ModifyOperation.java revision 41b9d40fe0daf7ce6cb5ea0b3c951d75c44e7371
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at
* trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
* add the following below this CDDL HEADER, with the fields enclosed
* by brackets "[]" replaced with your own identifying * information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Portions Copyright 2006-2007 Sun Microsystems, Inc.
*/
/**
* This class defines an operation that may be used to modify an entry in the
* Directory Server.
*/
public class ModifyOperation
extends Operation
implements PreParseModifyOperation, PreOperationModifyOperation,
{
/**
* The fully-qualified name of this class for debugging purposes.
*/
private static final String CLASS_NAME =
"org.opends.server.core.ModifyOperation";
// The raw, unprocessed entry DN as included by the client request.
private ByteString rawEntryDN;
// The cancel request that has been issued for this modify operation.
private CancelRequest cancelRequest;
// The DN of the entry for the modify operation.
// The current entry, before any changes are applied.
private Entry currentEntry;
// The modified entry that will be stored in the backend.
private Entry modifiedEntry;
// The set of clear-text current passwords (if any were provided).
// The set of clear-text new passwords (if any were provided).
// The set of response controls for this modify operation.
// The raw, unprocessed set of modifications as included in the client
// request.
// The set of modifications for this modify operation.
// The change number that has been assigned to this operation.
private long changeNumber;
// The time that processing started on this operation.
private long processingStartTime;
// The time that processing ended on this operation.
private long processingStopTime;
/**
* Creates a new modify operation with the provided information.
*
* @param clientConnection The client connection with which this operation
* is associated.
* @param operationID The operation ID for this operation.
* @param messageID The message ID of the request with which this
* operation is associated.
* @param requestControls The set of controls included in the request.
* @param rawEntryDN The raw, unprocessed DN of the entry to modify,
* as included in the client request.
* @param rawModifications The raw, unprocessed set of modifications for
* this modify operation as included in the client
* request.
*/
{
assert debugConstructor(CLASS_NAME,
new String[]
{
});
this.rawEntryDN = rawEntryDN;
this.rawModifications = rawModifications;
currentEntry = null;
changeNumber = -1;
newPasswords = null;
}
/**
* Creates a new modify operation with the provided information.
*
* @param clientConnection The client connection with which this operation
* is associated.
* @param operationID The operation ID for this operation.
* @param messageID The message ID of the request with which this
* operation is associated.
* @param requestControls The set of controls included in the request.
* @param entryDN The entry DN for the modify operation.
* @param modifications The set of modifications for this modify
* operation.
*/
{
assert debugConstructor(CLASS_NAME,
new String[]
{
});
this.modifications = modifications;
for (Modification m : modifications)
{
new LDAPAttribute(m.getAttribute())));
}
currentEntry = null;
changeNumber = -1;
newPasswords = null;
}
/**
* Retrieves the raw, unprocessed entry DN as included in the client request.
* The DN that is returned may or may not be a valid DN, since no validation
* will have been performed upon it.
*
* @return The raw, unprocessed entry DN as included in the client request.
*/
public final ByteString getRawEntryDN()
{
return rawEntryDN;
}
/**
* Specifies the raw, unprocessed entry DN as included in the client request.
* This should only be called by pre-parse plugins.
*
* @param rawEntryDN The raw, unprocessed entry DN as included in the client
* request.
*/
{
this.rawEntryDN = rawEntryDN;
}
/**
* Retrieves the DN of the entry to modify. This should not be called by
* pre-parse plugins because the processed DN will not be available yet.
* Instead, they should call the <CODE>getRawEntryDN</CODE> method.
*
* @return The DN of the entry to modify, or <CODE>null</CODE> if the raw
* entry DN has not yet been processed.
*/
public final DN getEntryDN()
{
return entryDN;
}
/**
* Retrieves the set of raw, unprocessed modifications as included in the
* client request. Note that this may contain one or more invalid
* modifications, as no validation will have been performed on this
* information. The list returned must not be altered by the caller.
*
* @return The set of raw, unprocessed modifications as included in the
* client request.
*/
{
return rawModifications;
}
/**
* Adds the provided modification to the set of raw modifications for this
* modify operation. This must only be called by pre-parse plugins.
*
* @param rawModification The modification to add to the set of raw
* modifications for this modify operation.
*/
{
}
/**
* Specifies the raw modifications for this modify operation.
*
* @param rawModifications The raw modifications for this modify operation.
*/
{
this.rawModifications = rawModifications;
}
/**
* Retrieves the set of modifications for this modify operation. Its contents
* should not be altered. It will not be available to pre-parse plugins.
*
* @return The set of modifications for this modify operation, or
* <CODE>null</CODE> if the modifications have not yet been
* processed.
*/
{
return modifications;
}
/**
* Adds the provided modification to the set of modifications to this modify
* operation. This may only be called by pre-operation plugins.
*
* @param modification The modification to add to the set of changes for
* this modify operation.
*
* @throws DirectoryException If an unexpected problem occurs while applying
* the modification to the entry.
*/
throws DirectoryException
{
}
/**
* Retrieves the current entry before any modifications are applied. This
* will not be available to pre-parse plugins.
*
* @return The current entry, or <CODE>null</CODE> if it is not yet
* available.
*/
public final Entry getCurrentEntry()
{
return currentEntry;
}
/**
* Retrieves the modified entry that is to be written to the backend. This
* will be available to pre-operation plugins, and if such a plugin does make
* a change to this entry, then it is also necessary to add that change to
* the set of modifications to ensure that the update will be consistent.
*
* @return The modified entry that is to be written to the backend, or
* <CODE>null</CODE> if it is not yet available.
*/
public final Entry getModifiedEntry()
{
return modifiedEntry;
}
/**
* Retrieves the set of clear-text current passwords for the user, if
* available. This will only be available if the modify operation contains
* one or more delete elements that target the password attribute and provide
* the values to delete in the clear. It will not be available to pre-parse
* plugins.
*
* @return The set of clear-text current password values as provided in the
* modify request, or <CODE>null</CODE> if there were none or this
* information is not yet available.
*/
{
return currentPasswords;
}
/**
* Retrieves the set of clear-text new passwords for the user, if available.
* This will only be available if the modify operation contains one or more
* add or replace elements that target the password attribute and provide the
* values in the clear. It will not be available to pre-parse plugins.
*
* @return The set of clear-text new passwords as provided in the modify
* request, or <CODE>null</CODE> if there were none or this
* information is not yet available.
*/
{
return newPasswords;
}
/**
* {@inheritDoc}
*/
@Override()
public final long getProcessingStartTime()
{
return processingStartTime;
}
/**
* {@inheritDoc}
*/
@Override()
public final long getProcessingStopTime()
{
return processingStopTime;
}
/**
* {@inheritDoc}
*/
@Override()
public final long getProcessingTime()
{
return (processingStopTime - processingStartTime);
}
/**
* Retrieves the change number that has been assigned to this operation.
*
* @return The change number that has been assigned to this operation, or -1
* if none has been assigned yet or if there is no applicable
* synchronization mechanism in place that uses change numbers.
*/
public final long getChangeNumber()
{
return changeNumber;
}
/**
* Specifies the change number that has been assigned to this operation by the
* synchronization mechanism.
*
* @param changeNumber The change number that has been assigned to this
* operation by the synchronization mechanism.
*/
public final void setChangeNumber(long changeNumber)
{
this.changeNumber = changeNumber;
}
/**
* {@inheritDoc}
*/
@Override()
int messageID)
{
// Before calling clientConnection.disconnect, we need to mark this
// operation as cancelled so that the attempt to cancel it later won't cause
// an unnecessary delay.
}
/**
* {@inheritDoc}
*/
@Override()
public final OperationType getOperationType()
{
// Note that no debugging will be done in this method because it is a likely
// candidate for being called by the logging subsystem.
return OperationType.MODIFY;
}
/**
* {@inheritDoc}
*/
@Override()
public final String[][] getRequestLogElements()
{
// Note that no debugging will be done in this method because it is a likely
// candidate for being called by the logging subsystem.
return new String[][]
{
};
}
/**
* {@inheritDoc}
*/
@Override()
public final String[][] getResponseLogElements()
{
// Note that no debugging will be done in this method because it is a likely
// candidate for being called by the logging subsystem.
if (errorMessageBuffer == null)
{
errorMessage = null;
}
else
{
}
{
matchedDNStr = null;
}
else
{
}
{
}
else
{
{
}
}
return new String[][]
{
};
}
/**
* {@inheritDoc}
*/
@Override()
{
return responseControls;
}
/**
* {@inheritDoc}
*/
@Override()
{
}
/**
* {@inheritDoc}
*/
@Override()
{
}
/**
* {@inheritDoc}
*/
@Override()
public final void run()
{
// Get the plugin config manager that will be used for invoking plugins.
boolean skipPostOperation = false;
// Start the processing timer.
// Check for and handle a request to cancel this operation.
if (cancelRequest != null)
{
return;
}
// Create a labeled block of code that we can break out of if a problem is
// detected.
{
// Invoke the pre-parse modify plugins.
{
// There's no point in continuing with anything. Log the request and
// result and return.
logModifyRequest(this);
logModifyResponse(this);
return;
}
else if (preParseResult.sendResponseImmediately())
{
skipPostOperation = true;
logModifyRequest(this);
break modifyProcessing;
}
// Log the modify request message.
logModifyRequest(this);
// Check for and handle a request to cancel this operation.
if (cancelRequest != null)
{
logModifyResponse(this);
return;
}
// Process the entry DN to convert it from the raw form to the form
// required for the rest of the modify processing.
try
{
{
}
}
catch (DirectoryException de)
{
skipPostOperation = true;
break modifyProcessing;
}
// Process the modifications to convert them from their raw form to the
// form required for the rest of the modify processing.
if (modifications == null)
{
for (LDAPModification m : rawModifications)
{
try
{
}
catch (LDAPException le)
{
break modifyProcessing;
}
}
}
if (modifications.isEmpty())
{
break modifyProcessing;
}
// If the user must change their password before doing anything else, and
// if the target of the modify operation isn't the user's own entry, then
// reject the request.
{
{
// The user will not be allowed to do anything else before
// the password gets changed.
break modifyProcessing;
}
}
// Check for and handle a request to cancel this operation.
if (cancelRequest != null)
{
logModifyResponse(this);
return;
}
// Acquire a write lock on the target entry.
for (int i=0; i < 3; i++)
{
{
break;
}
}
{
skipPostOperation = true;
break modifyProcessing;
}
try
{
// Check for and handle a request to cancel this operation.
if (cancelRequest != null)
{
logModifyResponse(this);
return;
}
// Get the entry to modify. If it does not exist, then fail.
try
{
}
catch (DirectoryException de)
{
break modifyProcessing;
}
if (currentEntry == null)
{
// See if one of the entry's ancestors exists.
{
try
{
{
break;
}
}
catch (Exception e)
{
break;
}
}
break modifyProcessing;
}
// Check to see if there are any controls in the request. If so, then
// see if there is any special processing required.
boolean noOp = false;
{
{
{
if (c instanceof LDAPAssertionRequestControl)
{
}
else
{
try
{
}
catch (LDAPException le)
{
break modifyProcessing;
}
}
try
{
// FIXME -- We need to determine whether the current user has
// permission to make this determination.
{
break modifyProcessing;
}
}
catch (DirectoryException de)
{
de.getErrorMessage()));
break modifyProcessing;
}
}
{
noOp = true;
}
{
if (c instanceof LDAPAssertionRequestControl)
{
}
else
{
try
{
}
catch (LDAPException le)
{
break modifyProcessing;
}
}
}
{
if (c instanceof LDAPAssertionRequestControl)
{
}
else
{
try
{
}
catch (LDAPException le)
{
break modifyProcessing;
}
}
}
{
// The requester must have the PROXIED_AUTH privilige in order to
// be able to use this control.
{
break modifyProcessing;
}
if (c instanceof ProxiedAuthV1Control)
{
proxyControl = (ProxiedAuthV1Control) c;
}
else
{
try
{
}
catch (LDAPException le)
{
break modifyProcessing;
}
}
try
{
}
catch (DirectoryException de)
{
break modifyProcessing;
}
}
{
// The requester must have the PROXIED_AUTH privilige in order to
// be able to use this control.
{
break modifyProcessing;
}
if (c instanceof ProxiedAuthV2Control)
{
proxyControl = (ProxiedAuthV2Control) c;
}
else
{
try
{
}
catch (LDAPException le)
{
break modifyProcessing;
}
}
try
{
}
catch (DirectoryException de)
{
break modifyProcessing;
}
}
// NYI -- Add support for additional controls.
else if (c.isCritical())
{
{
oid));
break modifyProcessing;
}
}
}
}
// Check to see if the client has permission to perform the
// modify.
// FIXME: for now assume that this will check all permission
// pertinent to the operation. This includes proxy authorization
// and any other controls specified.
// FIXME: earlier checks to see if the entry already exists may
// have already exposed sensitive information to the client.
.getAccessControlHandler().isAllowed(this) == false) {
skipPostOperation = true;
break modifyProcessing;
}
// Get the password policy state object for the entry that can be used
// to perform any appropriate password policy processing. Also, see if
// the entry is being updated by the end user or an administrator.
try
{
// FIXME -- Need a way to enable debug mode.
}
catch (DirectoryException de)
{
break modifyProcessing;
}
// Create a duplicate of the entry and apply the changes to it.
if (! noOp)
{
// Invoke any conflict resolution processing that might be needed by
// the synchronization provider.
for (SynchronizationProvider provider :
{
try
{
provider.handleConflictResolution(this);
if (! result.continueOperationProcessing())
{
break modifyProcessing;
}
}
catch (DirectoryException de)
{
break modifyProcessing;
}
}
}
// Declare variables used for password policy state processing.
boolean passwordChanged = false;
boolean currentPasswordProvided = false;
boolean isEnabled = true;
boolean enabledStateChanged = false;
boolean wasLocked = false;
int numPasswords;
if (currentEntry.hasAttribute(
{
// It may actually have more than one, but we can't tell the
// difference if the values are encoded, and its enough for our
// purposes just to know that there is at least one.
numPasswords = 1;
}
else
{
numPasswords = 0;
}
// If it's not an internal or synchronization operation, then iterate
// through the set of modifications to see if a password is included in
// the changes. If so, then add the appropriate state changes to the
// set of modifications.
if (! (isInternalOperation() || isSynchronizationOperation()))
{
for (Modification m : modifications)
{
{
passwordChanged = true;
if (! selfChange)
{
this))
{
break modifyProcessing;
}
}
break;
}
}
if (passwordChanged)
{
// See if the account was locked for any reason.
// Update the password policy state attributes in the user's entry.
// If the modification fails, then these changes won't be applied.
{
}
{
}
}
else if(pwPolicyState.mustChangePassword())
{
// The user will not be allowed to do anything else before
// the password gets changed.
break modifyProcessing;
}
}
for (Modification m : modifications)
{
Attribute a = m.getAttribute();
AttributeType t = a.getAttributeType();
// If the attribute type is marked "NO-USER-MODIFICATION" then fail
// unless this is an internal operation or is related to
// synchronization in some way.
if (t.isNoUserModification())
{
if (! (isInternalOperation() || isSynchronizationOperation() ||
m.isInternal()))
{
a.getName()));
break modifyProcessing;
}
}
// If the attribute type is marked "OBSOLETE" and the modification
// is setting new values, then fail unless this is an internal
// operation or is related to synchronization in some way.
if (t.isObsolete())
{
if (a.hasValue() &&
{
if (! (isInternalOperation() || isSynchronizationOperation() ||
m.isInternal()))
{
a.getName()));
break modifyProcessing;
}
}
}
// See if the attribute is one which controls the privileges available
// for a user. If it is, then the client must have the
// PRIVILEGE_CHANGE privilege.
if (t.hasName(OP_ATTR_PRIVILEGE_NAME))
{
this))
{
break modifyProcessing;
}
}
// If the modification is updating the password attribute, then
// perform any necessary password policy processing. This processing
// should be skipped for synchronization operations.
boolean isPassword
if (isPassword && (!(isSynchronizationOperation())))
{
// If the attribute contains any options, then reject it. Passwords
// will not be allowed to have options. Skipped for internal
// operations.
if(!isInternalOperation())
{
if (a.hasOptions())
{
break modifyProcessing;
}
// If it's a self change, then see if that's allowed.
if (selfChange &&
{
break modifyProcessing;
}
// If we require secure password changes, then makes sure it's a
// secure communication channel.
(! clientConnection.isSecure()))
{
break modifyProcessing;
}
// If it's a self change and it's not been long enough since the
// previous change, then reject it.
{
break modifyProcessing;
}
}
// Check to see whether this will adding, deleting, or replacing
// password values (increment doesn't make any sense for passwords).
// Then perform the appropriate type of processing for that kind of
// modification.
boolean isAdd = false;
new LinkedHashSet<AttributeValue>();
switch (m.getModificationType())
{
case ADD:
case REPLACE:
{
isAdd = true;
}
else
{
}
// If there were multiple password values provided, then make
// sure that's OK.
if (! isInternalOperation() &&
(passwordsToAdd > 1))
{
break modifyProcessing;
}
// Iterate through the password values and see if any of them
// are pre-encoded. If so, then check to see if we'll allow it.
// Otherwise, store the clear-text values for later validation
// and update the attribute with the encoded values.
for (AttributeValue v : pwValues)
{
{
if ((!isInternalOperation()) &&
{
break modifyProcessing;
}
else
{
encodedValues.add(v);
}
}
else
{
if (isAdd)
{
// Make sure that the password value doesn't already
// exist.
{
break modifyProcessing;
}
}
if (newPasswords == null)
{
}
newPasswords.add(v);
try
{
for (ByteString s :
{
a.getAttributeType(), s));
}
}
catch (DirectoryException de)
{
break modifyProcessing;
}
}
}
break;
case DELETE:
// Iterate through the password values and see if any of them
// are pre-encoded. We will never allow pre-encoded passwords
// for user password changes, but we will allow them for
// administrators. For each clear-text value, verify that at
// least one value in the entry matches and replace the
// clear-text value with the appropriate encoded forms.
for (AttributeValue v : pwValues)
{
{
if ((!isInternalOperation()) && selfChange)
{
break modifyProcessing;
}
else
{
encodedValues.add(v);
}
}
else
{
{
break modifyProcessing;
}
boolean found = false;
{
{
{
{
try
{
av.getStringValue());
{
v.getValue(),
{
found = true;
}
}
}
catch (DirectoryException de)
{
break modifyProcessing;
}
}
else
{
{
encodedValues.add(v);
found = true;
}
}
}
else
{
{
try
{
String[] compoenents =
av.getStringValue());
{
if (scheme.passwordMatches(
v.getValue(),
{
found = true;
}
}
}
catch (DirectoryException de)
{
de.getErrorMessage()));
break modifyProcessing;
}
}
else
{
{
encodedValues.add(v);
found = true;
}
}
}
}
}
if (found)
{
if (currentPasswords == null)
{
}
currentPasswords.add(v);
numPasswords--;
}
else
{
break modifyProcessing;
}
currentPasswordProvided = true;
}
}
break;
default:
break modifyProcessing;
}
}
else
{
// See if it's an attribute used to maintain the account
true);
if (t.equals(disabledAttr))
{
enabledStateChanged = true;
for (AttributeValue v : a.getValues())
{
try
{
v.getNormalizedValue()));
}
catch (DirectoryException de)
{
break modifyProcessing;
}
}
}
}
switch (m.getModificationType())
{
case ADD:
// Make sure that one or more values have been provided for the
// attribute.
{
a.getName()));
break modifyProcessing;
}
// Make sure that all the new values are valid according to the
// associated syntax.
if (DirectoryServer.checkSchema())
{
{
for (AttributeValue v : newValues)
{
{
a.getName(),
v.getStringValue(),
invalidReason.toString()));
break modifyProcessing;
}
}
}
{
for (AttributeValue v : newValues)
{
{
invalidReason = new StringBuilder();
}
}
}
}
// Add the provided attribute or merge an existing attribute with
// the values of the new attribute. If there are any duplicates,
// then fail.
new LinkedList<AttributeValue>();
if (a.getAttributeType().isObjectClassType())
{
try
{
break;
}
catch (DirectoryException de)
{
break modifyProcessing;
}
}
else
{
if (duplicateValues.isEmpty())
{
break;
}
else
{
{
}
a.getName(),
break modifyProcessing;
}
}
case DELETE:
// Remove the specified attribute values or the entire attribute
// from the value. If there are any specified values that were
// not present, then fail. If the RDN attribute value would be
// removed, then fail.
new LinkedList<AttributeValue>();
boolean attrExists =
if (attrExists)
{
if (missingValues.isEmpty())
{
if (rdn.hasAttributeType(t) &&
rdn.getAttributeValue(t))))
{
a.getName()));
break modifyProcessing;
}
break;
}
else
{
{
}
a.getName(),
break modifyProcessing;
}
}
else
{
a.getName()));
break modifyProcessing;
}
case REPLACE:
// If it is the objectclass attribute, then treat that separately.
if (a.getAttributeType().isObjectClassType())
{
try
{
break;
}
catch (DirectoryException de)
{
break modifyProcessing;
}
}
// If the provided attribute does not have any values, then we
// will simply remove the attribute from the entry (if it exists).
if (! a.hasValue())
{
if (rdn.hasAttributeType(t) &&
rdn.getAttributeValue(t))))
{
a.getName()));
break modifyProcessing;
}
break;
}
// Make sure that all the new values are valid according to the
// associated syntax.
if (DirectoryServer.checkSchema())
{
{
for (AttributeValue v : newValues)
{
{
a.getName(),
v.getStringValue(),
invalidReason.toString()));
break modifyProcessing;
}
}
}
{
for (AttributeValue v : newValues)
{
{
invalidReason = new StringBuilder();
}
}
}
}
// If the provided attribute does not have any options, then we
// will simply use it in place of any existing attribute of the
// provided type (or add it if it doesn't exist).
if (! a.hasOptions())
{
if (rdn.hasAttributeType(t) &&
rdn.getAttributeValue(t))))
{
a.getName()));
break modifyProcessing;
}
break;
}
// See if there is an existing attribute of the provided type. If
// not, then we'll use the new one.
{
if (rdn.hasAttributeType(t) &&
rdn.getAttributeValue(t))))
{
a.getName()));
break modifyProcessing;
}
break;
}
// There must be an existing occurrence of the provided attribute
// in the entry. If there is a version with exactly the set of
// options provided, then replace it. Otherwise, add a new one.
boolean found = false;
{
{
found = true;
break;
}
}
if (! found)
{
}
if (rdn.hasAttributeType(t) &&
rdn.getAttributeValue(t))))
{
a.getName()));
break modifyProcessing;
}
break;
case INCREMENT:
// The specified attribute type must not be an RDN attribute.
if (rdn.hasAttributeType(t))
{
a.getName()));
}
// The provided attribute must have a single value, and it must be
// an integer.
{
a.getName()));
break modifyProcessing;
}
{
a.getName()));
break modifyProcessing;
}
long incrementValue;
try
{
}
catch (Exception e)
{
a.getName(), v.getStringValue()));
break modifyProcessing;
}
// Get the corresponding attribute from the entry and make sure
// that it has a single integer value.
{
a.getName()));
break modifyProcessing;
}
boolean updated = false;
{
{
continue;
}
{
long newIntValue;
try
{
long existingIntValue =
}
catch (Exception e)
{
a.getName(),
break modifyProcessing;
}
}
updated = true;
}
if (! updated)
{
a.getName()));
break modifyProcessing;
}
break;
default:
}
}
// If there was a password change, then perform any additional checks
// that may be necessary.
if (passwordChanged)
{
// If it was a self change, then see if the current password was
// provided and handle accordingly.
if (selfChange &&
{
break modifyProcessing;
}
// If this change would result in multiple password values, then see
// if that's OK.
if ((numPasswords > 1) &&
{
break modifyProcessing;
}
// If any of the password values should be validated, then do so now.
if (selfChange ||
{
if (newPasswords != null)
{
if (currentPasswords != null)
{
if (clearPasswords.isEmpty())
{
for (AttributeValue v : currentPasswords)
{
}
}
else
{
// NOTE: We can't rely on the fact that Set doesn't allow
// duplicates because technically it's possible that the
// values aren't duplicates if they are ASN.1 elements with
// different types (like 0x04 for a standard universal octet
// string type versus 0x80 for a simple password in a bind
// operation). So we have to manually check for duplicates.
for (AttributeValue v : currentPasswords)
{
boolean found = false;
for (ByteString s : clearPasswords)
{
{
found = true;
break;
}
}
if (! found)
{
}
}
}
}
for (AttributeValue v : newPasswords)
{
v.getValue(),
{
invalidReason.toString()));
break modifyProcessing;
}
}
}
}
}
// Make sure that the new entry is valid per the server schema.
if (DirectoryServer.checkSchema())
{
{
invalidReason.toString()));
break modifyProcessing;
}
}
// Check for and handle a request to cancel this operation.
if (cancelRequest != null)
{
logModifyResponse(this);
return;
}
// If the operation is not a synchronization operation,
// Invoke the pre-operation modify plugins.
if (!isSynchronizationOperation())
{
if (preOpResult.connectionTerminated())
{
// There's no point in continuing with anything. Log the result
// and return.
logModifyResponse(this);
return;
}
else if (preOpResult.sendResponseImmediately())
{
skipPostOperation = true;
break modifyProcessing;
}
}
// Check for and handle a request to cancel this operation.
if (cancelRequest != null)
{
logModifyResponse(this);
return;
}
// Actually perform the modify operation. This should also include
// taking care of any synchronization that might be needed.
{
break modifyProcessing;
}
try
{
// If it is not a private backend, then check to see if the server or
// backend is operating in read-only mode.
if (! backend.isPrivateBackend())
{
switch (DirectoryServer.getWritabilityMode())
{
case DISABLED:
break modifyProcessing;
case INTERNAL_ONLY:
if (! (isInternalOperation() || isSynchronizationOperation()))
{
break modifyProcessing;
}
}
switch (backend.getWritabilityMode())
{
case DISABLED:
break modifyProcessing;
case INTERNAL_ONLY:
if (! (isInternalOperation() || isSynchronizationOperation()))
{
break modifyProcessing;
}
}
}
if (noOp)
{
// FIXME -- We must set a result code other than SUCCESS.
}
else
{
for (SynchronizationProvider provider :
{
try
{
provider.doPreOperation(this);
if (! result.continueOperationProcessing())
{
break modifyProcessing;
}
}
catch (DirectoryException de)
{
break modifyProcessing;
}
}
// If the modification was successful, then see if there's any other
// work that we need to do here before handing off to postop
// plugins.
if (passwordChanged)
{
if (selfChange)
{
{
}
}
else
{
int msgID = MSGID_MODIFY_PASSWORD_RESET;
}
}
if (enabledStateChanged)
{
if (isEnabled)
{
}
else
{
}
}
if (wasLocked)
{
}
}
if (preReadRequest != null)
{
if (! preReadRequest.allowsAttribute(
{
}
if (! preReadRequest.returnAllUserAttributes())
{
{
{
}
}
}
{
{
{
}
}
}
// FIXME -- Check access controls on the entry to see if it should
// be returned or if any attributes need to be stripped
// out..
}
if (postReadRequest != null)
{
if (! postReadRequest.allowsAttribute(
{
}
if (! postReadRequest.returnAllUserAttributes())
{
{
{
}
}
}
{
{
{
}
}
}
// FIXME -- Check access controls on the entry to see if it should
// be returned or if any attributes need to be stripped
// out..
}
}
catch (DirectoryException de)
{
break modifyProcessing;
}
catch (CancelledOperationException coe)
{
{
}
break modifyProcessing;
}
}
finally
{
for (SynchronizationProvider provider :
{
try
{
provider.doPostOperation(this);
}
catch (DirectoryException de)
{
break;
}
}
}
}
// Indicate that it is now too late to attempt to cancel the operation.
// Invoke the post-operation modify plugins.
if (! skipPostOperation)
{
// FIXME -- Should this also be done while holding the locks?
if (postOpResult.connectionTerminated())
{
// There's no point in continuing with anything. Log the result and
// return.
logModifyResponse(this);
return;
}
}
// Notify any change notification listeners that might be registered with
// the server.
{
{
try
{
}
catch (Exception e)
{
}
}
}
// Stop the processing timer.
// Send the modify response to the client.
clientConnection.sendResponse(this);
// Log the modify response.
logModifyResponse(this);
// Notify any persistent searches that might be registered with the server.
{
for (PersistentSearch persistentSearch :
{
try
{
}
catch (Exception e)
{
}
}
}
// Invoke the post-response modify plugins.
}
/**
* {@inheritDoc}
*/
@Override()
{
this.cancelRequest = cancelRequest;
while ((cancelResult == null) &&
{
try
{
}
catch (Exception e)
{
}
}
if (cancelResult == null)
{
// This can happen in some rare cases (e.g., if a client disconnects and
// there is still a lot of data to send to that client), and in this case
// we'll prevent the cancel thread from blocking for a long period of
// time.
}
return cancelResult;
}
/**
* {@inheritDoc}
*/
@Override()
public final CancelRequest getCancelRequest()
{
return cancelRequest;
}
/**
* {@inheritDoc}
*/
@Override()
{
this.cancelRequest = cancelRequest;
return true;
}
/**
* {@inheritDoc}
*/
@Override()
{
}
}