db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From krist...@apache.org
Subject svn commit: r537735 - in /db/derby/code/trunk/java/engine/org/apache/derby: iapi/util/PrivilegedFileOps.java impl/services/monitor/StorageFactoryService.java impl/store/raw/data/BaseDataFileFactory.java
Date Mon, 14 May 2007 06:57:24 GMT
Author: kristwaa
Date: Sun May 13 23:57:23 2007
New Revision: 537735

URL: http://svn.apache.org/viewvc?view=rev&rev=537735
Log:
DERBY-2556: Code paths for db restore do not use doPrivileged-calls, causing SecurityException.
Modified patch by correcting a few spelling errors of mine and deleted a blank line.
Patch file: derby-2556-4a_alternative-patch.diff (M)

Patch contributed by Kathey Marsden and Kristian Waagan.

Added:
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/util/PrivilegedFileOps.java   (with
props)
Modified:
    db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/StorageFactoryService.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/BaseDataFileFactory.java

Added: db/derby/code/trunk/java/engine/org/apache/derby/iapi/util/PrivilegedFileOps.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/util/PrivilegedFileOps.java?view=auto&rev=537735
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/util/PrivilegedFileOps.java (added)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/util/PrivilegedFileOps.java Sun
May 13 23:57:23 2007
@@ -0,0 +1,124 @@
+/*
+
+   Derby - Class org.apache.derby.iapi.util.PrivilegedFileOps
+
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to you under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+ */
+package org.apache.derby.iapi.util;
+
+import java.io.File;
+
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+/**
+ * A collection of operations on {$@link java.io.File} that wraps the
+ * operations in privileged block of code.
+ * <p>
+ * Derby needs to use privileged blocks in some places to avoid
+ * {@link SecurityException}s being thrown, as the required privileges are
+ * often granted to Derby itself, but not the higher level application code.
+ * <p>
+ * Feel free to add new operations as they are needed. This class is not
+ * intended to implement the full set of operations defined by
+ * {@link java.io.File}.
+ */
+public final class PrivilegedFileOps {
+
+    /**
+     * Check if the file exists.
+     *
+     * @return <code>true</code> if file exists, <code>false</code>
otherwise
+     * @throws SecurityException if the required permissions to read the file,
+     *      or the path it is in, are missing
+     * @see File#exists
+     */
+    public static boolean exists(final File file)
+            throws SecurityException {
+        if (file == null) {
+            throw new IllegalArgumentException("file cannot be <null>");
+        }
+        try {
+            return ((Boolean)AccessController.doPrivileged(
+                        new PrivilegedExceptionAction() {
+                            public Object run() throws SecurityException {
+                                return new Boolean(file.exists());
+                            }
+                        })).booleanValue();
+        } catch (PrivilegedActionException pae) {
+            throw (SecurityException)pae.getException();
+        }
+    }
+
+    /**
+     * Check if the pathname is a directory.
+     *
+     * @return <code>true</code> if pathname points to a directory,
+     *      <code>false</code> otherwise
+     * @throws SecurityException if the required permissions to access the path
+     *      are missing
+     * @see File#isDirectory
+     */
+    public static boolean isDirectory(final File file)
+            throws SecurityException {
+        if (file == null) {
+            throw new IllegalArgumentException("file cannot be <null>");
+        }
+        try {
+            return ((Boolean)AccessController.doPrivileged(
+                        new PrivilegedExceptionAction() {
+                            public Object run() throws SecurityException {
+                                return new Boolean(file.isDirectory());
+                            }
+                        })).booleanValue();
+        } catch (PrivilegedActionException pae) {
+            throw (SecurityException)pae.getException();
+        }
+    }
+
+    /**
+     * Return a list of strings denoting the contents of the given directory.
+     * <p>
+     * Note the <code>null</code> is returned if a non-directory path is passed
+     * to this method.
+     *
+     * @param directory the directory to list the contents of
+     * @return A list of the contents in the directory. If
+     *      <code>directory</code> is not denoting a directory, <code>null<code>
+     *      is returned (as per {@link File#list}).
+     * @throws SecurityException if the required permissions to access the path
+     *      are missing
+     * @see File#list
+     */
+    public static String[] list(final File directory)
+            throws SecurityException {
+        if (directory == null) {
+            throw new IllegalArgumentException("file cannot be <null>");
+        }
+        try {
+            return (String[])AccessController.doPrivileged(
+                        new PrivilegedExceptionAction() {
+                            public Object run() throws SecurityException {
+                                return directory.list();
+                            }
+                        });
+        } catch (PrivilegedActionException pae) {
+            throw (SecurityException)pae.getException();
+        }
+    }
+} // End class PrivilegedFileOps

Propchange: db/derby/code/trunk/java/engine/org/apache/derby/iapi/util/PrivilegedFileOps.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/StorageFactoryService.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/StorageFactoryService.java?view=diff&rev=537735&r1=537734&r2=537735
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/StorageFactoryService.java
(original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/StorageFactoryService.java
Sun May 13 23:57:23 2007
@@ -21,6 +21,7 @@
 
 package org.apache.derby.impl.services.monitor;
 
+import org.apache.derby.iapi.util.PrivilegedFileOps;
 import org.apache.derby.iapi.reference.MessageId;
 import org.apache.derby.iapi.reference.SQLState;
 
@@ -574,11 +575,11 @@
 		{
 			//First make sure backup service directory exists in the specified path
 			File backupRoot = new File(restoreFrom);
-			if(privExists(backupRoot))
+			if(PrivilegedFileOps.exists(backupRoot))
 			{
 				//First make sure backup have service.properties
 				File bserviceProp = new File(restoreFrom, PersistentService.PROPERTIES_NAME);
-				if(privExists(bserviceProp))
+				if(PrivilegedFileOps.exists(bserviceProp))
 				{
 					//create service root if required
 					if(createRoot)
@@ -909,38 +910,4 @@
             return null;
         } // end of run
     } // end of class DirectoryList
-    
-    /**
-     * Wrap {@link File#exists} in a priv block to avoid security exceptions.
-     * <p>
-     * This method allows Derby to check if a file exists even when the higher
-     * layer code (application code) does not have the required privileges to
-     * do so. Note that the Derby code base must be granted the appropriate
-     * permissions (typically {@link java.io.FilePermission}). 
-     *
-     * @param fileToCheck the pathname to check the existence of
-     * @return <code>true</code> if file exists, <code>false</code>
if not.
-     * @throws SecurityException if the required privileges to check if the file
-     *      exists are missing
-     */
-    private boolean privExists(final File fileToCheck) throws SecurityException{
-        try {
-            
-            Boolean exist  = (Boolean) AccessController.doPrivileged(
-                    new PrivilegedExceptionAction()
-                    {
-                        public Object run()
-                        throws SecurityException
-                        {
-                            return new Boolean(fileToCheck.exists());
-                        }
-                    }); 
-            return exist.booleanValue();
-        }
-        catch( PrivilegedActionException pae)
-        {
-            throw (SecurityException) pae.getException();
-        }
     }
-
-}

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/BaseDataFileFactory.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/BaseDataFileFactory.java?view=diff&rev=537735&r1=537734&r2=537735
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/BaseDataFileFactory.java
(original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/BaseDataFileFactory.java
Sun May 13 23:57:23 2007
@@ -86,6 +86,7 @@
 import org.apache.derby.iapi.util.ByteArray;
 import org.apache.derby.iapi.services.io.FileUtil;
 import org.apache.derby.iapi.util.CheapDateFormatter;
+import org.apache.derby.iapi.util.PrivilegedFileOps;
 import org.apache.derby.iapi.util.ReuseFactory;
 import org.apache.derby.iapi.services.property.PropertyUtil;
 
@@ -2513,7 +2514,7 @@
          * This will fail with a security exception unless the database engine 
          * and all its callers have permission to read the backup directory.
          */
-        String[] bfilelist = backupRoot.list();
+        String[] bfilelist = PrivilegedFileOps.list(backupRoot);
         if(bfilelist !=null)
         {
             boolean segmentexist = false;
@@ -2523,7 +2524,8 @@
                 if(bfilelist[i].startsWith("seg"))
                 {
                     bsegdir = new File(backupRoot , bfilelist[i]);
-                    if(bsegdir.exists() && bsegdir.isDirectory())
+                    if(PrivilegedFileOps.exists(bsegdir) &&
+                       PrivilegedFileOps.isDirectory(bsegdir))
                     {
                         segmentexist = true;
                         break;



Mime
View raw message