diff options
author | Endi S. Dewata <edewata@redhat.com> | 2014-08-26 18:49:56 -0400 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2014-08-27 13:05:49 -0400 |
commit | 579ca2f8c894087c839e60b7c5775b5e7483362a (patch) | |
tree | b301399cbd6faf28024fa6456ce8060f381e62ce /base/server/cmscore/src/com | |
parent | 6444287caa2ad171086d0ce9d93761a897247e06 (diff) | |
download | pki-579ca2f8c894087c839e60b7c5775b5e7483362a.tar.gz pki-579ca2f8c894087c839e60b7c5775b5e7483362a.tar.xz pki-579ca2f8c894087c839e60b7c5775b5e7483362a.zip |
Fixed problems in group operations.
Previously modifying the description of an empty group failed
because the server tried to delete a uniqueMember attribute that
did not exist because the group was already empty. The servlets and
group subsystem has been fixed to retrieve the existing group data
first, perform the changes on it, then save it back to the database.
Also adding a new group will no longer require a description because
it's not required by the LDAP object class.
Ticket #818
Diffstat (limited to 'base/server/cmscore/src/com')
-rw-r--r-- | base/server/cmscore/src/com/netscape/cmscore/usrgrp/Group.java | 16 | ||||
-rw-r--r-- | base/server/cmscore/src/com/netscape/cmscore/usrgrp/UGSubsystem.java | 73 |
2 files changed, 59 insertions, 30 deletions
diff --git a/base/server/cmscore/src/com/netscape/cmscore/usrgrp/Group.java b/base/server/cmscore/src/com/netscape/cmscore/usrgrp/Group.java index 25917e901..fe5d9e1d0 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/usrgrp/Group.java +++ b/base/server/cmscore/src/com/netscape/cmscore/usrgrp/Group.java @@ -39,7 +39,10 @@ public class Group implements IGroup { @SuppressWarnings("unused") private IUsrGrp mBase; private String mName = null; + + // TODO: replace Vector with Set private Vector<String> mMembers = new Vector<String>(); + private String mDescription = null; private static final Vector<String> mNames = new Vector<String>(); @@ -71,6 +74,7 @@ public class Group implements IGroup { } public void addMemberName(String name) { + if (isMember(name)) return; mMembers.addElement(name); } @@ -117,7 +121,17 @@ public class Group implements IGroup { } public void delete(String name) throws EBaseException { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", name)); + if (name.equals(ATTR_NAME)) { + mName = null; + } else if (name.equals(ATTR_ID)) { + mName = null; + } else if (name.equals(ATTR_MEMBERS)) { + mMembers.clear(); + } else if (name.equals(ATTR_DESCRIPTION)) { + mDescription = null; + } else { + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", name)); + } } public Enumeration<String> getElements() { diff --git a/base/server/cmscore/src/com/netscape/cmscore/usrgrp/UGSubsystem.java b/base/server/cmscore/src/com/netscape/cmscore/usrgrp/UGSubsystem.java index 245115e75..a2655bf82 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/usrgrp/UGSubsystem.java +++ b/base/server/cmscore/src/com/netscape/cmscore/usrgrp/UGSubsystem.java @@ -1725,28 +1725,39 @@ public final class UGSubsystem implements IUGSubsystem { LDAPConnection ldapconn = null; try { + String dn = "cn=" + LDAPUtil.escapeRDNValue(grp.getGroupID()) + "," + getGroupBaseDN(); + CMS.debug("dn: " + dn); + LDAPAttributeSet attrs = new LDAPAttributeSet(); String oc[] = { "top", "groupOfUniqueNames" }; attrs.add(new LDAPAttribute("objectclass", oc)); attrs.add(new LDAPAttribute("cn", group.getGroupID())); - attrs.add(new LDAPAttribute("description", group.getDescription())); + + String description = group.getDescription(); + if (description != null) { + CMS.debug("description: " + description); + attrs.add(new LDAPAttribute("description", description)); + } + Enumeration<String> e = grp.getMemberNames(); - if (e.hasMoreElements() == true) { + if (e.hasMoreElements()) { LDAPAttribute attrMembers = new LDAPAttribute("uniquemember"); while (e.hasMoreElements()) { String name = e.nextElement(); + String memberDN = "uid=" + LDAPUtil.escapeRDNValue(name) + "," + getUserBaseDN(); + CMS.debug("uniqueMember: " + memberDN); + // DOES NOT SUPPORT NESTED GROUPS... - attrMembers.addValue("uid=" + LDAPUtil.escapeRDNValue(name) + "," + - getUserBaseDN()); + attrMembers.addValue(memberDN); } attrs.add(attrMembers); } - LDAPEntry entry = new LDAPEntry("cn=" + LDAPUtil.escapeRDNValue(grp.getGroupID()) + - "," + getGroupBaseDN(), attrs); + + LDAPEntry entry = new LDAPEntry(dn, attrs); ldapconn = getConn(); ldapconn.add(entry); @@ -1796,6 +1807,11 @@ public final class UGSubsystem implements IUGSubsystem { } } + /** + * Modifies an existing group in the database. + * + * @param group an existing group that has been modified in memory + */ public void modifyGroup(IGroup group) throws EUsrGrpException { Group grp = (Group) group; @@ -1806,39 +1822,38 @@ public final class UGSubsystem implements IUGSubsystem { LDAPConnection ldapconn = null; try { - LDAPAttribute attrMembers = new LDAPAttribute("uniquemember"); + String dn = "cn=" + LDAPUtil.escapeRDNValue(grp.getGroupID()) + "," + getGroupBaseDN(); + CMS.debug("dn: " + dn); + LDAPModificationSet mod = new LDAPModificationSet(); - String desc = grp.getDescription(); + // update description + String description = grp.getDescription(); + mod.add(LDAPModification.REPLACE, new LDAPAttribute("description", description)); + CMS.debug("description: " + description); - if (desc != null) { - mod.add(LDAPModification.REPLACE, - new LDAPAttribute("description", desc)); + Enumeration<String> e = grp.getMemberNames(); + + // admin group cannot be empty + if (grp.getName().equalsIgnoreCase(SUPER_CERT_ADMINS) && !e.hasMoreElements()) { + throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_ILL_GRP_MOD")); } - Enumeration<String> e = grp.getMemberNames(); + // update members + LDAPAttribute attrMembers = new LDAPAttribute("uniquemember"); + while (e.hasMoreElements()) { + String name = e.nextElement(); - if (e.hasMoreElements() == true) { - while (e.hasMoreElements()) { - String name = e.nextElement(); + String memberDN = "uid=" + LDAPUtil.escapeRDNValue(name) + "," + getUserBaseDN(); + CMS.debug("uniqueMember: " + memberDN); - // DOES NOT SUPPORT NESTED GROUPS... - attrMembers.addValue("uid=" + LDAPUtil.escapeRDNValue(name) + "," + - getUserBaseDN()); - } - mod.add(LDAPModification.REPLACE, attrMembers); - } else { - if (!grp.getName().equalsIgnoreCase(SUPER_CERT_ADMINS)) { - mod.add(LDAPModification.DELETE, attrMembers); - } else { - // not allowed - throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_ILL_GRP_MOD")); - } + // DOES NOT SUPPORT NESTED GROUPS... + attrMembers.addValue(memberDN); } + mod.add(LDAPModification.REPLACE, attrMembers); ldapconn = getConn(); - ldapconn.modify("cn=" + LDAPUtil.escapeRDNValue(grp.getGroupID()) + - "," + getGroupBaseDN(), mod); + ldapconn.modify(dn, mod); } catch (LDAPException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_MODIFY_GROUP", e.toString())); |