OPENDJ-2274: Fix in FilePermission.java and ConfigFileHandler.java for perm...

Lee Trujillo

12.19.2015 1dc78176ae80acea96b251a4098de97024c7430f

OPENDJ-2274: Fix in FilePermission.java and ConfigFileHandler.java for permissions

 opendj-server-legacy/src/main/java/org/opends/server/extensions/ConfigFileHandler.java

@@ -82,6 +82,7 @@
import org.opends.server.util.LDIFWriter;
import org.opends.server.util.StaticUtils;
import org.opends.server.util.TimeThread;
import org.opends.server.types.FilePermission;

/**
 * This class defines a simple configuration handler for the Directory Server
@@ -1447,6 +1448,7 @@

          FileInputStream  inputStream  = new FileInputStream(existingCfg);
          FileOutputStream outputStream = new FileOutputStream(newConfigFile);
          FilePermission.setSafePermissions(newConfigFile, 0600);
          byte[] buffer = new byte[8192];
          while (true)
          {
@@ -1633,7 +1635,7 @@
    {
      inputStream  = new FileInputStream(configFile);
      outputStream = new GZIPOutputStream(new FileOutputStream(archiveFile));

      FilePermission.setSafePermissions(archiveFile, 0600);
      int bytesRead = inputStream.read(buffer);
      while (bytesRead > 0)
      {
@@ -1723,7 +1725,7 @@
      try
      {
        outputStream = new FileOutputStream(tempFilePath, false);

        FilePermission.setSafePermissions(tempFile, 0600);
        try
        {
          byte[] buffer = new byte[8192];

 opendj-server-legacy/src/main/java/org/opends/server/types/FilePermission.java

@@ -441,7 +441,45 @@
    return Files.getFileAttributeView(filePath, AclFileAttributeView.class) != null;
  }


  /**
   * Attempts to set the given permissions on the specified file.  If
   * the underlying platform does not allow the full level of
   * granularity specified in the permissions, then an attempt will be
   * made to set them as closely as possible to the provided
   * permissions, erring on the side of security.
   *
   * @param  f  The file to which the permissions should be applied.
   * @param  p  The permissions to apply to the file.
   *
   * @return  <CODE>true</CODE> if the permissions (or the nearest
   *          equivalent) were successfully applied to the specified
   *          file, or <CODE>false</CODE> if was not possible to set
   *          the permissions on the current platform.
   *
   * The file is known to exist therefore there is no need for
   * exists() checks.
   */
  public static boolean setSafePermissions(File f, Integer p)
  {
    Path filePath = f.toPath();
    PosixFileAttributeView posix = Files.getFileAttributeView(filePath, PosixFileAttributeView.class);
    if (posix != null)
    {
      StringBuilder posixMode = new StringBuilder();
      toPOSIXString(new FilePermission(p), posixMode, "", "", "");
      Set<PosixFilePermission> perms = PosixFilePermissions.fromString(posixMode.toString());
      try
      {
        Files.setPosixFilePermissions(filePath, perms);
      }
      catch (Exception ex)
      {
        return false;
      }
      return true;
    }
    return Files.getFileAttributeView(filePath, AclFileAttributeView.class) != null;
  }

  /**
   * Retrieves a three-character string that is the UNIX mode for the

 opendj-server-legacy/src/main/java/org/opends/server/types/LDIFExportConfig.java

@@ -270,8 +270,7 @@
          try
          {
            // Ignore
            FilePermission.setPermissions(f,
                new FilePermission(0600));
            FilePermission.setSafePermissions(f, 0600);
          }
          catch (Exception e)
          {