Lines Matching defs:and
5 * Common Development and Distribution License, Version 1.0 only
12 * and limitations under the License.
15 * file and include the License file at legal-notices/CDDLv1_0.txt.
60 * probably the easiest way to test the code, and it makes it easy to test
71 * Most of the redundancy and error-prone-ness has also been factored out.
80 // TODO: test searches where we expect a subset of attributes and entries
88 // TODO: test ACI evaluation on adding, replacing, and with other operations
89 // TODO: check bypass-acl and modify-acl
106 * The calendar field is 1 based and starts with sun. We make [0] point
155 //These entries are used to test groupdn, roledn and userattr stuff.
250 private static final String BIND_RULE_USERDN_NOT_ADMIN = and(not(BIND_RULE_USERDN_ADMIN), BIND_RULE_AUTHMETHOD_SIMPLE);
256 private static final String BIND_RULE_USERDN_ADMIN_AND_SSL = and(BIND_RULE_USERDN_ADMIN, BIND_RULE_AUTHMETHOD_SSL);
259 private static final String BIND_RULE_ADMIN_AND_LOCALHOST_OR_SSL = and(BIND_RULE_USERDN_ADMIN, or(BIND_RULE_AUTHMETHOD_SSL, BIND_RULE_DNS_LOCALHOST));
420 buildAciValue("name", "allow write, delete, and search,", "targetattr", "*", "allow(write, delete, search, read)", BIND_RULE_USERDN_ALL);
456 buildAciValue("name", "deny all to misc and localhost", "targetattr", "*", "deny(all)", BIND_RULE_IP_MISC_AND_LOCALHOST);
462 buildAciValue("name", "allow all to non misc and localhost", "targetattr", "*", "allow(all)", BIND_RULE_IP_NOT_MISC_AND_LOCALHOST);
492 buildAciValue("name", "deny all today and tomorrow", "targetattr", "*", "deny(all)", BIND_RULE_TODAY_AND_TOMORROW);
507 buildAciValue("name", "allow if admin and ssl", "targetattr", "*", "allow(all)", BIND_RULE_USERDN_ADMIN_AND_SSL);
514 buildAciValue("name", "deny if admin and localhost or ssl", "targetattr", "*", "deny(all)", BIND_RULE_ADMIN_AND_LOCALHOST_OR_SSL);
517 buildAciValue("name", "allow if admin and localhost or ssl", "targetattr", "*", "allow(all)", BIND_RULE_ADMIN_AND_LOCALHOST_OR_SSL);
535 buildAciValue("name", "allow search ou and person to localhost", "targetattr", "*", "targetfilter", "(|(objectclass=organizationalunit)(objectclass=person))", "allow(search, read)", BIND_RULE_AUTHMETHOD_SIMPLE);
595 buildAciValue("name", "parenthesis (dummy) and ( ) and () test", "allow (read)", BIND_RULE_USERDN_SELF),
694 buildAciValue("name", "allow at noon and after", "targetattr", "*", "allow(all)", BIND_RULE_NOON_AND_AFTER),
696 buildAciValue("name", "allow at noon and before", "targetattr", "*", "allow(all)", BIND_RULE_NOON_AND_BEFORE),
758 * it takes for an aci to be minimally valid, and hence we end up doing a lot of
759 * work twice. This takes time and also reports some identical failures.
764 * is a - or a \" character. X and \' imply that it was previously tested and
801 {"(version3.0;acl\"\";deny(all)not authmethod=\"simple\"and not authmethod=\"ssl\";)",
874 /** Common between validAcis and invalidAcis. */
913 // Test each one with a user where ACI's aren't enforced and one where they are.
943 "and as '" + modifierDn + "' failed to perform these modifications:\n" +
965 "and as '" + modifierDn + "' successfully added an invalid aci:\n" +
983 /** Runs invalidity checks as DirectoryManager and by setting them
985 * get expensive, and if these detect any problem, then they will all probably be okay. */
1198 /** ou=leaf,ou=inner,ou=acitest,dc=example,dc=com and everything under it */
1203 /** ou=inner,ou=acitest,dc=example,dc=com and everything under it */
1209 /** ou=acitest,dc=example,dc=com and everything under it */
1773 // We had some exceptions here and they were hard to track down
1802 * proxied authorization for modifies and searches.
1804 * Add a set of ACIs to allow exports, imports and write rights to the
1805 * proxy user PROXY_USER_DN. Also add an aci low in the DIT, with search and
1813 * proxied authorization and lastly re-search with base at orig DN
1851 * Test modify DN. Add a set of ACIs to allow exports, imports and write
1854 * tree back and re-search with base at orig DN.
1901 * Test selfwrite right. Attempt to bind as level3 user and remove level1
1914 * Test selfwrite right. Attempt to bind as level1 user and remove itself
1973 * Test global ACI. Two ACIs are used, one protecting "cn=monitor" and the
2011 // Modify the entries, and apply the LDIF
2015 // Now issue the search and see if we get what we expect.
2039 * Test search with target filter and target attributes do not conflict with
2051 // Now issue the search and see if we get what we expect.
2055 // First check cn, sn, and givenName are all readable without the ACI.
2068 // Add the ACI: this will prevent the cn and sn attributes from being read
2087 * Test online handler re-initialization using global and selfwrite
2094 // Setup using global and selfwrite test cases.
2108 // "cn=monitor" and the other the test DIT.
2129 // Test selfwrite right. Attempt to bind as level3 user and remove
2134 // Test selfwrite right. Attempt to bind as level1 user and remove
2163 * kludge, but it does help us from having nested "\"", and it does allow us
2174 * and it does allow us to more easily generate combinations of acis.
2206 // Anything else is permission and a bindRule
2471 * To avoid a proliferation of temporary files, use the same ones over and over.
2560 * Makes a group ldif entry using the the specified DN and members.
2629 return "(timeofday>=\"" + now + "\" and timeofday<=\"" + hourFromNow + "\")";
2640 return "(timeofday<\"" + now + "\" and timeofday>=\"" + hourAgo + "\")";
2644 private static String and(String bindRule1, String bindRule2) {
2645 return "(" + bindRule1 + " and " + bindRule2 + ")";