From a2e6078062ee826ed09f9101447ed85f9031e188 Mon Sep 17 00:00:00 2001
From: Lee Trujillo <lee.trujillo@forgerock.com>
Date: Tue, 13 Oct 2015 15:03:28 +0000
Subject: [PATCH] OPENDJ-2274: Fix in FilePermission.java and ConfigFileHandler.java for permissions
---
opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/types/LDIFExportConfig.java | 3 +--
opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/extensions/ConfigFileHandler.java | 6 ++++--
opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/types/FilePermission.java | 40 +++++++++++++++++++++++++++++++++++++++-
3 files changed, 44 insertions(+), 5 deletions(-)
diff --git a/opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/extensions/ConfigFileHandler.java b/opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/extensions/ConfigFileHandler.java
index 45e4142..4dcd59b 100644
--- a/opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/extensions/ConfigFileHandler.java
+++ b/opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/extensions/ConfigFileHandler.java
@@ -82,6 +82,7 @@
import org.opends.server.util.LDIFWriter;
import org.opends.server.util.StaticUtils;
import org.opends.server.util.TimeThread;
+import org.opends.server.types.FilePermission;
/**
* This class defines a simple configuration handler for the Directory Server
@@ -1447,6 +1448,7 @@
FileInputStream inputStream = new FileInputStream(existingCfg);
FileOutputStream outputStream = new FileOutputStream(newConfigFile);
+ FilePermission.setSafePermissions(newConfigFile, 0600);
byte[] buffer = new byte[8192];
while (true)
{
@@ -1633,7 +1635,7 @@
{
inputStream = new FileInputStream(configFile);
outputStream = new GZIPOutputStream(new FileOutputStream(archiveFile));
-
+ FilePermission.setSafePermissions(archiveFile, 0600);
int bytesRead = inputStream.read(buffer);
while (bytesRead > 0)
{
@@ -1723,7 +1725,7 @@
try
{
outputStream = new FileOutputStream(tempFilePath, false);
-
+ FilePermission.setSafePermissions(tempFile, 0600);
try
{
byte[] buffer = new byte[8192];
diff --git a/opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/types/FilePermission.java b/opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/types/FilePermission.java
index 1cdf489..8147241 100644
--- a/opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/types/FilePermission.java
+++ b/opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/types/FilePermission.java
@@ -441,7 +441,45 @@
return Files.getFileAttributeView(filePath, AclFileAttributeView.class) != null;
}
-
+ /**
+ * Attempts to set the given permissions on the specified file. If
+ * the underlying platform does not allow the full level of
+ * granularity specified in the permissions, then an attempt will be
+ * made to set them as closely as possible to the provided
+ * permissions, erring on the side of security.
+ *
+ * @param f The file to which the permissions should be applied.
+ * @param p The permissions to apply to the file.
+ *
+ * @return <CODE>true</CODE> if the permissions (or the nearest
+ * equivalent) were successfully applied to the specified
+ * file, or <CODE>false</CODE> if was not possible to set
+ * the permissions on the current platform.
+ *
+ * The file is known to exist therefore there is no need for
+ * exists() checks.
+ */
+ public static boolean setSafePermissions(File f, Integer p)
+ {
+ Path filePath = f.toPath();
+ PosixFileAttributeView posix = Files.getFileAttributeView(filePath, PosixFileAttributeView.class);
+ if (posix != null)
+ {
+ StringBuilder posixMode = new StringBuilder();
+ toPOSIXString(new FilePermission(p), posixMode, "", "", "");
+ Set<PosixFilePermission> perms = PosixFilePermissions.fromString(posixMode.toString());
+ try
+ {
+ Files.setPosixFilePermissions(filePath, perms);
+ }
+ catch (Exception ex)
+ {
+ return false;
+ }
+ return true;
+ }
+ return Files.getFileAttributeView(filePath, AclFileAttributeView.class) != null;
+ }
/**
* Retrieves a three-character string that is the UNIX mode for the
diff --git a/opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/types/LDIFExportConfig.java b/opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/types/LDIFExportConfig.java
index b913da3..7ce1cf3 100644
--- a/opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/types/LDIFExportConfig.java
+++ b/opendj-sdk/opendj-server-legacy/src/main/java/org/opends/server/types/LDIFExportConfig.java
@@ -270,8 +270,7 @@
try
{
// Ignore
- FilePermission.setPermissions(f,
- new FilePermission(0600));
+ FilePermission.setSafePermissions(f, 0600);
}
catch (Exception e)
{
--
Gitblit v1.10.0