
jmxRmiConnectorClientCertificate = null;
//
// Unregister connectors and stop them.
try {
ObjectName name = new ObjectName(jmxRmiConnectorNoClientCertificateName);
if (mbs.isRegistered(name)) {
mbs.unregisterMBean(name);
}
if (jmxRmiConnectorNoClientCertificate != null) {
jmxRmiConnectorNoClientCertificate.stop();
}
// TODO: unregister the connector with SSL client authen
// name = new ObjectName(jmxRmiConnectorClientCertificateName);
// if (mbs.isRegistered(name))
// {
// mbs.unregisterMBean(name);
// }
// jmxRmiConnectorClientCertificate.stop() ;
} catch (Exception e) {
// TODO Log an error message
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
}
if (stopRegistry) {
//
// Close the socket
try {
if (rmiSsf != null) rmiSsf.close();
} catch (IOException e) {
// TODO Log an error message
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
}
registry = null;
}
}
/** {@inheritDoc} */
@Override()
public void finalizeBackend() {
// Deregister as a change listener.
cfg.removeLocalDBChangeListener(this);
// Deregister our base DNs.
for (DN dn : rootContainer.getBaseDNs()) {
try {
DirectoryServer.deregisterBaseDN(dn);
} catch (Exception e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
}
}
DirectoryServer.deregisterMonitorProvider(rootContainerMonitor);
DirectoryServer.deregisterMonitorProvider(diskMonitor);
// We presume the server will prevent more operations coming into this
// backend, but there may be existing operations already in the
// backend. We need to wait for them to finish.
waitUntilQuiescent();
// Close the database.
try {
rootContainer.close();
rootContainer = null;
} catch (DatabaseException e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
Message message = ERR_JEB_DATABASE_EXCEPTION.get(e.getMessage());
logError(message);
}
// Checksum this db environment and register its offline state id/checksum.
DirectoryServer.registerOfflineBackendStateID(this.getBackendID(), checksumDbEnv());
// Deregister the alert generator.
DirectoryServer.deregisterAlertGenerator(this);
// Make sure the thread counts are zero for next initialization.
threadTotalCount.set(0);
threadWriteCount.set(0);
// Log an informational message.
Message message = NOTE_BACKEND_OFFLINE.get(cfg.getBackendId());
logError(message);
}
/**
* Verify the integrity of the backend instance.
*
* @param verifyConfig The verify configuration.
* @param statEntry Optional entry to save stats into.
* @return The error count.
* @throws ConfigException If an unrecoverable problem arises during initialization.
* @throws InitializationException If a problem occurs during initialization that is not related
* to the server configuration.
* @throws DirectoryException If a Directory Server error occurs.
*/
public long verifyBackend(VerifyConfig verifyConfig, Entry statEntry)
throws InitializationException, ConfigException, DirectoryException {
// If the backend already has the root container open, we must use the same
// underlying root container
boolean openRootContainer = rootContainer == null;
long errorCount = 0;
try {
if (openRootContainer) {
EnvironmentConfig envConfig = ConfigurableEnvironment.parseConfigEntry(cfg);
envConfig.setReadOnly(true);
envConfig.setAllowCreate(false);
envConfig.setTransactional(false);
envConfig.setConfigParam("je.env.isLocking", "true");
envConfig.setConfigParam("je.env.runCheckpointer", "true");
rootContainer = initializeRootContainer(envConfig);
}
VerifyJob verifyJob = new VerifyJob(verifyConfig);
errorCount = verifyJob.verifyBackend(rootContainer, statEntry);
} catch (DatabaseException e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
throw createDirectoryException(e);
} catch (JebException e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
throw new DirectoryException(
DirectoryServer.getServerErrorResultCode(), e.getMessageObject());
} finally {
// If a root container was opened in this method as read only, close it
// to leave the backend in the same state.
if (openRootContainer && rootContainer != null) {
try {
rootContainer.close();
rootContainer = null;
} catch (DatabaseException e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
}
}
}
return errorCount;
}
/** {@inheritDoc} */
@Override()
public void search(SearchOperation searchOperation)
throws DirectoryException, CanceledOperationException {
readerBegin();
EntryContainer ec;
if (rootContainer != null) {
ec = rootContainer.getEntryContainer(searchOperation.getBaseDN());
} else {
Message message = ERR_ROOT_CONTAINER_NOT_INITIALIZED.get(getBackendID());
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message);
}
ec.sharedLock.lock();
try {
ec.search(searchOperation);
} catch (DatabaseException e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
throw createDirectoryException(e);
} finally {
ec.sharedLock.unlock();
readerEnd();
}
}
/** Activates the RMI Connectors. It starts the secure connectors. */
public void initialize() {
try {
//
// start the common registry
startCommonRegistry();
//
// start the RMI connector (SSL + server authentication)
startConnectorNoClientCertificate();
//
// start the RMI connector (SSL + server authentication +
// client authentication + identity given part SASL/PLAIN)
// TODO startConnectorClientCertificate(clientConnection);
} catch (Exception e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
throw new RuntimeException("Error while starting the RMI module : " + e.getMessage());
}
if (debugEnabled()) {
TRACER.debugVerbose("RMI module started");
}
}
/** {@inheritDoc} */
@Override()
public void replaceEntry(Entry oldEntry, Entry newEntry, ModifyOperation modifyOperation)
throws DirectoryException, CanceledOperationException {
checkDiskSpace(modifyOperation);
writerBegin();
DN entryDN = newEntry.getDN();
EntryContainer ec;
if (rootContainer != null) {
ec = rootContainer.getEntryContainer(entryDN);
} else {
Message message = ERR_ROOT_CONTAINER_NOT_INITIALIZED.get(getBackendID());
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message);
}
ec.sharedLock.lock();
try {
ec.replaceEntry(oldEntry, newEntry, modifyOperation);
} catch (DatabaseException e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
throw createDirectoryException(e);
} finally {
ec.sharedLock.unlock();
writerEnd();
}
}
/** {@inheritDoc} */
@Override()
public long numSubordinates(DN entryDN, boolean subtree) throws DirectoryException {
EntryContainer ec;
if (rootContainer != null) {
ec = rootContainer.getEntryContainer(entryDN);
} else {
Message message = ERR_ROOT_CONTAINER_NOT_INITIALIZED.get(getBackendID());
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message);
}
if (ec == null) {
return -1;
}
readerBegin();
ec.sharedLock.lock();
try {
long count = ec.getNumSubordinates(entryDN, subtree);
if (count == Long.MAX_VALUE) {
// The index entry limit has exceeded and there is no count maintained.
return -1;
}
return count;
} catch (DatabaseException e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
throw createDirectoryException(e);
} finally {
ec.sharedLock.unlock();
readerEnd();
}
}
/** {@inheritDoc} */
@Override()
public Entry getEntry(DN entryDN) throws DirectoryException {
readerBegin();
EntryContainer ec;
if (rootContainer != null) {
ec = rootContainer.getEntryContainer(entryDN);
} else {
Message message = ERR_ROOT_CONTAINER_NOT_INITIALIZED.get(getBackendID());
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message);
}
ec.sharedLock.lock();
Entry entry;
try {
entry = ec.getEntry(entryDN);
} catch (DatabaseException e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
throw createDirectoryException(e);
} finally {
ec.sharedLock.unlock();
readerEnd();
}
return entry;
}
/** {@inheritDoc} */
@Override()
public DynamicGroup newInstance(Entry groupEntry) throws DirectoryException {
ensureNotNull(groupEntry);
// Get the memberURL attribute from the entry, if there is one, and parse
// out the LDAP URLs that it contains.
LinkedHashSet<LDAPURL> memberURLs = new LinkedHashSet<LDAPURL>();
AttributeType memberURLType = DirectoryConfig.getAttributeType(ATTR_MEMBER_URL_LC, true);
List<Attribute> attrList = groupEntry.getAttribute(memberURLType);
if (attrList != null) {
for (Attribute a : attrList) {
for (AttributeValue v : a) {
try {
memberURLs.add(LDAPURL.decode(v.getValue().toString(), true));
} catch (DirectoryException de) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, de);
}
Message message =
ERR_DYNAMICGROUP_CANNOT_DECODE_MEMBERURL.get(
v.getValue().toString(),
String.valueOf(groupEntry.getDN()),
de.getMessageObject());
ErrorLogger.logError(message);
}
}
}
}
return new DynamicGroup(groupEntry.getDN(), memberURLs);
}
/**
* This method will attempt to checksum the current JE db environment by computing the Adler-32
* checksum on the latest JE log file available.
*
* @return The checksum of JE db environment or zero if checksum failed.
*/
private long checksumDbEnv() {
File parentDirectory = getFileForPath(cfg.getDBDirectory());
File backendDirectory = new File(parentDirectory, cfg.getBackendId());
List<File> jdbFiles = new ArrayList<File>();
if (backendDirectory.isDirectory()) {
jdbFiles =
Arrays.asList(
backendDirectory.listFiles(
new FilenameFilter() {
public boolean accept(File dir, String name) {
return name.endsWith(".jdb");
}
}));
}
if (!jdbFiles.isEmpty()) {
Collections.sort(jdbFiles, Collections.reverseOrder());
FileInputStream fis = null;
try {
fis = new FileInputStream(jdbFiles.get(0).toString());
CheckedInputStream cis = new CheckedInputStream(fis, new Adler32());
byte[] tempBuf = new byte[8192];
while (cis.read(tempBuf) >= 0) {}
return cis.getChecksum().getValue();
} catch (Exception e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
} finally {
if (fis != null) {
try {
fis.close();
} catch (Exception e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
}
}
}
}
return 0;
}
/**
* Getter for the serviceID field.
*
* @return The service ID.
*/
public String getServiceID() {
try {
return this.draftCNDbCursor.currentServiceID();
} catch (Exception e) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
return null;
}
}
/**
* Getter for the replication change number field.
*
* @return The replication change number field.
*/
public ChangeNumber getChangeNumber() {
try {
ChangeNumber cn = this.draftCNDbCursor.currentChangeNumber();
return cn;
} catch (Exception e) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
return null;
}
}
/**
* Process all ACIs under the "cn=config" naming context and adds them to the ACI list cache. It
* also logs messages about the number of ACIs added to the cache. This method is called once at
* startup. It will put the server in lockdown mode if needed.
*
* @throws InitializationException If there is an error searching for the ACIs in the naming
* context.
*/
private void processConfigAcis() throws InitializationException {
LinkedHashSet<String> requestAttrs = new LinkedHashSet<String>(1);
requestAttrs.add("aci");
LinkedList<Message> failedACIMsgs = new LinkedList<Message>();
InternalClientConnection conn = InternalClientConnection.getRootConnection();
ConfigHandler configBackend = DirectoryServer.getConfigHandler();
for (DN baseDN : configBackend.getBaseDNs()) {
try {
if (!configBackend.entryExists(baseDN)) {
continue;
}
} catch (Exception e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
// FIXME -- Is there anything that we need to do here?
continue;
}
try {
InternalSearchOperation internalSearch =
new InternalSearchOperation(
conn,
InternalClientConnection.nextOperationID(),
InternalClientConnection.nextMessageID(),
null,
baseDN,
SearchScope.WHOLE_SUBTREE,
DereferencePolicy.NEVER_DEREF_ALIASES,
0,
0,
false,
SearchFilter.createFilterFromString("aci=*"),
requestAttrs,
null);
LocalBackendSearchOperation localSearch = new LocalBackendSearchOperation(internalSearch);
configBackend.search(localSearch);
if (!internalSearch.getSearchEntries().isEmpty()) {
int validAcis = aciList.addAci(internalSearch.getSearchEntries(), failedACIMsgs);
if (!failedACIMsgs.isEmpty()) {
aciListenerMgr.logMsgsSetLockDownMode(failedACIMsgs);
}
Message message =
INFO_ACI_ADD_LIST_ACIS.get(Integer.toString(validAcis), String.valueOf(baseDN));
logError(message);
}
} catch (Exception e) {
Message message = INFO_ACI_HANDLER_FAIL_PROCESS_ACI.get();
throw new InitializationException(message, e);
}
}
}
/** Closes this LDAP reader and the underlying socket. */
public void close() {
try {
asn1Reader.close();
} catch (Exception e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
}
if (socket != null) {
try {
socket.close();
} catch (Exception e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
}
}
}
/**
* Wait until there are no more threads accessing the database. It is assumed that new threads
* have been prevented from entering the database at the time this method is called.
*/
private void waitUntilQuiescent() {
while (threadTotalCount.get() > 0) {
// Still have threads in the database so sleep a little
try {
Thread.sleep(500);
} catch (InterruptedException e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
}
}
}
/** {@inheritDoc} */
@Override
public void finalizeBackend() {
super.finalizeBackend();
currentConfig.removeBackupChangeListener(this);
try {
DirectoryServer.deregisterBaseDN(backupBaseDN);
} catch (Exception e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
}
}
/**
* Starts the common RMI registry. In order to provide RMI stub for remote client, the JMX RMI
* connector should be register into an RMI registry. Each server will maintain its own private
* one.
*
* @throws Exception if the registry cannot be started
*/
private void startCommonRegistry() throws Exception {
int registryPort = jmxConnectionHandler.getListenPort();
//
// create our local RMI registry if it does not exist already
if (debugEnabled()) {
TRACER.debugVerbose("start or reach an RMI registry on port %d", registryPort);
}
try {
//
// TODO Not yet implemented: If the host has several interfaces
if (registry == null) {
rmiSsf = new OpendsRmiServerSocketFactory();
registry = LocateRegistry.createRegistry(registryPort, null, rmiSsf);
}
} catch (RemoteException re) {
//
// is the registry already created ?
if (debugEnabled()) {
TRACER.debugWarning("cannot create the RMI registry -> already done ?");
}
try {
//
// get a 'remote' reference on the registry
Registry reg = LocateRegistry.getRegistry(registryPort);
//
// 'ping' the registry
reg.list();
registry = reg;
} catch (Exception e) {
if (debugEnabled()) {
//
// no 'valid' registry found on the specified port
TRACER.debugError("exception thrown while pinging the RMI registry");
//
// throw the original exception
TRACER.debugCaught(DebugLogLevel.ERROR, re);
}
throw re;
}
//
// here the registry is ok even though
// it was not created by this call
if (debugEnabled()) {
TRACER.debugWarning("RMI was registry already started");
}
}
}
/** {@inheritDoc} */
@Override()
public long getEntryCount() {
if (rootContainer != null) {
try {
return rootContainer.getEntryCount();
} catch (Exception e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
}
}
return -1;
}
/**
* A utility method which may be used by implementations in order to obtain the value of the
* specified attribute from the provided entry as a time in generalized time format.
*
* @param entry The entry whose attribute is to be parsed as a boolean.
* @param attributeType The attribute type whose value should be parsed as a generalized time
* value.
* @return The requested time, or -1 if it could not be determined.
* @throws DirectoryException If a problem occurs while attempting to decode the value as a
* generalized time.
*/
protected static final long getGeneralizedTime(
final Entry entry, final AttributeType attributeType) throws DirectoryException {
long timeValue = -1;
final List<Attribute> attrList = entry.getAttribute(attributeType);
if (attrList != null) {
for (final Attribute a : attrList) {
if (a.isEmpty()) {
continue;
}
final AttributeValue v = a.iterator().next();
try {
timeValue = GeneralizedTimeSyntax.decodeGeneralizedTimeValue(v.getNormalizedValue());
} catch (final Exception e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
TRACER.debugWarning(
"Unable to decode value %s for attribute %s " + "in user entry %s: %s",
v.getValue().toString(),
attributeType.getNameOrOID(),
entry.getDN().toString(),
stackTraceToSingleLineString(e));
}
final Message message =
ERR_PWPSTATE_CANNOT_DECODE_GENERALIZED_TIME.get(
v.getValue().toString(),
attributeType.getNameOrOID(),
entry.getDN().toString(),
String.valueOf(e));
throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, message, e);
}
break;
}
}
if (timeValue == -1) {
if (debugEnabled()) {
TRACER.debugInfo(
"Returning -1 because attribute %s does not " + "exist in user entry %s",
attributeType.getNameOrOID(), entry.getDN().toString());
}
}
// FIXME: else to be consistent...
return timeValue;
}
private RootContainer initializeRootContainer(EnvironmentConfig envConfig)
throws ConfigException, InitializationException {
// Open the database environment
try {
RootContainer rc = new RootContainer(this, cfg);
rc.open(envConfig);
return rc;
} catch (DatabaseException e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
Message message = ERR_JEB_OPEN_ENV_FAIL.get(e.getMessage());
throw new InitializationException(message, e);
}
}
/** {@inheritDoc} */
@Override()
public boolean hasValue(Entry entry, VirtualAttributeRule rule) {
Backend backend = DirectoryServer.getBackend(entry.getDN());
try {
ConditionResult ret = backend.hasSubordinates(entry.getDN());
return ret != null && ret != ConditionResult.UNDEFINED;
} catch (DirectoryException de) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, de);
}
return false;
}
}
/**
* Indicates whether the provided value is acceptable for use in an attribute with this syntax. If
* it is not, then the reason may be appended to the provided buffer.
*
* @param value The value for which to make the determination.
* @param invalidReason The buffer to which the invalid reason should be appended.
* @return <CODE>true</CODE> if the provided value is acceptable for use with this syntax, or
* <CODE>false</CODE> if not.
*/
@Override
public boolean valueIsAcceptable(ByteSequence value, MessageBuilder invalidReason) {
// We'll use the decodeAttributeType method to determine if the value is
// acceptable.
try {
decodeLDAPSyntax(value, DirectoryServer.getSchema(), true);
return true;
} catch (DirectoryException de) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, de);
}
invalidReason.append(de.getMessageObject());
return false;
}
}
/**
* Process all global ACI attribute types found in the configuration entry and adds them to that
* ACI list cache. It also logs messages about the number of ACI attribute types added to the
* cache. This method is called once at startup. It also will put the server into lockdown mode if
* needed.
*
* @param configuration The config handler containing the ACI configuration information.
* @throws InitializationException If there is an error reading the global ACIs from the
* configuration entry.
*/
private void processGlobalAcis(DseeCompatAccessControlHandlerCfg configuration)
throws InitializationException {
SortedSet<Aci> globalAcis = configuration.getGlobalACI();
try {
if (globalAcis != null) {
aciList.addAci(DN.nullDN(), globalAcis);
Message message = INFO_ACI_ADD_LIST_GLOBAL_ACIS.get(Integer.toString(globalAcis.size()));
logError(message);
}
} catch (Exception e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
Message message =
INFO_ACI_HANDLER_FAIL_PROCESS_GLOBAL_ACI.get(String.valueOf(configuration.dn()));
throw new InitializationException(message, e);
}
}
/** {@inheritDoc} */
@Override()
public Set<AttributeValue> getValues(Entry entry, VirtualAttributeRule rule) {
Backend backend = DirectoryServer.getBackend(entry.getDN());
try {
ConditionResult ret = backend.hasSubordinates(entry.getDN());
if (ret != null && ret != ConditionResult.UNDEFINED) {
AttributeValue value =
AttributeValues.create(
ByteString.valueOf(ret.toString()), ByteString.valueOf(ret.toString()));
return Collections.singleton(value);
}
} catch (DirectoryException de) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, de);
}
}
return Collections.emptySet();
}
/** {@inheritDoc} */
@Override()
public boolean isIndexed(AttributeType attributeType, IndexType indexType) {
try {
EntryContainer ec = rootContainer.getEntryContainer(baseDNs[0]);
AttributeIndex ai = ec.getAttributeIndex(attributeType);
if (ai == null) {
return false;
}
Set<LocalDBIndexCfgDefn.IndexType> indexTypes = ai.getConfiguration().getIndexType();
switch (indexType) {
case PRESENCE:
return indexTypes.contains(LocalDBIndexCfgDefn.IndexType.PRESENCE);
case EQUALITY:
return indexTypes.contains(LocalDBIndexCfgDefn.IndexType.EQUALITY);
case SUBSTRING:
case SUBINITIAL:
case SUBANY:
case SUBFINAL:
return indexTypes.contains(LocalDBIndexCfgDefn.IndexType.SUBSTRING);
case GREATER_OR_EQUAL:
case LESS_OR_EQUAL:
return indexTypes.contains(LocalDBIndexCfgDefn.IndexType.ORDERING);
case APPROXIMATE:
return indexTypes.contains(LocalDBIndexCfgDefn.IndexType.APPROXIMATE);
default:
return false;
}
} catch (Exception e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
return false;
}
}
/**
* Returns {@code true} if this authentication policy state is associated with a user whose
* account has been administratively disabled.
*
* <p>The default implementation is use the value of the "ds-pwp-account-disable" attribute in the
* user's entry.
*
* @return {@code true} if this authentication policy state is associated with a user whose
* account has been administratively disabled.
*/
public boolean isDisabled() {
final AttributeType type = DirectoryServer.getAttributeType(OP_ATTR_ACCOUNT_DISABLED, true);
try {
isDisabled = getBoolean(userEntry, type);
} catch (final Exception e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
isDisabled = ConditionResult.TRUE;
if (debugEnabled()) {
TRACER.debugWarning(
"User %s is considered administratively "
+ "disabled because an error occurred while "
+ "attempting to make the determination: %s.",
userEntry.getDN().toString(), stackTraceToSingleLineString(e));
}
return true;
}
if (isDisabled == ConditionResult.UNDEFINED) {
isDisabled = ConditionResult.FALSE;
if (debugEnabled()) {
TRACER.debugInfo(
"User %s is not administratively disabled since "
+ "the attribute \"%s\" is not present in the entry.",
userEntry.getDN().toString(), OP_ATTR_ACCOUNT_DISABLED);
}
return false;
}
if (debugEnabled()) {
TRACER.debugInfo(
"User %s %s administratively disabled.",
userEntry.getDN().toString(), ((isDisabled == ConditionResult.TRUE) ? " is" : " is not"));
}
return isDisabled == ConditionResult.TRUE;
}
/** {@inheritDoc} */
@Override()
public void renameEntry(DN currentDN, Entry entry, ModifyDNOperation modifyDNOperation)
throws DirectoryException, CanceledOperationException {
checkDiskSpace(modifyDNOperation);
writerBegin();
EntryContainer currentContainer;
if (rootContainer != null) {
currentContainer = rootContainer.getEntryContainer(currentDN);
} else {
Message message = ERR_ROOT_CONTAINER_NOT_INITIALIZED.get(getBackendID());
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message);
}
EntryContainer container = rootContainer.getEntryContainer(entry.getDN());
if (currentContainer != container) {
// FIXME: No reason why we cannot implement a move between containers
// since the containers share the same database environment.
Message msg = WARN_JEB_FUNCTION_NOT_SUPPORTED.get();
throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, msg);
}
currentContainer.sharedLock.lock();
try {
currentContainer.renameEntry(currentDN, entry, modifyDNOperation);
} catch (DatabaseException e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
throw createDirectoryException(e);
} finally {
currentContainer.sharedLock.unlock();
writerEnd();
}
}
/**
* Handles any controls contained in the request.
*
* @throws DirectoryException If there is a problem with any of the request controls.
*/
private void handleRequestControls() throws DirectoryException {
LocalBackendWorkflowElement.removeAllDisallowedControls(baseDN, this);
List<Control> requestControls = getRequestControls();
if (requestControls != null && !requestControls.isEmpty()) {
for (Control c : requestControls) {
String oid = c.getOID();
if (OID_LDAP_ASSERTION.equals(oid)) {
LDAPAssertionRequestControl assertControl =
getRequestControl(LDAPAssertionRequestControl.DECODER);
SearchFilter assertionFilter;
try {
assertionFilter = assertControl.getSearchFilter();
} catch (DirectoryException de) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, de);
}
throw new DirectoryException(
de.getResultCode(),
ERR_SEARCH_CANNOT_PROCESS_ASSERTION_FILTER.get(de.getMessageObject()),
de);
}
Entry entry;
try {
entry = DirectoryServer.getEntry(baseDN);
} catch (DirectoryException de) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, de);
}
throw new DirectoryException(
de.getResultCode(),
ERR_SEARCH_CANNOT_GET_ENTRY_FOR_ASSERTION.get(de.getMessageObject()));
}
if (entry == null) {
throw new DirectoryException(
ResultCode.NO_SUCH_OBJECT, ERR_SEARCH_NO_SUCH_ENTRY_FOR_ASSERTION.get());
}
// Check if the current user has permission to make
// this determination.
if (!AccessControlConfigManager.getInstance()
.getAccessControlHandler()
.isAllowed(this, entry, assertionFilter)) {
throw new DirectoryException(
ResultCode.INSUFFICIENT_ACCESS_RIGHTS,
ERR_CONTROL_INSUFFICIENT_ACCESS_RIGHTS.get(oid));
}
try {
if (!assertionFilter.matchesEntry(entry)) {
throw new DirectoryException(
ResultCode.ASSERTION_FAILED, ERR_SEARCH_ASSERTION_FAILED.get());
}
} catch (DirectoryException de) {
if (de.getResultCode() == ResultCode.ASSERTION_FAILED) {
throw de;
}
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, de);
}
throw new DirectoryException(
de.getResultCode(),
ERR_SEARCH_CANNOT_PROCESS_ASSERTION_FILTER.get(de.getMessageObject()),
de);
}
} else if (OID_PROXIED_AUTH_V1.equals(oid)) {
// Log usage of legacy proxy authz V1 control.
addAdditionalLogItem(
AdditionalLogItem.keyOnly(getClass(), "obsoleteProxiedAuthzV1Control"));
// The requester must have the PROXIED_AUTH privilege in order to be
// able to use this control.
if (!clientConnection.hasPrivilege(Privilege.PROXIED_AUTH, this)) {
throw new DirectoryException(
ResultCode.AUTHORIZATION_DENIED, ERR_PROXYAUTH_INSUFFICIENT_PRIVILEGES.get());
}
ProxiedAuthV1Control proxyControl = getRequestControl(ProxiedAuthV1Control.DECODER);
Entry authorizationEntry = proxyControl.getAuthorizationEntry();
setAuthorizationEntry(authorizationEntry);
setProxiedAuthorizationDN(getDN(authorizationEntry));
} else if (OID_PROXIED_AUTH_V2.equals(oid)) {
// The requester must have the PROXIED_AUTH privilege in order to be
// able to use this control.
if (!clientConnection.hasPrivilege(Privilege.PROXIED_AUTH, this)) {
throw new DirectoryException(
ResultCode.AUTHORIZATION_DENIED, ERR_PROXYAUTH_INSUFFICIENT_PRIVILEGES.get());
}
ProxiedAuthV2Control proxyControl = getRequestControl(ProxiedAuthV2Control.DECODER);
Entry authorizationEntry = proxyControl.getAuthorizationEntry();
setAuthorizationEntry(authorizationEntry);
setProxiedAuthorizationDN(getDN(authorizationEntry));
} else if (OID_PERSISTENT_SEARCH.equals(oid)) {
final PersistentSearchControl ctrl = getRequestControl(PersistentSearchControl.DECODER);
persistentSearch =
new PersistentSearch(
this, ctrl.getChangeTypes(), ctrl.getChangesOnly(), ctrl.getReturnECs());
} else if (OID_LDAP_SUBENTRIES.equals(oid)) {
SubentriesControl subentriesControl = getRequestControl(SubentriesControl.DECODER);
setReturnSubentriesOnly(subentriesControl.getVisibility());
} else if (OID_LDUP_SUBENTRIES.equals(oid)) {
// Support for legacy draft-ietf-ldup-subentry.
addAdditionalLogItem(AdditionalLogItem.keyOnly(getClass(), "obsoleteSubentryControl"));
setReturnSubentriesOnly(true);
} else if (OID_MATCHED_VALUES.equals(oid)) {
MatchedValuesControl matchedValuesControl =
getRequestControl(MatchedValuesControl.DECODER);
setMatchedValuesControl(matchedValuesControl);
} else if (OID_ACCOUNT_USABLE_CONTROL.equals(oid)) {
setIncludeUsableControl(true);
} else if (OID_REAL_ATTRS_ONLY.equals(oid)) {
setRealAttributesOnly(true);
} else if (OID_VIRTUAL_ATTRS_ONLY.equals(oid)) {
setVirtualAttributesOnly(true);
} else if (OID_GET_EFFECTIVE_RIGHTS.equals(oid)
&& DirectoryServer.isSupportedControl(OID_GET_EFFECTIVE_RIGHTS)) {
// Do nothing here and let AciHandler deal with it.
}
// NYI -- Add support for additional controls.
else if (c.isCritical() && !backendSupportsControl(oid)) {
throw new DirectoryException(
ResultCode.UNAVAILABLE_CRITICAL_EXTENSION,
ERR_SEARCH_UNSUPPORTED_CRITICAL_CONTROL.get(oid));
}
}
}
}