You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by da...@apache.org on 2011/09/27 22:18:49 UTC
svn commit: r1176591 [1/2] - in /db/derby/code/trunk/java:
drda/org/apache/derby/drda/ drda/org/apache/derby/impl/drda/
engine/org/apache/derby/iapi/reference/
engine/org/apache/derby/iapi/services/info/
engine/org/apache/derby/iapi/services/io/ engine...
Author: dag
Date: Tue Sep 27 20:18:48 2011
New Revision: 1176591
URL: http://svn.apache.org/viewvc?rev=1176591&view=rev
Log:
DERBY-5363 Tighten default permissions of DB files with >= JDK6
Patch derby-5363-full-5 implements the ability to restrict file
permission of newly created directories and files beyond the default
access (cf. umask on Posix file systems and similar on NTFS), i.e. to
the account creating the file. This behavior is controlled by a
property, "derby.storage.useDefaultFilePermissions", cf the release
notes attached to issue. By default the property is true, i.e. gives
the existing (lax) behavior on embedded and with the network server if started
via the API. If the server is started from the command line, the
new restrictive permissions apply by default.
Added:
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/engine/RestrictiveFilePermissionsTest.java (with props)
Modified:
db/derby/code/trunk/java/drda/org/apache/derby/drda/NetworkServerControl.java
db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy
db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy
db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/DssTrace.java
db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Property.java
db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/info/JVMInfo.java
db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/FileUtil.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/io/BaseStorageFactory.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/io/DirFile.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/io/DirFile4.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/io/InputStreamFile.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/io/VFMemoryStorageFactory.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/io/vfmem/VirtualFile.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/load/ExportWriteData.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/FileMonitor.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/StorageFactoryService.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/services/stream/SingleStream.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/RawStore.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/BaseDataFileFactory.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/RAFContainer.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/RFResource.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/StreamFileContainer.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/log/LogToFile.java
db/derby/code/trunk/java/engine/org/apache/derby/io/StorageFile.java
db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml
db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/MessageId.java
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/GetCurrentPropertiesTest.policy
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/RuntimeInfoTest.policy
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ServerPropertiesTest.policy
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/engine/_Suite.java
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/noAbortPermission.policy
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.initial.policy
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.modified.policy
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/corruptio/CorruptFile.java
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy
db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/TestConfiguration.java
Modified: db/derby/code/trunk/java/drda/org/apache/derby/drda/NetworkServerControl.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/drda/NetworkServerControl.java?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/drda/NetworkServerControl.java (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/drda/NetworkServerControl.java Tue Sep 27 20:18:48 2011
@@ -302,6 +302,11 @@ public class NetworkServerControl{
int command = server.parseArgs( args );
+ if (command == NetworkServerControlImpl.COMMAND_START) {
+ System.setProperty(Property.SERVER_STARTED_FROM_CMD_LINE,
+ "true");
+ }
+
//
// In order to run secure-by-default, we install a security manager
// if one isn't already installed. This feature is described by DERBY-2196.
Modified: db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy Tue Sep 27 20:18:48 2011
@@ -98,6 +98,9 @@ grant codeBase "${derby.install.url}derb
// Note that this permission must also be granted to outer (application) code domains.
//
permission java.sql.SQLPermission "callAbort";
+
+ // Needed by FileUtil#limitAccessToOwner
+ permission java.lang.RuntimePermission "accessUserInformation";
};
grant codeBase "${derby.install.url}derbynet.jar"
@@ -120,6 +123,8 @@ grant codeBase "${derby.install.url}derb
// Needed for server tracing.
//
permission java.io.FilePermission "${derby.drda.traceDirectory}${/}-", "read,write,delete";
+ // Needed by FileUtil#limitAccessToOwner
+ permission java.lang.RuntimePermission "accessUserInformation";
// Needed for NetworkServerMBean access (see JMX section above)
permission org.apache.derby.security.SystemPermission "server", "control,monitor";
Modified: db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy Tue Sep 27 20:18:48 2011
@@ -85,6 +85,9 @@ grant codeBase "${derby.install.url}derb
// Note that this permission must also be granted to outer (application) code domains.
//
permission java.sql.SQLPermission "callAbort";
+
+ // Needed by file permissions restriction system:
+ permission java.lang.RuntimePermission "accessUserInformation";
};
grant codeBase "${derby.install.url}derbynet.jar"
@@ -107,6 +110,9 @@ grant codeBase "${derby.install.url}derb
// Needed for server tracing.
//
permission java.io.FilePermission "${derby.drda.traceDirectory}${/}-", "read,write,delete";
+ // Needed by file permissions restriction system:
+ permission java.lang.RuntimePermission "accessUserInformation";
+ permission java.util.PropertyPermission "derby.__serverStartedFromCmdLine", "read, write";
//
// JMX: Uncomment this permission to allow the ping operation of the
Modified: db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/DssTrace.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/DssTrace.java?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/DssTrace.java (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/DssTrace.java Tue Sep 27 20:18:48 2011
@@ -24,10 +24,12 @@ import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.PrintWriter;
+import java.security.AccessControlException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
+import org.apache.derby.iapi.services.io.FileUtil;
// Generic process and error tracing encapsulation.
// This class also traces a DRDA communications buffer.
@@ -182,10 +184,23 @@ public class DssTrace
for (int attempt=0; attempt <2; attempt++) {
try {
// The writer will be buffered for effeciency.
- comBufferWriter = ((PrintWriter)AccessController.doPrivileged(
+ comBufferWriter =
+ ((PrintWriter)AccessController.doPrivileged(
new PrivilegedExceptionAction() {
- public Object run() throws SecurityException, IOException {
- return new PrintWriter (new java.io.BufferedWriter (new java.io.FileWriter (fileName), 4096));
+ public Object run()
+ throws SecurityException, IOException {
+ File f = new File(fileName);
+ boolean exists = f.exists();
+ PrintWriter pw =
+ new PrintWriter(
+ new java.io.BufferedWriter(
+ new java.io.FileWriter(
+ fileName),
+ 4096));
+ if (!exists) {
+ FileUtil.limitAccessToOwner(f);
+ }
+ return pw;
}
}));
// If we successfully made the file. break out here and don't retry
@@ -213,7 +228,13 @@ public class DssTrace
// has been granted.
boolean created = traceDirectory.mkdir();
if (!created) {
- traceDirectory.mkdirs();
+ created =
+ traceDirectory.mkdirs();
+ }
+
+ if (created) {
+ FileUtil.limitAccessToOwner(
+ traceDirectory);
}
return null;
}
Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Property.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Property.java?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Property.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Property.java Tue Sep 27 20:18:48 2011
@@ -1086,4 +1086,28 @@ public interface Property {
public static final String STORAGE_LOG_NOT_SYNCED =
"db2j.storage.logNotSynced";
+
+ /**
+ * derby.storage.useDefaultFilePermissions = {false,true}
+ * <p/>
+ * When set to true, the store system will not limit file permissions of
+ * files created by Derby to owner, but rely on the current OS default. On
+ * Unix, this is determined by {@code umask(1)}. Only relevant for JVM >=
+ * 6.
+ * <p/>
+ * The default value is {@code true} on embedded, but {@code false} on the
+ * Network server if started from command line, otherwise it is true for
+ * the server, too (i.e. started via API).
+ */
+ String STORAGE_USE_DEFAULT_FILE_PERMISSIONS =
+ "derby.storage.useDefaultFilePermissions";
+
+ /**
+ * Internal. True if the network server was started from the command line
+ * (not from API). Used to determine whether to narrow file permissions
+ * iff {@code derby.storage.useDefaultFilePermissions} isn't specified.
+ * <B>INTERNAL USE ONLY</B>
+ */
+ String SERVER_STARTED_FROM_CMD_LINE =
+ "derby.__serverStartedFromCmdLine";
}
Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/info/JVMInfo.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/info/JVMInfo.java?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/info/JVMInfo.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/info/JVMInfo.java Tue Sep 27 20:18:48 2011
@@ -56,6 +56,7 @@ public abstract class JVMInfo
public static final int J2SE_142 = 5;
public static final int J2SE_15 = 6; // aka J2SE 5.0
public static final int J2SE_16 = 7; // Java SE 6, not J2SE
+ public static final int J2SE_17 = 8; // Java SE 7
public static final boolean J2ME;
@@ -131,6 +132,10 @@ public abstract class JVMInfo
{
id = J2SE_16;
}
+ else if (javaVersion.equals("1.7"))
+ {
+ id = J2SE_17;
+ }
else
{
// aussme our lowest support unless the java spec
@@ -139,8 +144,8 @@ public abstract class JVMInfo
try {
- if (Float.parseFloat(javaVersion) > 1.6f)
- id = J2SE_16;
+ if (Float.parseFloat(javaVersion) > 1.7f)
+ id = J2SE_17;
} catch (NumberFormatException nfe) {
}
}
Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/FileUtil.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/FileUtil.java?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/FileUtil.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/FileUtil.java Tue Sep 27 20:18:48 2011
@@ -21,13 +21,28 @@
package org.apache.derby.iapi.services.io;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.lang.reflect.Array;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.lang.reflect.Field;
import org.apache.derby.io.StorageFactory;
import org.apache.derby.io.WritableStorageFactory;
import org.apache.derby.io.StorageFile;
-import java.io.*;
import java.net.MalformedURLException;
import java.net.URL;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import org.apache.derby.iapi.reference.Property;
+import org.apache.derby.iapi.services.property.PropertyUtil;
+import org.apache.derby.shared.common.sanity.SanityManager;
/**
A set of public static methods for dealing with File objects.
@@ -129,6 +144,8 @@ public abstract class FileUtil {
return false;
}
+ limitAccessToOwner(to);
+
String[] list = from.list();
// Some JVMs return null for File.list() when the
@@ -169,10 +186,6 @@ nextFile: for (int i = 0; i < list.lengt
return true;
}
- public static boolean copyFile(File from, File to)
- {
- return copyFile(from, to, (byte[])null);
- }
public static boolean copyFile(File from, File to, byte[] buf)
{
@@ -187,6 +200,7 @@ nextFile: for (int i = 0; i < list.lengt
try {
from_s = new FileInputStream(from);
to_s = new FileOutputStream(to);
+ limitAccessToOwner(to);
for (int bytesRead = from_s.read(buf);
bytesRead != -1;
@@ -221,13 +235,6 @@ nextFile: for (int i = 0; i < list.lengt
return true;
}
- public static boolean copyDirectory( StorageFactory storageFactory,
- StorageFile from,
- File to)
- {
- return copyDirectory( storageFactory, from, to, null, null, true);
- }
-
public static boolean copyDirectory( StorageFactory storageFactory,
StorageFile from,
@@ -254,6 +261,8 @@ nextFile: for (int i = 0; i < list.lengt
return false;
}
+ limitAccessToOwner(to);
+
String[] list = from.list();
// Some JVMs return null for File.list() when the
@@ -315,6 +324,7 @@ nextFile: for (int i = 0; i < list.lengt
try {
from_s = from.getInputStream();
to_s = new FileOutputStream( to);
+ limitAccessToOwner(to);
if (buf == null)
buf = new byte[BUFFER_SIZE]; // reuse this buffer to copy files
@@ -383,7 +393,9 @@ nextFile: for (int i = 0; i < list.lengt
return false;
}
- String[] list = from.list();
+ to.limitAccessToOwner();
+
+ String[] list = from.list();
// Some JVMs return null for File.list() when the
// directory is empty.
@@ -573,4 +585,398 @@ nextFile: for (int i = 0; i < list.lengt
return result;
}
+
+
+ // Members used by limitAccessToOwner
+ private static final Object region = new Object();
+ private static boolean initialized = false;
+
+ // Reflection helper objects for calling into Java >= 6
+ private static Method setWrite = null;
+ private static Method setRead = null;
+ private static Method setExec = null;
+
+ // Reflection helper objects for calling into Java >= 7
+ private static Class fileClz = File.class;
+ private static Class filesClz;
+ private static Class pathClz;
+ private static Class pathsClz;
+ private static Class aclEntryClz;
+ private static Class aclFileAttributeViewClz;
+ private static Class posixFileAttributeViewClz;
+ private static Class userPrincipalClz;
+ private static Class linkOptionArrayClz;
+ private static Class linkOptionClz;
+ private static Class stringArrayClz;
+ private static Class aclEntryBuilderClz;
+ private static Class aclEntryTypeClz;
+
+ private static Method get;
+ private static Method getFileAttributeView;
+ private static Method getOwner;
+ private static Method getAcl;
+ private static Method setAcl;
+ private static Method principal;
+ private static Method getName;
+ private static Method build;
+ private static Method newBuilder;
+ private static Method setPrincipal;
+ private static Method setType;
+
+ private static Field allow;
+ /**
+ * Use when creating new files. If running with Java 6 or higher on Unix,
+ * limit read and write permissions on {@code file} to owner if {@code
+ * derby.storage.useDefaultFilePermissions == false}.
+ * <p/>
+ * If the property is not specified, we use restrictive permissions anyway
+ * iff running with the server server started from the command line.
+ * <p/>
+ * On Unix, this is equivalent to running with umask 0077.
+ * <p/>
+ * On Windows, with FAT/FAT32, we lose, since the fs does not support
+ * permissions, only a read-only flag.
+ * <p/>
+ * On Windows, with NTFS with ACLs, if running with Java 7 or higher, we
+ * limit access also for Windows using the new {@code
+ * java.nio.file.attribute} package.
+ *
+ * @param file assumed to be just created
+ */
+ public static void limitAccessToOwner(File file) {
+
+ String value = PropertyUtil.getSystemProperty(
+ Property.STORAGE_USE_DEFAULT_FILE_PERMISSIONS);
+
+ if (value != null) {
+ if (Boolean.valueOf(value.trim()).booleanValue()) {
+ return;
+ }
+ } else {
+ // The property has not been specified. Only proceed if we are
+ // running with the network server started from the command line.
+ if ( !PropertyUtil.getSystemBoolean(
+ Property.SERVER_STARTED_FROM_CMD_LINE, false)) {
+ return;
+ }
+ }
+
+ // lazy initialization, needs to be called in security context
+ synchronized (region) {
+ if (!initialized) {
+ initialized = true;
+ // >= Java 6
+ try {
+ setWrite = fileClz.getMethod(
+ "setWritable",
+ new Class[]{Boolean.TYPE, Boolean.TYPE});
+ setRead = fileClz.getMethod(
+ "setReadable",
+ new Class[]{Boolean.TYPE, Boolean.TYPE});
+ setExec = fileClz.getMethod(
+ "setExecutable",
+ new Class[]{Boolean.TYPE, Boolean.TYPE});
+ } catch (NoSuchMethodException e) {
+ // not Java 6 or higher
+ }
+
+ // >= Java 7
+ try {
+ // If found, we have >= Java 7.
+ filesClz = Class.forName(
+ "java.nio.file.Files");
+ pathClz = Class.forName(
+ "java.nio.file.Path");
+ pathsClz = Class.forName(
+ "java.nio.file.Paths");
+ aclEntryClz = Class.forName(
+ "java.nio.file.attribute.AclEntry");
+ aclFileAttributeViewClz = Class.forName(
+ "java.nio.file.attribute.AclFileAttributeView");
+ posixFileAttributeViewClz = Class.forName(
+ "java.nio.file.attribute.PosixFileAttributeView");
+ userPrincipalClz = Class.forName(
+ "java.nio.file.attribute.UserPrincipal");
+ linkOptionArrayClz = Class.forName(
+ "[Ljava.nio.file.LinkOption;");
+ linkOptionClz = Class.forName(
+ "java.nio.file.LinkOption");
+ stringArrayClz = Class.forName(
+ "[Ljava.lang.String;");
+ aclEntryBuilderClz = Class.forName(
+ "java.nio.file.attribute.AclEntry$Builder");
+ aclEntryTypeClz = Class.forName(
+ "java.nio.file.attribute.AclEntryType");
+
+ get = pathsClz.
+ getMethod("get",
+ new Class[]{String.class, stringArrayClz});
+
+ getFileAttributeView = filesClz.
+ getMethod("getFileAttributeView",
+ new Class[]{pathClz,
+ Class.class,
+ linkOptionArrayClz});
+
+ getOwner = filesClz.
+ getMethod("getOwner",
+ new Class[]{pathClz, linkOptionArrayClz});
+ getAcl = aclFileAttributeViewClz.
+ getMethod("getAcl", new Class[]{});
+ setAcl = aclFileAttributeViewClz.
+ getMethod("setAcl", new Class[]{List.class});
+ principal = aclEntryClz.
+ getMethod("principal", new Class[]{});
+ getName = userPrincipalClz.
+ getMethod("getName", new Class[]{});
+ build = aclEntryBuilderClz.
+ getMethod("build", new Class[]{});
+ newBuilder = aclEntryClz.
+ getMethod("newBuilder", new Class[]{});
+ setPrincipal = aclEntryBuilderClz.
+ getMethod("setPrincipal",
+ new Class[]{userPrincipalClz});
+ setType = aclEntryBuilderClz.
+ getMethod("setType", new Class[]{aclEntryTypeClz});
+
+ allow = aclEntryTypeClz.getField("ALLOW");
+
+ } catch (NoSuchMethodException e) {
+ // not Java 7 or higher
+ } catch (ClassNotFoundException e) {
+ // not Java 7 or higher
+ } catch (NoSuchFieldException e) {
+ // not Java 7 or higher
+ }
+ }
+ }
+
+ if (setWrite == null) {
+ // JVM level too low
+ return;
+ }
+
+ if (limitAccessToOwnerViaACLs(file)) {
+ return;
+ }
+
+ try {
+ //
+ // First switch off all write access
+ //
+ Object r;
+
+ r = setWrite.invoke(
+ file,
+ new Object[]{Boolean.FALSE, Boolean.FALSE});
+ assertTrue(r);
+
+ //
+ // Next, switch on write again, but for owner only
+ //
+ r = setWrite.invoke(
+ file,
+ new Object[]{Boolean.TRUE, Boolean.TRUE});
+ assertTrue(r);
+
+ //
+ // First switch off all read access
+ //
+ r = setRead.invoke(
+ file,
+ new Object[]{Boolean.FALSE, Boolean.FALSE});
+ assertTrue(r);
+
+ //
+ // Next, switch on read access again, but for owner only
+ //
+ r = setRead.invoke(
+ file,
+ new Object[]{Boolean.TRUE, Boolean.TRUE});
+ assertTrue(r);
+
+
+ if (file.isDirectory()) {
+ //
+ // First switch off all exec access
+ //
+ r = setExec.invoke(
+ file,
+ new Object[]{Boolean.FALSE, Boolean.FALSE});
+ assertTrue(r);
+
+ //
+ // Next, switch on read exec again, but for owner only
+ //
+ r = setExec.invoke(
+ file,
+ new Object[]{Boolean.TRUE, Boolean.TRUE});
+ assertTrue(r);
+ }
+ } catch (InvocationTargetException e) {
+ // setWritable/setReadable can throw SecurityException
+ throw (SecurityException)e.getCause();
+ } catch (IllegalAccessException e) {
+ // coding error
+ if (SanityManager.DEBUG) {
+ SanityManager.THROWASSERT(e);
+ }
+ }
+ }
+
+ private static void assertTrue(Object r){
+ // We should always have the permission to modify the access since have
+ // just created the file. On some file systems, some operations will
+ // not work, though, notably FAT/FAT32, as well as NTFS on java < 7, so
+ // we ignore it the failure.
+ if (SanityManager.DEBUG) {
+ Boolean b = (Boolean)r;
+
+ if (!b.booleanValue()) {
+ String os =
+ PropertyUtil.getSystemProperty("os.name").toLowerCase();
+
+ if (os.indexOf("windows") >= 0) {
+ // expect this to fail, Java 6 on Windows doesn't cut it,
+ // known not to work.
+ } else {
+ SanityManager.THROWASSERT(
+ "File.set{RWX} failed on this file system");
+ }
+ }
+ }
+ }
+
+ private static boolean limitAccessToOwnerViaACLs(File file) {
+
+ // See if we are running on JDK 7 so we can deny access
+ // using the new java.nio.file.attribute package.
+
+ if (filesClz == null) {
+ // nope
+ return false;
+ }
+
+ // We have Java 7, so call. We need to call reflectively, since the
+ // source level isn't yet at Java 7.
+ try {
+ // Path fileP = Paths.get(file.getPath());
+ Object fileP = get.invoke(
+ null, new Object[]{file.getPath(), new String[]{}});
+
+ // AclFileAttributeView view =
+ // Files.getFileAttributeView(fileP,
+ // AclFileAttributeView.class);
+ Object view = getFileAttributeView.invoke(
+ null,
+ new Object[]{fileP,
+ aclFileAttributeViewClz,
+ Array.newInstance(linkOptionClz, 0)});
+
+ if (view == null) {
+ // ACLs not supported on this platform
+ return false;
+ }
+
+ // If we have a posix view, we can use ACLs to interface
+ // the usual Unix permission masks vi the special principals
+ // OWNER@, GROUP@ and EVERYONE@
+
+ // PosixFileAttributeView posixView =
+ // Files.getFileAttributeView(fileP, PosixFileAttributeView.class);
+ Object posixView = getFileAttributeView.invoke(
+ null,
+ new Object[]{fileP,
+ posixFileAttributeViewClz,
+ Array.newInstance(linkOptionClz, 0)});
+
+ // UserPrincipal owner = Files.getOwner(fileP);
+ Object owner = getOwner.invoke(
+ null,
+ new Object[]{fileP, Array.newInstance(linkOptionClz, 0)});
+
+ // List<AclEntry> oldAcl = view.getAcl();
+ // List<AclEntry> newAcl = new ArrayList<>();
+
+ List oldAcl = (List)getAcl.invoke(view, null);
+ List newAcl = new ArrayList();
+
+ // for (AclEntry ace : oldAcl) {
+ // if (posixView != null) {
+ // if (ace.principal().getName().equals("OWNER@")) {
+ // // retain permission for owner
+ // newAcl.add(ace);
+ // } else if (
+ // ace.principal().getName().equals("GROUP@") ||
+ // ace.principal().getName().equals("EVERYONE@")) {
+ //
+ // AclEntry.Builder aceb = AclEntry.newBuilder();
+ // aceb.setPrincipal(ace.principal())
+ // .setType(AclEntryType.ALLOW);
+ // // add no permissions for the group and other
+ // newAcl.add(aceb.build());
+ // }
+ // } else {
+ // // NTFS, hopefully
+ // if (ace.principal().equals(owner)) {
+ // newAcl.add(ace);
+ // }
+ // }
+ // }
+
+ for (Iterator i = oldAcl.iterator(); i.hasNext();) {
+ Object ace = i.next();
+ Object princ = principal.invoke(ace, null);
+ String princName = (String)getName.invoke(princ, null);
+
+ if (posixView != null) {
+ if (princName.equals("OWNER@")) {
+ // retain permission for owner
+ newAcl.add(ace);
+ } else if (
+ princName.equals("GROUP@") ||
+ princName.equals("EVERYONE@")) {
+
+ // add ALLOW ACE w/no permissions for group and other
+
+ Object aceb = newBuilder.invoke(null, null);
+ Object allowValue = allow.get(aclEntryTypeClz);
+
+ aceb = setPrincipal.invoke(aceb, new Object[]{princ});
+ aceb = setType.invoke(aceb, new Object[]{allowValue});
+ newAcl.add(build.invoke(aceb, null));
+ }
+ } else {
+ // NTFS, hopefully
+ if (princ.equals(owner)) {
+ newAcl.add(ace);
+ }
+ }
+ }
+
+ // view.setAcl(newAcl);
+ setAcl.invoke(view, new Object[]{newAcl});
+
+ } catch (IllegalAccessException e) {
+ // coding error
+ if (SanityManager.DEBUG) {
+ SanityManager.THROWASSERT(e);
+ }
+ } catch (IllegalArgumentException e) {
+ // coding error
+ if (SanityManager.DEBUG) {
+ SanityManager.THROWASSERT(e);
+ }
+ } catch (InvocationTargetException e) {
+ // java.security.AccessControlException: access denied
+ // ("java.lang.RuntimePermission" "accessUserInformation") can
+ // happen, so throw.
+ //
+ // Should we get an IOException from getOwner, the cast below
+ // would throw which is fine, since it should not happen.
+ throw (RuntimeException)e.getCause();
+ }
+
+ return true;
+ }
}
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/io/BaseStorageFactory.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/io/BaseStorageFactory.java?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/io/BaseStorageFactory.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/io/BaseStorageFactory.java Tue Sep 27 20:18:48 2011
@@ -257,6 +257,7 @@ abstract class BaseStorageFactory implem
tempDir.deleteAll();
tempDir.mkdirs();
+ tempDir.limitAccessToOwner();
tempDirPath = tempDir.getPath();
} // end of createTempDir
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/io/DirFile.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/io/DirFile.java?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/io/DirFile.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/io/DirFile.java Tue Sep 27 20:18:48 2011
@@ -36,6 +36,10 @@ import java.io.FileNotFoundException;
import java.io.RandomAccessFile;
import java.net.MalformedURLException;
import java.net.URL;
+import java.security.AccessControlException;
+import org.apache.derby.iapi.error.StandardException;
+import org.apache.derby.iapi.services.io.FileUtil;
+import org.apache.derby.shared.common.reference.SQLState;
/**
* This class provides a disk based implementation of the StorageFile interface. It is used by the
@@ -91,20 +95,6 @@ class DirFile extends File implements St
}
/**
- * Get the name of the directory of temporary files.
- *
- * @return The abstract name of the temp directory;
- */
- static StorageFile getTempDir() throws IOException
- {
- File temp = File.createTempFile("derby", "tmp");
- StorageFile parent = new DirFile( temp.getParent());
- temp.delete();
-
- return parent;
- } // End of getTempDir
-
- /**
* Creates an output stream from a file name.
*
* @return an output stream suitable for writing to the file.
@@ -115,7 +105,14 @@ class DirFile extends File implements St
*/
public OutputStream getOutputStream( ) throws FileNotFoundException
{
- return new FileOutputStream( (File) this);
+ boolean exists = exists();
+ OutputStream result = new FileOutputStream(this);
+
+ if (!exists) {
+ FileUtil.limitAccessToOwner(this);
+ }
+
+ return result;
}
/**
@@ -133,7 +130,14 @@ class DirFile extends File implements St
*/
public OutputStream getOutputStream( final boolean append) throws FileNotFoundException
{
- return new FileOutputStream( getPath(), append);
+ boolean exists = exists();
+ OutputStream result = new FileOutputStream( getPath(), append);
+
+ if (!exists) {
+ FileUtil.limitAccessToOwner(this);
+ }
+
+ return result;
}
/**
@@ -157,7 +161,7 @@ class DirFile extends File implements St
* EXCLUSIVE_FILE_LOCK if the lock was successfully acquired.<br>
* NO_FILE_LOCK_SUPPORT if the system does not support exclusive locks.<br>
*/
- public synchronized int getExclusiveFileLock()
+ public synchronized int getExclusiveFileLock() throws StandardException
{
if (exists())
{
@@ -167,6 +171,7 @@ class DirFile extends File implements St
{
//Just create an empty file
RandomAccessFile lockFileOpen = new RandomAccessFile( (File) this, "rw");
+ limitAccessToOwner();
lockFileOpen.getFD().sync( );
lockFileOpen.close();
}catch(IOException ioe)
@@ -273,4 +278,8 @@ class DirFile extends File implements St
return toURL();
}
+
+ public void limitAccessToOwner() {
+ FileUtil.limitAccessToOwner(this);
+ }
}
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/io/DirFile4.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/io/DirFile4.java?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/io/DirFile4.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/io/DirFile4.java Tue Sep 27 20:18:48 2011
@@ -34,6 +34,9 @@ import java.io.RandomAccessFile;
import java.nio.channels.FileChannel;
import java.nio.channels.FileLock;
import java.nio.channels.OverlappingFileLockException;
+import java.security.AccessControlException;
+import org.apache.derby.iapi.error.StandardException;
+import org.apache.derby.shared.common.reference.SQLState;
/**
* This class implements the StorageFile interface using features of Java 1.4 not available in earlier
@@ -115,7 +118,7 @@ class DirFile4 extends DirFile
return new FileOutputStream( (File) this, append);
}
- public synchronized int getExclusiveFileLock()
+ public synchronized int getExclusiveFileLock() throws StandardException
{
boolean validExclusiveLock = false;
int status;
@@ -152,6 +155,7 @@ class DirFile4 extends DirFile
if(validExclusiveLock)
{
lockFileOpen = new RandomAccessFile((File) this, "rw");
+ limitAccessToOwner(); // tamper-proof..
lockFileChannel = lockFileOpen.getChannel();
dbLock =lockFileChannel.tryLock();
if(dbLock == null)
@@ -176,7 +180,7 @@ class DirFile4 extends DirFile
}catch(IOException ioe)
{
- // do nothing - it may be read only medium, who knows what the
+ // do nothing - it may be read only medium, who knows what the
// problem is
//release all the possible resource we created in this functions.
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/io/InputStreamFile.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/io/InputStreamFile.java?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/io/InputStreamFile.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/io/InputStreamFile.java Tue Sep 27 20:18:48 2011
@@ -34,6 +34,7 @@ import java.io.IOException;
import java.io.FileNotFoundException;
import java.net.MalformedURLException;
import java.net.URL;
+import org.apache.derby.iapi.error.StandardException;
/**
* This class provides the base for read-only stream implementations of the StorageFile interface. It is used with the
@@ -369,7 +370,7 @@ abstract class InputStreamFile implement
* EXCLUSIVE_FILE_LOCK if the lock was successfully acquired.<br>
* NO_FILE_LOCK_SUPPORT if the system does not support exclusive locks.<br>
*/
- public int getExclusiveFileLock()
+ public int getExclusiveFileLock() throws StandardException
{
return NO_FILE_LOCK_SUPPORT;
}
@@ -427,4 +428,6 @@ abstract class InputStreamFile implement
public URL getURL() throws MalformedURLException {
throw new MalformedURLException(toString());
}
+
+ public void limitAccessToOwner() {};
}
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/io/VFMemoryStorageFactory.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/io/VFMemoryStorageFactory.java?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/io/VFMemoryStorageFactory.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/io/VFMemoryStorageFactory.java Tue Sep 27 20:18:48 2011
@@ -156,6 +156,7 @@ public class VFMemoryStorageFactory
// This check is also used by BaseStorageFactory.
if (uniqueName != null && tempDir != null && !tempDir.exists()) {
tempDir.mkdirs();
+ tempDir.limitAccessToOwner(); // nop, but follow pattern
}
}
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/io/vfmem/VirtualFile.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/io/vfmem/VirtualFile.java?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/io/vfmem/VirtualFile.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/io/vfmem/VirtualFile.java Tue Sep 27 20:18:48 2011
@@ -25,6 +25,7 @@ import java.io.FileNotFoundException;
import java.io.InputStream;
import java.io.OutputStream;
+import org.apache.derby.iapi.error.StandardException;
import org.apache.derby.io.StorageFile;
import org.apache.derby.io.StorageRandomAccessFile;
@@ -319,7 +320,7 @@ public class VirtualFile
return entry.getInputStream();
}
- public int getExclusiveFileLock() {
+ public int getExclusiveFileLock() throws StandardException {
// Just return success.
// Since the databases created by this storeage factory can only be
// accessed by the JVM in which it is running, there is no need to
@@ -386,4 +387,6 @@ public class VirtualFile
private DataStoreEntry getEntry() {
return dStore.getEntry(path);
}
+
+ public void limitAccessToOwner() {};
}
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/load/ExportWriteData.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/load/ExportWriteData.java?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/load/ExportWriteData.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/load/ExportWriteData.java Tue Sep 27 20:18:48 2011
@@ -105,7 +105,10 @@ final class ExportWriteData extends Expo
FileOutputStream lobOutputStream = null;
try {
+ File outputFile = new File(outputFileName);
anOutputStream = new FileOutputStream(outputFileName);
+ FileUtil.limitAccessToOwner(outputFile);
+
buffered = new BufferedOutputStream(anOutputStream);
aStream = dataCodeset == null ?
@@ -129,6 +132,8 @@ final class ExportWriteData extends Expo
}
lobOutputStream = new FileOutputStream(lobsFile);
+ FileUtil.limitAccessToOwner(lobsFile);
+
lobOutBinaryStream = new BufferedOutputStream(lobOutputStream);
// helper stream to convert char data to binary, after conversion
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/FileMonitor.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/FileMonitor.java?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/FileMonitor.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/FileMonitor.java Tue Sep 27 20:18:48 2011
@@ -136,6 +136,7 @@ public final class FileMonitor extends B
}
} else if (!lite) {
+ boolean created = false;
try {
// SECURITY PERMISSION - OP2b
// Attempt to create just the folder initially
@@ -151,10 +152,14 @@ public final class FileMonitor extends B
// and mkdirs() retains existing (pre10.3) behaviour
// but avoids requiring read permission on the parent
// directory if it exists.
- boolean created = home.mkdir() || home.mkdirs();
+ created = home.mkdir() || home.mkdirs();
} catch (SecurityException se) {
return false;
}
+
+ if (created) {
+ FileUtil.limitAccessToOwner(home);
+ }
}
}
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/StorageFactoryService.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/StorageFactoryService.java?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/StorageFactoryService.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/StorageFactoryService.java Tue Sep 27 20:18:48 2011
@@ -56,6 +56,7 @@ import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import java.security.PrivilegedActionException;
+import org.apache.derby.iapi.services.io.FileUtil;
/**
* This class implements the PersistentService interface using a StorageFactory class.
@@ -91,10 +92,14 @@ final class StorageFactoryService implem
home = relativeRoot.getPath();
canonicalHome = relativeRoot.getCanonicalPath();
rootStorageFactory = getStorageFactoryInstance( true, null, null, null);
+
if( home != null)
{
StorageFile rootDir = rootStorageFactory.newStorageFile( null);
- rootDir.mkdirs();
+ boolean created = rootDir.mkdirs();
+ if (created) {
+ rootDir.limitAccessToOwner();
+ }
}
return null;
}
@@ -422,6 +427,8 @@ final class StorageFactoryService implem
try {
fos = new FileOutputStream(servicePropertiesFile);
+ FileUtil.limitAccessToOwner(servicePropertiesFile);
+
properties.store(fos,
serviceName +
MessageService.getTextMessage(
@@ -430,7 +437,6 @@ final class StorageFactoryService implem
fos.close();
fos = null;
} catch (IOException ioe) {
-
if (fos != null) {
try {
fos.close();
@@ -643,6 +649,8 @@ final class StorageFactoryService implem
if (serviceDirectory.mkdirs())
{
+ serviceDirectory.limitAccessToOwner();
+
try
{
return storageFactory.getCanonicalName();
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/services/stream/SingleStream.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/services/stream/SingleStream.java?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/services/stream/SingleStream.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/services/stream/SingleStream.java Tue Sep 27 20:18:48 2011
@@ -25,9 +25,7 @@ import org.apache.derby.iapi.services.st
import org.apache.derby.iapi.services.stream.HeaderPrintWriter;
import org.apache.derby.iapi.services.stream.PrintWriterGetHeader;
-import org.apache.derby.iapi.services.sanity.SanityManager;
import org.apache.derby.iapi.services.monitor.ModuleControl;
-import org.apache.derby.iapi.services.monitor.ModuleSupportable;
import org.apache.derby.iapi.services.monitor.Monitor;
import org.apache.derby.iapi.reference.Property;
@@ -47,6 +45,9 @@ import java.lang.reflect.Field;
import java.lang.reflect.Modifier;
import java.lang.reflect.Member;
import java.lang.reflect.InvocationTargetException;
+import org.apache.derby.iapi.services.i18n.MessageService;
+import org.apache.derby.iapi.services.io.FileUtil;
+import org.apache.derby.shared.common.reference.MessageId;
/**
*
@@ -195,6 +196,7 @@ implements InfoStreams, ModuleControl, j
fos = new FileOutputStream(streamFile.getPath(), true);
else
fos = new FileOutputStream(streamFile);
+ FileUtil.limitAccessToOwner(streamFile);
} catch (IOException ioe) {
return useDefaultStream(header, ioe);
} catch (SecurityException se) {
@@ -340,7 +342,16 @@ implements InfoStreams, ModuleControl, j
private HeaderPrintWriter useDefaultStream(PrintWriterGetHeader header, Throwable t) {
HeaderPrintWriter hpw = useDefaultStream(header);
- hpw.printlnWithHeader(t.toString());
+
+ while (t != null) {
+ Throwable causedBy = t.getCause();
+ String causedByStr =
+ MessageService.getTextMessage(MessageId.CAUSED_BY);
+ hpw.printlnWithHeader(
+ t.toString() + (causedBy != null ? " " + causedByStr : ""));
+ t = causedBy;
+ }
+
return hpw;
}
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/RawStore.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/RawStore.java?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/RawStore.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/RawStore.java Tue Sep 27 20:18:48 2011
@@ -57,11 +57,8 @@ import org.apache.derby.io.StorageFactor
import org.apache.derby.io.WritableStorageFactory;
import org.apache.derby.io.StorageFile;
import org.apache.derby.iapi.store.access.DatabaseInstant;
-import org.apache.derby.catalog.UUID;
-import org.apache.derby.iapi.services.property.PropertyUtil;
import org.apache.derby.iapi.services.io.FileUtil;
import org.apache.derby.iapi.util.ReuseFactory;
-import org.apache.derby.iapi.util.StringUtil;
import org.apache.derby.iapi.reference.Attribute;
import org.apache.derby.iapi.reference.SQLState;
import org.apache.derby.iapi.reference.MessageId;
@@ -69,17 +66,14 @@ import org.apache.derby.iapi.reference.P
import java.security.AccessController;
import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
import java.security.SecureRandom;
import java.util.Date;
import java.util.Properties;
import java.io.Serializable;
import java.io.File;
-import java.io.FileOutputStream;
-import java.io.FileInputStream;
-import java.io.IOException;
import java.io.FileNotFoundException;
+import java.io.IOException;
import java.io.OutputStreamWriter;
import java.net.MalformedURLException;
@@ -2200,6 +2194,7 @@ public final class RawStore implements R
}
protected boolean privCopyDirectory(StorageFile from, File to)
+ throws StandardException
{
return privCopyDirectory(from, to, (byte[])null,
(String[])null, true);
@@ -2426,6 +2421,7 @@ public final class RawStore implements R
byte[] buffer,
String[] filter,
boolean copySubdirs)
+ throws StandardException
{
actionCode = COPY_STORAGE_DIRECTORY_TO_REGULAR_ACTION;
actionStorageFile = from;
@@ -2439,7 +2435,9 @@ public final class RawStore implements R
Object ret = AccessController.doPrivileged( this);
return ((Boolean) ret).booleanValue();
}
- catch( PrivilegedActionException pae) { return false;} // does not throw an exception
+ catch( PrivilegedActionException pae) {
+ throw (StandardException)pae.getCause();
+ }
finally
{
actionStorageFile = null;
@@ -2494,6 +2492,7 @@ public final class RawStore implements R
}
private synchronized boolean privCopyFile( StorageFile from, File to)
+ throws StandardException
{
actionCode = COPY_STORAGE_FILE_TO_REGULAR_ACTION;
actionStorageFile = from;
@@ -2504,7 +2503,9 @@ public final class RawStore implements R
Object ret = AccessController.doPrivileged( this);
return ((Boolean) ret).booleanValue();
}
- catch( PrivilegedActionException pae) { return false;} // does not throw an exception
+ catch( PrivilegedActionException pae) {
+ throw (StandardException)pae.getCause();
+ }
finally
{
actionStorageFile = null;
@@ -2576,7 +2577,7 @@ public final class RawStore implements R
{
return (String) AccessController.doPrivileged( this);
}
- catch( PrivilegedActionException pae) {
+ catch( PrivilegedActionException pae) {
return null;
} // does not throw an exception
catch(SecurityException se) {
@@ -2600,7 +2601,7 @@ public final class RawStore implements R
{
return (String) AccessController.doPrivileged( this);
}
- catch( PrivilegedActionException pae) {
+ catch( PrivilegedActionException pae) {
return null;
} // does not throw an exception
catch(SecurityException se) {
@@ -2616,7 +2617,7 @@ public final class RawStore implements R
// PrivilegedExceptionAction method
- public final Object run() throws IOException
+ public final Object run() throws IOException, StandardException
{
switch(actionCode)
{
@@ -2638,7 +2639,11 @@ public final class RawStore implements R
case REGULAR_FILE_MKDIRS_ACTION:
// SECURITY PERMISSION - OP4
- return ReuseFactory.getBoolean(actionRegularFile.mkdirs());
+ boolean created = actionRegularFile.mkdirs();
+
+ FileUtil.limitAccessToOwner(actionRegularFile);
+
+ return ReuseFactory.getBoolean(created);
case REGULAR_FILE_IS_DIRECTORY_ACTION:
// SECURITY PERMISSION - MP1
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/BaseDataFileFactory.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/BaseDataFileFactory.java?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/BaseDataFileFactory.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/BaseDataFileFactory.java Tue Sep 27 20:18:48 2011
@@ -82,10 +82,12 @@ import java.util.Hashtable;
import java.util.Enumeration;
import java.io.File;
+import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.URL;
+import java.security.AccessControlException;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.PrivilegedAction;
@@ -1916,6 +1918,7 @@ public class BaseDataFileFactory
// SECURITY PERMISSION MP1
// SECURITY PERMISSION OP5
fileLockOnDB = fileLock.getRandomAccessFile( "rw");
+ fileLock.limitAccessToOwner();
// write it out for future reference
fileLockOnDB.writeUTF(myUUID.toString());
@@ -2005,6 +2008,7 @@ public class BaseDataFileFactory
if(fileLockOnDB != null)
fileLockOnDB.close();
fileLockOnDB = fileLock.getRandomAccessFile( "rw");
+ fileLock.limitAccessToOwner();
// write it out for future reference
fileLockOnDB.writeUTF(myUUID.toString());
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/RAFContainer.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/RAFContainer.java?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/RAFContainer.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/RAFContainer.java Tue Sep 27 20:18:48 2011
@@ -780,6 +780,8 @@ class RAFContainer extends FileContainer
directory);
}
}
+
+ directory.limitAccessToOwner();
}
}
}
@@ -1092,6 +1094,7 @@ class RAFContainer extends FileContainer
backupFile = new File(backupLocation , file.getName());
backupRaf = new RandomAccessFile(backupFile, "rw");
+ FileUtil.limitAccessToOwner(backupFile);
byte[] encryptionBuf = null;
if (dataFactory.databaseEncrypted()) {
@@ -1338,6 +1341,7 @@ class RAFContainer extends FileContainer
try
{
fileData = file.getRandomAccessFile( "rw");
+ file.limitAccessToOwner();
}
finally
{
@@ -1576,6 +1580,7 @@ class RAFContainer extends FileContainer
{
// write the header to the stub
stubData = stub.getRandomAccessFile( "rw");
+ stub.limitAccessToOwner();
writeRAFHeader(
actionIdentity,
@@ -1654,7 +1659,14 @@ class RAFContainer extends FileContainer
case GET_RANDOM_ACCESS_FILE_ACTION: {
try
{
- return actionFile.getRandomAccessFile("rw");
+ boolean exists = actionFile.exists();
+ Object result = actionFile.getRandomAccessFile("rw");
+
+ if (!exists) {
+ actionFile.limitAccessToOwner();
+ }
+
+ return result;
}
catch (FileNotFoundException fnfe)
{
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/RFResource.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/RFResource.java?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/RFResource.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/RFResource.java Tue Sep 27 20:18:48 2011
@@ -21,6 +21,7 @@
package org.apache.derby.impl.store.raw.data;
+import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
@@ -89,6 +90,9 @@ class RFResource implements FileResource
tran.blockBackup(true);
StorageFile directory = file.getParentDir();
+ StorageFile parentDir = directory.getParentDir();
+ boolean pdExisted = parentDir.exists();
+
if (!directory.exists())
{
if (!directory.mkdirs())
@@ -96,6 +100,12 @@ class RFResource implements FileResource
throw StandardException.newException(
SQLState.FILE_CANNOT_CREATE_SEGMENT, directory);
}
+
+ directory.limitAccessToOwner();
+
+ if (!pdExisted) {
+ parentDir.limitAccessToOwner();
+ }
}
os = file.getOutputStream();
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/StreamFileContainer.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/StreamFileContainer.java?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/StreamFileContainer.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/StreamFileContainer.java Tue Sep 27 20:18:48 2011
@@ -1178,7 +1178,9 @@ public class StreamFileContainer impleme
case STORAGE_FILE_DELETE_ACTION:
return ReuseFactory.getBoolean(actionStorageFile.delete());
case STORAGE_FILE_MKDIRS_ACTION:
- return ReuseFactory.getBoolean(actionStorageFile.mkdirs());
+ boolean created = actionStorageFile.mkdirs();
+ actionStorageFile.limitAccessToOwner();
+ return ReuseFactory.getBoolean(created);
case STORAGE_FILE_GET_OUTPUT_STREAM_ACTION:
return actionStorageFile.getOutputStream();
case STORAGE_FILE_GET_INPUT_STREAM_ACTION:
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/log/LogToFile.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/log/LogToFile.java?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/log/LogToFile.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/log/LogToFile.java Tue Sep 27 20:18:48 2011
@@ -2998,23 +2998,23 @@ public final class LogToFile implements
}
// </SLAVE REPLICATION CODE>
- long instant = LogCounter.makeLogInstantAsLong(filenumber,
- LOG_FILE_HEADER_SIZE);
- return getLogFileAtPosition(instant);
- }
+ long instant = LogCounter.makeLogInstantAsLong(filenumber,
+ LOG_FILE_HEADER_SIZE);
+ return getLogFileAtPosition(instant);
+ }
- /**
- Get a read-only handle to the log file positioned at the stated position
+ /**
+ Get a read-only handle to the log file positioned at the stated position
- <P> MT- read only
+ <P> MT- read only
- @return null if file does not exist or of the wrong format
- @exception IOException cannot access the log at the new position.
- @exception StandardException Standard Derby error policy
- */
- protected StorageRandomAccessFile getLogFileAtPosition(long logInstant)
- throws IOException, StandardException
+ @return null if file does not exist or of the wrong format
+ @exception IOException cannot access the log at the new position.
+ @exception StandardException Standard Derby error policy
+ */
+ protected StorageRandomAccessFile getLogFileAtPosition(long logInstant)
+ throws IOException, StandardException
{
checkCorrupt();
@@ -5697,6 +5697,7 @@ public final class LogToFile implements
private synchronized boolean privCopyFile(StorageFile from, File to)
+ throws StandardException
{
action = 6;
activeFile = from;
@@ -5707,8 +5708,12 @@ public final class LogToFile implements
}
catch (java.security.PrivilegedActionException pae)
{
+ if (pae.getCause() instanceof StandardException) {
+ throw (StandardException)pae.getCause();
+ }
+
return false;
- }
+ }
}
private synchronized boolean privCopyFile(File from, StorageFile to)
@@ -5757,7 +5762,7 @@ public final class LogToFile implements
- public final Object run() throws IOException {
+ public final Object run() throws IOException, StandardException {
switch (action) {
case 0:
// SECURITY PERMISSION - MP1
@@ -5768,13 +5773,26 @@ public final class LogToFile implements
case 2:
// SECURITY PERMISSION - MP1 and/or OP4
// dependening on the value of activePerms
- return activeFile.getRandomAccessFile(activePerms);
+ boolean exists = activeFile.exists();
+ Object result = activeFile.getRandomAccessFile(activePerms);
+
+ if (!exists) {
+ activeFile.limitAccessToOwner();
+ }
+
+ return result;
case 3:
// SECURITY PERMISSION - OP4
return ReuseFactory.getBoolean(activeFile.canWrite());
case 4:
// SECURITY PERMISSION - OP4
- return ReuseFactory.getBoolean(activeFile.mkdirs());
+ boolean created = activeFile.mkdirs();
+
+ if (created) {
+ activeFile.limitAccessToOwner();
+ }
+
+ return ReuseFactory.getBoolean(created);
case 5:
// SECURITY PERMISSION - MP1
return activeFile.list();
Modified: db/derby/code/trunk/java/engine/org/apache/derby/io/StorageFile.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/io/StorageFile.java?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/io/StorageFile.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/io/StorageFile.java Tue Sep 27 20:18:48 2011
@@ -27,6 +27,7 @@ import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.URL;
import java.net.MalformedURLException;
+import org.apache.derby.iapi.error.StandardException;
/**
* This interface abstracts file naming. Any method in this interface
@@ -253,7 +254,7 @@ public interface StorageFile
* EXCLUSIVE_FILE_LOCK if the lock was successfully acquired.<br>
* NO_FILE_LOCK_SUPPORT if the system does not support exclusive locks.<br>
*/
- public int getExclusiveFileLock();
+ public int getExclusiveFileLock() throws StandardException;
/**
* Release the resource associated with an earlier acquired exclusive lock
@@ -291,4 +292,12 @@ public interface StorageFile
* @see <a href="http://java.sun.com/j2se/1.4.2/docs/api/java/io/RandomAccessFile.html">java.io.RandomAccessFile</a>
*/
public StorageRandomAccessFile getRandomAccessFile( String mode) throws FileNotFoundException;
+
+ /**
+ * Use when creating a new file. By default, a file created in an
+ * underlying file system, if applicable, will have read and write access
+ * for the file owner unless the property {@code
+ * derby.useDefaultFilePermissions} is set to {@code true}.
+ */
+ public void limitAccessToOwner();
}
Modified: db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml Tue Sep 27 20:18:48 2011
@@ -8191,6 +8191,11 @@ Shutting down instance {0} on database d
# ********************************************************************</text>
</msg>
+ <msg>
+ <name>N001</name>
+ <text>caused by</text>
+ </msg>
+
</family>
</section>
Modified: db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/MessageId.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/MessageId.java?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/MessageId.java (original)
+++ db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/MessageId.java Tue Sep 27 20:18:48 2011
@@ -208,6 +208,11 @@ public interface MessageId {
String SERVICE_PROPERTIES_DONT_EDIT = "M001"; // Tell user not to edit service.properties
/*
+ * Misc
+ */
+ String CAUSED_BY = "N001";
+
+ /*
* Replication
*/
String REPLICATION_ERROR_BEGIN = "R001";
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/GetCurrentPropertiesTest.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/GetCurrentPropertiesTest.policy?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/GetCurrentPropertiesTest.policy (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/GetCurrentPropertiesTest.policy Tue Sep 27 20:18:48 2011
@@ -88,6 +88,8 @@ grant codeBase "${derbyTesting.codejar}d
// might not be unregistered from the MBean server. See DERBY-3561.
permission javax.management.MBeanPermission "org.apache.derby.*#[org.apache.derby:*]","unregisterMBean";
+ // Needed by FileUtil#limitAccessToOwner
+ permission java.lang.RuntimePermission "accessUserInformation";
};
//
@@ -108,6 +110,10 @@ grant codeBase "${derbyTesting.codejar}d
// For testPropertiesAfterConnection and testPropertiesTraceOn
permission java.io.FilePermission "${derby.system.home}${/}-", "write";
+ // Set be able to restrict visibility on trace files
+ permission java.io.FilePermission "${user.dir}${/}system${/}-", "read";
+ // Needed by FileUtil#limitAccessToOwner
+ permission java.lang.RuntimePermission "accessUserInformation";
};
//
@@ -223,6 +229,10 @@ grant codeBase "${derbyTesting.codeclass
// streams. Currently the nist suite runs with useprocess=false.
permission java.lang.RuntimePermission "setSecurityManager";
permission java.lang.RuntimePermission "setIO";
+
+ // Needed by FileUtil#limitAccessToOwner
+ permission java.lang.RuntimePermission "accessUserInformation";
+
};
// JUnit jar file tries to read junit.properties in the user's
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy Tue Sep 27 20:18:48 2011
@@ -83,6 +83,9 @@ grant codeBase "${derbyTesting.codejar}d
permission java.security.SecurityPermission "insertProvider.SunJCE";
permission java.security.SecurityPermission "insertProvider.IBMJCE";
+
+ // Needed by FileUtil#limitAccessToOwner
+ permission java.lang.RuntimePermission "accessUserInformation";
};
//
@@ -99,8 +102,12 @@ grant codeBase "${derbyTesting.codejar}d
permission java.net.SocketPermission "localhost", "accept,connect";
permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect";
- //tracing testing. NetworkServerControlApiTest
- permission java.io.FilePermission "${derby.system.home}${/}-", "write";
+
+ //tracing testing. NetworkServerControlApiTest
+ permission java.io.FilePermission "${derby.system.home}${/}-", "read,write";
+ permission java.io.FilePermission "${user.dir}${/}system${/}", "read,write";
+ // Needed by FileUtil#limitAccessToOwner
+ permission java.lang.RuntimePermission "accessUserInformation";
};
//
@@ -210,6 +217,9 @@ grant codeBase "${derbyTesting.codeclass
// streams. Currently the nist suite runs with useprocess=false.
permission java.lang.RuntimePermission "setSecurityManager";
permission java.lang.RuntimePermission "setIO";
+
+ // Needed by FileUtil#limitAccessToOwner
+ permission java.lang.RuntimePermission "accessUserInformation";
};
// JUnit jar file tries to read junit.properties in the user's
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/RuntimeInfoTest.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/RuntimeInfoTest.policy?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/RuntimeInfoTest.policy (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/RuntimeInfoTest.policy Tue Sep 27 20:18:48 2011
@@ -133,6 +133,9 @@ permission java.util.PropertyPermission
// traces upon failure.
permission java.lang.RuntimePermission "getStackTrace";
permission java.lang.RuntimePermission "modifyThreadGroup";
+
+ // Needed by FileUtil#limitAccessToOwner
+ permission java.lang.RuntimePermission "accessUserInformation";
};
//
@@ -322,6 +325,9 @@ grant codeBase "${derbyTesting.codeclass
permission org.apache.derby.security.SystemPermission "jmx", "control";
permission org.apache.derby.security.SystemPermission "engine", "monitor";
permission org.apache.derby.security.SystemPermission "server", "control,monitor";
+
+ // Needed by FileUtil#limitAccessToOwner
+ permission java.lang.RuntimePermission "accessUserInformation";
};
// JUnit jar file tries to read junit.properties in the user's
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ServerPropertiesTest.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ServerPropertiesTest.policy?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ServerPropertiesTest.policy (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ServerPropertiesTest.policy Tue Sep 27 20:18:48 2011
@@ -88,6 +88,8 @@ grant codeBase "${derbyTesting.codejar}d
// might not be unregistered from the MBean server. See DERBY-3561.
permission javax.management.MBeanPermission "org.apache.derby.*#[org.apache.derby:*]","unregisterMBean";
+ // Needed by FileUtil#limitAccessToOwner
+ permission java.lang.RuntimePermission "accessUserInformation";
};
//
@@ -107,6 +109,11 @@ grant codeBase "${derbyTesting.codejar}d
// for testToggleTrace:
permission java.io.FilePermission "${derby.system.home}${/}-", "write";
+
+ // Set be able to restrict visibility on trace files
+ permission java.io.FilePermission "${user.dir}${/}system${/}-", "read";
+ // Needed by FileUtil#limitAccessToOwner
+ permission java.lang.RuntimePermission "accessUserInformation";
};
//
@@ -227,6 +234,9 @@ grant codeBase "${derbyTesting.codeclass
// may be testing JMX functionality. Without this permission, old MBeans
// might not be unregistered from the MBean server. See DERBY-3561.
permission javax.management.MBeanPermission "org.apache.derby.*#[org.apache.derby:*]","unregisterMBean";
+
+ // Needed by FileUtil#limitAccessToOwner
+ permission java.lang.RuntimePermission "accessUserInformation";
};
// JUnit jar file tries to read junit.properties in the user's