You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by ka...@apache.org on 2013/06/25 13:36:27 UTC

svn commit: r1496425 - in /db/derby/code/branches/10.10: ./ java/engine/org/apache/derby/impl/io/DirFile4.java java/testing/org/apache/derbyTesting/functionTests/tests/engine/RestrictiveFilePermissionsTest.java

Author: kahatlen
Date: Tue Jun 25 11:36:27 2013
New Revision: 1496425

URL: http://svn.apache.org/r1496425
Log:
DERBY-6258: Restrict permissions on BACKUP.HISTORY

Merged revision 1492110 from trunk.

Modified:
    db/derby/code/branches/10.10/   (props changed)
    db/derby/code/branches/10.10/java/engine/org/apache/derby/impl/io/DirFile4.java
    db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/engine/RestrictiveFilePermissionsTest.java

Propchange: db/derby/code/branches/10.10/
------------------------------------------------------------------------------
  Merged /db/derby/code/trunk:r1492110

Modified: db/derby/code/branches/10.10/java/engine/org/apache/derby/impl/io/DirFile4.java
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/engine/org/apache/derby/impl/io/DirFile4.java?rev=1496425&r1=1496424&r2=1496425&view=diff
==============================================================================
--- db/derby/code/branches/10.10/java/engine/org/apache/derby/impl/io/DirFile4.java (original)
+++ db/derby/code/branches/10.10/java/engine/org/apache/derby/impl/io/DirFile4.java Tue Jun 25 11:36:27 2013
@@ -37,6 +37,7 @@ import java.nio.channels.FileChannel;
 import java.nio.channels.FileLock;
 import java.nio.channels.OverlappingFileLockException;
 import org.apache.derby.iapi.error.StandardException;
+import org.apache.derby.iapi.services.io.FileUtil;
 import org.apache.derby.iapi.util.InterruptStatus;
 
 /**
@@ -111,7 +112,16 @@ class DirFile4 extends DirFile
      */
     public OutputStream getOutputStream( final boolean append) throws FileNotFoundException
     {
-        return new FileOutputStream( (File) this, append);
+        boolean existed = exists();
+        OutputStream result = new FileOutputStream( (File) this, append);
+
+        if (!existed) {
+            // The file didn't exist before and was created when the stream
+            // was opened. Restrict the permissions of the newly created file.
+            FileUtil.limitAccessToOwner(this);
+        }
+
+        return result;
     }
 
     public synchronized int getExclusiveFileLock() throws StandardException

Modified: db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/engine/RestrictiveFilePermissionsTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/engine/RestrictiveFilePermissionsTest.java?rev=1496425&r1=1496424&r2=1496425&view=diff
==============================================================================
--- db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/engine/RestrictiveFilePermissionsTest.java (original)
+++ db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/engine/RestrictiveFilePermissionsTest.java Tue Jun 25 11:36:27 2013
@@ -371,6 +371,12 @@ public class RestrictiveFilePermissionsT
         checkAccessToOwner(
             fbd, true, POSITIVE);
 
+        // DERBY-6258: When taking a backup, a file called BACKUP.HISTORY
+        // is created in the original database directory. Verify that its
+        // permissions are restricted.
+        final File db = new File(home, dbName);
+        checkAccessToOwner(db, true, POSITIVE);
+
         // Prepare to restore
         TestConfiguration.getCurrent().shutdownDatabase();
 
@@ -383,7 +389,6 @@ public class RestrictiveFilePermissionsT
             ds, "connectionAttributes", "restoreFrom=" + fullRestoreDir);
         final Connection con = ds.getConnection();
 
-        final File db = new File(home, dbName);
         checkAccessToOwner(
             db, true, POSITIVE);
 
@@ -777,8 +782,8 @@ public class RestrictiveFilePermissionsT
                                     } else {
                                         if (expectedOutcome == POSITIVE) {
                                             fail(
-                                                "unexpected uid has access: " +
-                                                princName);
+                                                "unexpected uid " + princName +
+                                                " can access file " + file);
                                         } else {
                                             someThingBeyondOwnerFound = true;
                                         }
@@ -800,6 +805,10 @@ public class RestrictiveFilePermissionsT
                                 Object perm = i.next();
 
                                 if (unwantedPermissions.contains(perm)) {
+                                    if (expectedOutcome == POSITIVE) {
+                                        fail("unwanted permission " + perm +
+                                             " for file " + file);
+                                    }
                                     someThingBeyondOwnerFound = true;
                                     break;
                                 }