001    /*
002     * CDDL HEADER START
003     *
004     * The contents of this file are subject to the terms of the
005     * Common Development and Distribution License, Version 1.0 only
006     * (the "License").  You may not use this file except in compliance
007     * with the License.
008     *
009     * You can obtain a copy of the license at
010     * trunk/opends/resource/legal-notices/OpenDS.LICENSE
011     * or https://OpenDS.dev.java.net/OpenDS.LICENSE.
012     * See the License for the specific language governing permissions
013     * and limitations under the License.
014     *
015     * When distributing Covered Code, include this CDDL HEADER in each
016     * file and include the License file at
017     * trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
018     * add the following below this CDDL HEADER, with the fields enclosed
019     * by brackets "[]" replaced with your own identifying information:
020     *      Portions Copyright [yyyy] [name of copyright owner]
021     *
022     * CDDL HEADER END
023     *
024     *
025     *      Copyright 2008 Sun Microsystems, Inc.
026     */
027    package org.opends.server.core;
028    import org.opends.messages.Message;
029    
030    
031    
032    import java.util.HashSet;
033    import java.util.List;
034    import java.util.Set;
035    
036    import org.opends.server.admin.server.ConfigurationChangeListener;
037    import org.opends.server.admin.std.meta.RootDNCfgDefn;
038    import org.opends.server.admin.std.server.RootDNCfg;
039    import org.opends.server.types.ConfigChangeResult;
040    import org.opends.server.types.Privilege;
041    import org.opends.server.types.ResultCode;
042    
043    
044    
045    /**
046     * This class defines a data structure that is used to handle changes to the set
047     * of default root privileges.
048     */
049    public class RootPrivilegeChangeListener
050           implements ConfigurationChangeListener<RootDNCfg>
051    {
052      // The set of privileges that will be given to root users by default.
053      private Set<Privilege> defaultRootPrivileges;
054    
055    
056    
057      /**
058       * Creates a new instance of this root privilege change listener.
059       */
060      public RootPrivilegeChangeListener()
061      {
062        defaultRootPrivileges = Privilege.getDefaultRootPrivileges();
063      }
064    
065    
066    
067      /**
068       * {@inheritDoc}
069       */
070      public boolean isConfigurationChangeAcceptable(RootDNCfg configuration,
071                          List<Message> unacceptableReasons)
072      {
073        // No special validation is required.
074        return true;
075      }
076    
077    
078    
079      /**
080       * {@inheritDoc}
081       */
082      public ConfigChangeResult applyConfigurationChange(RootDNCfg configuration)
083      {
084        setDefaultRootPrivileges(configuration);
085        return new ConfigChangeResult(ResultCode.SUCCESS, false);
086      }
087    
088    
089    
090      /**
091       * Retrieves the set of privileges that will be automatically granted to root
092       * users.
093       *
094       * @return  The set of privileges that will be automatically granted to root
095       *          users.
096       */
097      public Set<Privilege> getDefaultRootPrivileges()
098      {
099        return defaultRootPrivileges;
100      }
101    
102    
103    
104      /**
105       * Specifies the set of privileges that will be automatically granted to root
106       * users.
107       *
108       * @param  configuration  The configuration object that specifies the set of
109       *                        privileges that will be automatically granted to
110       *                        root users.
111       */
112      void setDefaultRootPrivileges(RootDNCfg configuration)
113      {
114        Set<RootDNCfgDefn.DefaultRootPrivilegeName> configPrivSet =
115             configuration.getDefaultRootPrivilegeName();
116    
117        HashSet<Privilege> privSet = new HashSet<Privilege>(configPrivSet.size());
118        for (RootDNCfgDefn.DefaultRootPrivilegeName p : configPrivSet)
119        {
120          switch (p)
121          {
122            case BYPASS_ACL:
123              privSet.add(Privilege.BYPASS_ACL);
124              break;
125            case MODIFY_ACL:
126              privSet.add(Privilege.MODIFY_ACL);
127              break;
128            case CONFIG_READ:
129              privSet.add(Privilege.CONFIG_READ);
130              break;
131            case CONFIG_WRITE:
132              privSet.add(Privilege.CONFIG_WRITE);
133              break;
134            case JMX_READ:
135              privSet.add(Privilege.JMX_READ);
136              break;
137            case JMX_WRITE:
138              privSet.add(Privilege.JMX_WRITE);
139              break;
140            case JMX_NOTIFY:
141              privSet.add(Privilege.JMX_NOTIFY);
142              break;
143            case LDIF_IMPORT:
144              privSet.add(Privilege.LDIF_IMPORT);
145              break;
146            case LDIF_EXPORT:
147              privSet.add(Privilege.LDIF_EXPORT);
148              break;
149            case BACKEND_BACKUP:
150              privSet.add(Privilege.BACKEND_BACKUP);
151              break;
152            case BACKEND_RESTORE:
153              privSet.add(Privilege.BACKEND_RESTORE);
154              break;
155            case SERVER_SHUTDOWN:
156              privSet.add(Privilege.SERVER_SHUTDOWN);
157              break;
158            case SERVER_RESTART:
159              privSet.add(Privilege.SERVER_RESTART);
160              break;
161            case PROXIED_AUTH:
162              privSet.add(Privilege.PROXIED_AUTH);
163              break;
164            case DISCONNECT_CLIENT:
165              privSet.add(Privilege.DISCONNECT_CLIENT);
166              break;
167            case CANCEL_REQUEST:
168              privSet.add(Privilege.CANCEL_REQUEST);
169              break;
170            case PASSWORD_RESET:
171              privSet.add(Privilege.PASSWORD_RESET);
172              break;
173            case DATA_SYNC:
174              privSet.add(Privilege.DATA_SYNC);
175              break;
176            case UPDATE_SCHEMA:
177              privSet.add(Privilege.UPDATE_SCHEMA);
178              break;
179            case PRIVILEGE_CHANGE:
180              privSet.add(Privilege.PRIVILEGE_CHANGE);
181              break;
182            case UNINDEXED_SEARCH:
183              privSet.add(Privilege.UNINDEXED_SEARCH);
184              break;
185          }
186        }
187    
188        defaultRootPrivileges = privSet;
189      }
190    }
191