001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions Copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2008-2010 Sun Microsystems, Inc.
015 * Portions Copyright 2014-2015 ForgeRock AS.
016 */
017package org.opends.server.types;
018
019import java.util.HashMap;
020import java.util.HashSet;
021import java.util.Map;
022import java.util.Set;
023
024/**
025 * This class implements an enumeration that defines the set of
026 * privileges available in the Directory Server.
027 */
028@org.opends.server.types.PublicAPI(
029     stability=org.opends.server.types.StabilityLevel.UNCOMMITTED,
030     mayInstantiate=false,
031     mayExtend=false,
032     mayInvoke=true)
033public enum Privilege
034{
035  /**
036   * The privilege that provides the ability to bypass access control
037   * evaluation.
038   */
039  BYPASS_ACL("bypass-acl"),
040
041
042
043  /**
044   * The privilege that provides the ability to bypass server
045   * lockdown mode.
046   */
047  BYPASS_LOCKDOWN("bypass-lockdown"),
048
049
050
051  /**
052   * The privilege that provides the ability to modify access control
053   * rules.
054   */
055  MODIFY_ACL("modify-acl"),
056
057
058
059  /**
060   * The privilege that provides the ability to read the server
061   * configuration.
062   */
063  CONFIG_READ("config-read"),
064
065
066
067  /**
068   * The privilege that provides the ability to update the server
069   * configuration.
070   */
071  CONFIG_WRITE("config-write"),
072
073
074
075  /**
076   * The privilege that provides the ability to perform read
077   * operations via JMX.
078   */
079  JMX_READ("jmx-read"),
080
081
082
083  /**
084   * The privilege that provides the ability to perform write
085   * operations via JMX.
086   */
087  JMX_WRITE("jmx-write"),
088
089
090
091  /**
092   * The privilege that provides the ability to subscribe to JMX
093   * notifications.
094   */
095  JMX_NOTIFY("jmx-notify"),
096
097
098
099  /**
100   * The privilege that provides the ability to perform LDIF import
101   * operations.
102   */
103  LDIF_IMPORT("ldif-import"),
104
105
106
107  /**
108   * The privilege that provides the ability to perform LDIF export
109   * operations.
110   */
111  LDIF_EXPORT("ldif-export"),
112
113
114
115  /**
116   * The privilege that provides the ability to perform backend backup
117   * operations.
118   */
119  BACKEND_BACKUP("backend-backup"),
120
121
122
123  /**
124   * The privilege that provides the ability to perform backend
125   * restore operations.
126   */
127  BACKEND_RESTORE("backend-restore"),
128
129
130
131  /**
132   * The privilege that provides the ability to lockdown a server.
133   */
134  SERVER_LOCKDOWN("server-lockdown"),
135
136
137
138  /**
139   * The privilege that provides the ability to request a server
140   * shutdown.
141   */
142  SERVER_SHUTDOWN("server-shutdown"),
143
144
145
146  /**
147   * The privilege that provides the ability to request a server
148   * restart.
149   */
150  SERVER_RESTART("server-restart"),
151
152
153
154  /**
155   * The privilege that provides the ability to perform proxied
156   * authorization or request an alternate authorization identity.
157   */
158  PROXIED_AUTH("proxied-auth"),
159
160
161
162  /**
163   * The privilege that provides the ability to terminate arbitrary
164   * client connections.
165   */
166  DISCONNECT_CLIENT("disconnect-client"),
167
168
169
170  /**
171   * The privilege that provides the ability to cancel arbitrary
172   * client requests.
173   */
174  CANCEL_REQUEST("cancel-request"),
175
176
177
178  /**
179   * The privilege that provides the ability to reset user passwords.
180   */
181  PASSWORD_RESET("password-reset"),
182
183
184
185  /**
186   * The privilege that provides the ability to participate in a
187   * data synchronization environment.
188   */
189  DATA_SYNC("data-sync"),
190
191
192
193  /**
194   * The privilege that provides the ability to update the server
195   * schema.
196   */
197  UPDATE_SCHEMA("update-schema"),
198
199
200
201  /**
202   * The privilege that provides the ability to change the set of
203   * privileges for a user, or to change the set of privileges
204   * automatically assigned to a root user.
205   */
206  PRIVILEGE_CHANGE("privilege-change"),
207
208
209
210  /**
211   * The privilege that provides the ability to perform an unindexed
212   * search in the JE backend.
213   */
214  UNINDEXED_SEARCH("unindexed-search"),
215
216
217
218  /**
219   * The privilege that provides the ability to perform write
220   * operations on LDAP subentries.
221   */
222  SUBENTRY_WRITE("subentry-write"),
223
224
225
226  /**
227   * The privilege that provides the ability to perform read
228   * operations on the changelog.
229   */
230  CHANGELOG_READ("changelog-read");
231
232
233  /** A map that will be used to hold a mapping between privilege names and enum values. */
234  private static final Map<String, Privilege> PRIV_MAP = new HashMap<>();
235
236  /**
237   * The set of privileges that will be automatically assigned to root
238   * users if the root privilege set is not specified in the configuration.
239   */
240  private static final Set<Privilege> DEFAULT_ROOT_PRIV_SET = new HashSet<>();
241
242
243  /** The human-readable name for this privilege. */
244  private final String privilegeName;
245
246
247
248  static
249  {
250    for (Privilege privilege : Privilege.values())
251    {
252      PRIV_MAP.put(privilege.privilegeName, privilege);
253    }
254
255    DEFAULT_ROOT_PRIV_SET.add(BYPASS_ACL);
256    DEFAULT_ROOT_PRIV_SET.add(BYPASS_LOCKDOWN);
257    DEFAULT_ROOT_PRIV_SET.add(MODIFY_ACL);
258    DEFAULT_ROOT_PRIV_SET.add(CONFIG_READ);
259    DEFAULT_ROOT_PRIV_SET.add(CONFIG_WRITE);
260    DEFAULT_ROOT_PRIV_SET.add(LDIF_IMPORT);
261    DEFAULT_ROOT_PRIV_SET.add(LDIF_EXPORT);
262    DEFAULT_ROOT_PRIV_SET.add(BACKEND_BACKUP);
263    DEFAULT_ROOT_PRIV_SET.add(BACKEND_RESTORE);
264    DEFAULT_ROOT_PRIV_SET.add(SERVER_LOCKDOWN);
265    DEFAULT_ROOT_PRIV_SET.add(SERVER_SHUTDOWN);
266    DEFAULT_ROOT_PRIV_SET.add(SERVER_RESTART);
267    DEFAULT_ROOT_PRIV_SET.add(DISCONNECT_CLIENT);
268    DEFAULT_ROOT_PRIV_SET.add(CANCEL_REQUEST);
269    DEFAULT_ROOT_PRIV_SET.add(PASSWORD_RESET);
270    DEFAULT_ROOT_PRIV_SET.add(UPDATE_SCHEMA);
271    DEFAULT_ROOT_PRIV_SET.add(PRIVILEGE_CHANGE);
272    DEFAULT_ROOT_PRIV_SET.add(UNINDEXED_SEARCH);
273    DEFAULT_ROOT_PRIV_SET.add(SUBENTRY_WRITE);
274    DEFAULT_ROOT_PRIV_SET.add(CHANGELOG_READ);
275  }
276
277
278
279  /**
280   * Creates a new privilege with the provided name.
281   *
282   * @param  privilegeName  The human-readable name for this policy.
283   */
284  private Privilege(String privilegeName)
285  {
286    this.privilegeName = privilegeName;
287  }
288
289
290
291  /**
292   * Retrieves the name for this privilege.
293   *
294   * @return  The name for this privilege.
295   */
296  public String getName()
297  {
298    return privilegeName;
299  }
300
301
302
303  /**
304   * Retrieves the privilege with the specified name.
305   *
306   * @param  lowerPrivName  The name of the privilege to retrieve,
307   *                        formatted in all lowercase characters.
308   *
309   * @return  The requested privilege, or {@code null} if the provided
310   *          value is not the name of a valid privilege.
311   */
312  public static Privilege privilegeForName(String lowerPrivName)
313  {
314    return PRIV_MAP.get(lowerPrivName);
315  }
316
317
318
319  /**
320   * Retrieves the human-readable name for this privilege.
321   *
322   * @return  The human-readable name for this privilege.
323   */
324  @Override
325  public String toString()
326  {
327    return privilegeName;
328  }
329
330
331
332  /**
333   * Retrieves the set of available privilege names.
334   *
335   * @return  The set of available privilege names.
336   */
337  public static Set<String> getPrivilegeNames()
338  {
339    return PRIV_MAP.keySet();
340  }
341
342
343
344  /**
345   * Retrieves the set of privileges that should be automatically
346   * granted to root users if the root privilege set is not specified
347   * in the configuration.
348   *
349   * @return  The set of privileges that should be automatically
350   *          granted to root users if the root privilege set is not
351   *          specified in the configuration.
352   */
353  public static Set<Privilege> getDefaultRootPrivileges()
354  {
355    return DEFAULT_ROOT_PRIV_SET;
356  }
357}
358