You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ro...@apache.org on 2009/10/20 16:46:06 UTC
svn commit: r827589 -
/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/management/AMQUserManagementMBean.java
Author: robbie
Date: Tue Oct 20 14:46:05 2009
New Revision: 827589
URL: http://svn.apache.org/viewvc?rev=827589&view=rev
Log:
QPID-2042: remove use of FileUtils.copyCheckedEx for security reasons, generate new file in same filesystem as existing file to avoid copying between filesystems
Modified:
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/management/AMQUserManagementMBean.java
Modified: qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/management/AMQUserManagementMBean.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/management/AMQUserManagementMBean.java?rev=827589&r1=827588&r2=827589&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/management/AMQUserManagementMBean.java (original)
+++ qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/access/management/AMQUserManagementMBean.java Tue Oct 20 14:46:05 2009
@@ -51,6 +51,7 @@
import java.util.Properties;
import java.util.List;
import java.util.Enumeration;
+import java.util.Random;
import java.util.Set;
import java.util.concurrent.locks.ReentrantLock;
import java.security.Principal;
@@ -439,7 +440,14 @@
_accessRightsUpdate.lock();
// Create temporary file
- File tmp = File.createTempFile(_accessFile.getName(), ".tmp");
+ Random r = new Random();
+ File tmp;
+ do
+ {
+ tmp = new File(_accessFile.getPath() + r.nextInt() + ".tmp");
+ }
+ while(tmp.exists());
+
tmp.deleteOnExit();
FileOutputStream output = new FileOutputStream(tmp);
@@ -453,30 +461,26 @@
old.delete();
}
- try
+ if(!_accessFile.renameTo(old))
{
- if(!_accessFile.renameTo(old))
- {
- FileUtils.copyCheckedEx(_accessFile, old);
- }
+ //unable to rename the existing file to the backup name
+ _logger.error("Could not backup the existing management rights file");
+ throw new IOException("Could not backup the existing management rights file");
}
- catch (IOException e)
- {
- _logger.warn("Could not backup the existing management rights file: " +e);
- throw new IOException("Could not backup the existing management rights file: " +e);
- }
-
- try
+
+ if(!tmp.renameTo(_accessFile))
{
- if(!tmp.renameTo(_accessFile))
+ //failed to rename the new file to the required filename
+
+ if(!old.renameTo(_accessFile))
{
- FileUtils.copyCheckedEx(tmp, _accessFile);
+ //unable to return the backup to required filename
+ _logger.error("Could not rename the new management rights file into place, and unable to restore original file");
+ throw new IOException("Could not rename the new management rights file into place, and unable to restore original file");
}
- }
- catch (IOException e)
- {
- _logger.warn("Could not copy the new management rights file into place: " +e);
- throw new IOException("Could not copy the new management rights file into place" +e);
+
+ _logger.error("Could not rename the new management rights file into place");
+ throw new IOException("Could not rename the new management rights file into place");
}
}
finally
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:commits-subscribe@qpid.apache.org