db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d..@apache.org
Subject svn commit: r636878 - in /db/derby/code/trunk/java: drda/org/apache/derby/drda/ drda/org/apache/derby/impl/drda/ drda/org/apache/derby/mbeans/drda/ engine/org/apache/derby/security/ testing/org/apache/derbyTesting/functionTests/util/ testing/org/apache...
Date Thu, 13 Mar 2008 20:48:13 GMT
Author: djd
Date: Thu Mar 13 13:48:11 2008
New Revision: 636878

URL: http://svn.apache.org/viewvc?rev=636878&view=rev
Log:
DERBY-3462 DERBY-3491
Add permission checks for SystemPermission("server", "monitor" | "control") to NetworkServerMBean.
Fix SystemPermission's handling of multiple actions and add tests.

Modified:
    db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy
    db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerMBeanImpl.java
    db/derby/code/trunk/java/drda/org/apache/derby/mbeans/drda/NetworkServerMBean.java
    db/derby/code/trunk/java/engine/org/apache/derby/security/SystemPermission.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.java

Modified: db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy?rev=636878&r1=636877&r2=636878&view=diff
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy Thu Mar 13 13:48:11
2008
@@ -90,7 +90,7 @@
   permission java.io.FilePermission "${derby.drda.traceDirectory}${/}-", "read,write,delete";
   
   // Needed for NetworkServerMBean access (see JMX section above)
-  permission org.apache.derby.security.SystemPermission "server", "monitor";
+  permission org.apache.derby.security.SystemPermission "server", "control,monitor";
 
 //
 // Needed by sysinfo. The file permission is needed to

Modified: db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerMBeanImpl.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerMBeanImpl.java?rev=636878&r1=636877&r2=636878&view=diff
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerMBeanImpl.java (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerMBeanImpl.java Thu
Mar 13 13:48:11 2008
@@ -67,7 +67,7 @@
      * Ensure the caller has permission to control the network server.
      */
     private static void checkControl() { 
-        // checkPermission(CONTROL);
+        checkPermission(CONTROL);
     }
 
     /**

Modified: db/derby/code/trunk/java/drda/org/apache/derby/mbeans/drda/NetworkServerMBean.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/mbeans/drda/NetworkServerMBean.java?rev=636878&r1=636877&r2=636878&view=diff
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/mbeans/drda/NetworkServerMBean.java (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/mbeans/drda/NetworkServerMBean.java Thu
Mar 13 13:48:11 2008
@@ -31,7 +31,7 @@
  * For more information on Managed Beans, refer to the JMX specification.
  *
  * @see org.apache.derby.drda.NetworkServerControl
- *
+ * @see org.apache.derby.security.SystemPermission
  */
 public interface NetworkServerMBean {
     
@@ -48,6 +48,10 @@
      * the Network Server is listening for connections. "<code>0.0.0.0</code>"

      * means that the server allows connections from any host on the network.
      * 
+     * <P>
+     * Require <code>SystemPermission("server", "control")</code> if a security
+     * manager is installed.
+     *
      * @return the value of <code>derby.drda.host</code>
      */
     public String getDrdaHost();
@@ -56,6 +60,10 @@
      * Gets the value of the <code>derby.drda.keepAlive</code> network server
      * setting. 
      * 
+     * <P>
+     * Require <code>SystemPermission("server", "monitor")</code> if a security
+     * manager is installed.
+     *
      * @see <a href="http://db.apache.org/derby/docs/dev/adminguide/radmindrdakeepalive.html"><code>derby.drda.keepAlive</code>
documentation</a>
      * @return the value of <code>derby.drda.keepAlive</code>
      */
@@ -64,6 +72,10 @@
     /**
      * Gets the value of the <code>derby.drda.maxThreads</code> network server

      * setting.
+     * <P>
+     * Require <code>SystemPermission("server", "monitor")</code> if a security
+     * manager is installed.
+     *
      * @return the value of the <code>derby.drda.maxThreads</code> network 
      *         server setting
      */
@@ -75,6 +87,10 @@
      * setting. This is the port number on which the Network Server is listening
      * for client connections.
      * 
+     * <P>
+     * Require <code>SystemPermission("server", "control")</code> if a security
+     * manager is installed.
+     *
      * @return the port number on which the Network Server is listening
      *         for client connections.
      */
@@ -84,6 +100,10 @@
      * Gets the value of the <code>derby.drda.securityMechanism</code> network

      * server setting. 
      * 
+     * <P>
+     * Require <code>SystemPermission("server", "control")</code> if a security
+     * manager is installed.
+     *
      * @return the value of the <code>derby.drda.securityMechanism</code> 
      *         network server setting.
      */
@@ -93,6 +113,10 @@
      * Gets the value of the <code>derby.drda.sslMode</code> network server 
      * setting. 
      * 
+     * <P>
+     * Require <code>SystemPermission("server", "control")</code> if a security
+     * manager is installed.
+     *
      * @return the value of the <code>derby.drda.sslMode</code> network server

      *         setting.
      */
@@ -104,6 +128,10 @@
      * This setting is used to configure the size of the buffer used for 
      * streaming blob/clob from server to client.
      * 
+     * <P>
+     * Require <code>SystemPermission("server", "monitor")</code> if a security
+     * manager is installed.
+     *
      * @return the size of the buffer used for streaming blob/clob from server 
      *         to client
      */
@@ -112,6 +140,10 @@
     /**
      * Gets the value of the <code>derby.drda.timeSlice</code> network server

      * setting.
+     * <P>
+     * Require <code>SystemPermission("server", "monitor")</code> if a security
+     * manager is installed.
+     *
      * @return the value of the <code>derby.drda.timeSlice</code> network 
      *         server setting
      */
@@ -121,6 +153,10 @@
     /**
      * Gets the value of the <code>derby.drda.traceAll</code> network server

      * setting.
+     * <P>
+     * Require <code>SystemPermission("server", "monitor")</code> if a security
+     * manager is installed.
+     *
      * @return the value of the <code>derby.drda.traceAll</code> network 
      *         server setting
      */
@@ -133,11 +169,19 @@
      * network server administrator, the default value is returned.
      * @return the value of the <code>derby.drda.timeSlice</code> network 
      *         server setting
+     * <P>
+     * Require <code>SystemPermission("server", "control")</code> if a security
+     * manager is installed.
+     *
      */
     public String getDrdaTraceDirectory();
     //public void setDrdaTraceDirectory(String dir) throws Exception;
     /**
      * Get the number of connections.
+     * <P>
+     * Require <code>SystemPermission("server", "monitor")</code> if a security
+     * manager is installed.
+     *
      * @return number of connections.
      */
     public int getConnectionCount();
@@ -151,12 +195,20 @@
      * <p>
      * If drdaMaxThreads is > 0 and drdaTimeSlice > 0, connections will be alternating
beetween active 
      * and waiting according to Derby's time slicing algorithm.
+     * <P>
+     * Require <code>SystemPermission("server", "monitor")</code> if a security
+     * manager is installed.
+     *
      * @return number of active connections
      */
     public int getActiveConnectionCount();
     
     /**
      * get the number of waiting connections. Always 0 if drdaMaxThreads is 0. 
+     * <P>
+     * Require <code>SystemPermission("server", "monitor")</code> if a security
+     * manager is installed.
+     *
      * @return number of waiting connections
      * @see NetworkServerMBean#getActiveConnectionCount
      */
@@ -164,24 +216,40 @@
     
     /**
      * Get the size of the thread pool.
+     * <P>
+     * Require <code>SystemPermission("server", "monitor")</code> if a security
+     * manager is installed.
+     *
      * @return size of thread pool
      */
     public int getConnectionThreadPoolSize();
     
     /**
      * Get the accumulated number of connections.
+     * <P>
+     * Require <code>SystemPermission("server", "monitor")</code> if a security
+     * manager is installed.
+     *
      * @return number of connections.
      */
     public int getAccumulatedConnectionCount();
     
     /**
      * Get the total number of bytes read
+     * <P>
+     * Require <code>SystemPermission("server", "monitor")</code> if a security
+     * manager is installed.
+     *
      * @return number of bytes
      */
     public long getBytesReceived();
     
     /** 
      * Get the total number of bytes written.
+     * <P>
+     * Require <code>SystemPermission("server", "monitor")</code> if a security
+     * manager is installed.
+     *
      * @return number of bytes
      */
     public long getBytesSent();
@@ -189,6 +257,10 @@
     /**
      * Get the number of bytes received pr second. 
      * Shortest interval measured is 1 second.
+     * <P>
+     * Require <code>SystemPermission("server", "monitor")</code> if a security
+     * manager is installed.
+     *
      * @return bytes per millisecond
      */
     
@@ -197,6 +269,10 @@
      /**
      * Get the number of bytes sent pr second. 
      * Shortest interval measured is 1 second.
+     * <P>
+     * Require <code>SystemPermission("server", "monitor")</code> if a security
+     * manager is installed.
+     *
      * @return bytes per millisecond
      */
     
@@ -204,6 +280,10 @@
     
     /**
      * Return the start time of the network server.
+     * <P>
+     * Require <code>SystemPermission("server", "monitor")</code> if a security
+     * manager is installed.
+     *
      * @return Time in milli-seconds since the epoch that the network server started.
      * @see System#currentTimeMillis()
      */
@@ -211,6 +291,10 @@
     
     /**
      * Return the time the network server has been running.
+     * <P>
+     * Require <code>SystemPermission("server", "monitor")</code> if a security
+     * manager is installed.
+     *
      * @return Time in milli-seconds the server has been running.
      */
     public long getUptime(); 
@@ -224,6 +308,10 @@
     /**
      * Executes the network server's <code>ping</code> command.
      * Returns without errors if the server was successfully pinged.
+     * <P>
+     * Require <code>SystemPermission("server", "monitor")</code> if a security
+     * manager is installed.
+     *
      * @throws java.lang.Exception if the ping attempt fails (an indication that
      *         the network server is not running properly)
      */

Modified: db/derby/code/trunk/java/engine/org/apache/derby/security/SystemPermission.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/security/SystemPermission.java?rev=636878&r1=636877&r2=636878&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/security/SystemPermission.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/security/SystemPermission.java Thu Mar
13 13:48:11 2008
@@ -132,9 +132,10 @@
         actions = actions.trim().toLowerCase(Locale.ENGLISH);
         
         boolean[] seenAction = new boolean[LEGAL_ACTIONS.size()];
-        StringTokenizer st = new StringTokenizer(actions);
+        StringTokenizer st = new StringTokenizer(actions, ",");
         while (st.hasMoreTokens()) {
-            int validAction = LEGAL_ACTIONS.indexOf(st.nextElement());
+            String action = st.nextToken().trim().toLowerCase(Locale.ENGLISH);
+            int validAction = LEGAL_ACTIONS.indexOf(action);
             if (validAction != -1)
                 seenAction[validAction] = true;
         }
@@ -191,10 +192,9 @@
      * and can be used for the implies method.
      */
     private static int getActionMask(String actions) {
-        actions = actions.trim().toLowerCase(Locale.ENGLISH);
         
         int mask = 0;
-        StringTokenizer st = new StringTokenizer(actions);
+        StringTokenizer st = new StringTokenizer(actions, ",");
         while (st.hasMoreTokens()) {
             int validAction = LEGAL_ACTIONS.indexOf(st.nextElement());
             if (validAction != -1)

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy?rev=636878&r1=636877&r2=636878&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy
Thu Mar 13 13:48:11 2008
@@ -128,7 +128,7 @@
   permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect";
   
     // Needed for NetworkServerMBean access (see JMX section above)
-  permission org.apache.derby.security.SystemPermission "server", "monitor";
+  permission org.apache.derby.security.SystemPermission "server", "control,monitor";
   
 };
 
@@ -217,7 +217,7 @@
   // tests where the testing code is in the stack frame.
   permission org.apache.derby.security.SystemPermission "jmx", "control";
   permission org.apache.derby.security.SystemPermission "engine", "monitor";
-  permission org.apache.derby.security.SystemPermission "server", "monitor";
+  permission org.apache.derby.security.SystemPermission "server", "control,monitor";
   
   // These permissions are needed when testing code instrumented with EMMA.
   permission java.lang.RuntimePermission "${emma.active}writeFileDescriptor";

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.java?rev=636878&r1=636877&r2=636878&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.java
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.java
Thu Mar 13 13:48:11 2008
@@ -213,40 +213,114 @@
         } catch (IllegalArgumentException ex) {
             // expected exception
         }
+        
+        String[] validNames = {
+            SystemPermission.ENGINE,
+            SystemPermission.JMX,
+            SystemPermission.SERVER
+        };
+        
+        // In order of the canonical actions expected
+        String[] validActions = {
+            SystemPermission.CONTROL,
+            SystemPermission.MONITOR,
+            SystemPermission.SHUTDOWN,
+        };
+        
+        // Check all valid combinations (which is all) with
+        // a single action
+        Permission[] all = new Permission[
+                        validNames.length * validActions.length];
+        
+        int c = 0;
+        for (int tn = 0; tn < validNames.length; tn++)
+        {
+            for (int a = 0; a < validActions.length; a++) {
+                Permission p = new SystemPermission(
+                        validNames[tn], validActions[a]);
+                
+                assertEquals(validNames[tn], p.getName());
+                assertEquals(validActions[a], p.getActions());
+                
+                // test SystemPermission.equals()
+                assertFalse(p.equals(null));
+                assertFalse(p.equals(new Object()));
+                
+                this.assertEquivalentPermissions(p, p);
 
-        // test SystemPermission with legal name argument
-        final Permission sp0 = new SystemPermission(
-                SystemPermission.SERVER, SystemPermission.SHUTDOWN);
-        final Permission sp1 = new SystemPermission(
-                SystemPermission.SERVER, SystemPermission.SHUTDOWN);
-
-        // test SystemPermission.getName()
-        assertEquals(sp0.getName(), SystemPermission.SERVER);
-
-        // test SystemPermission.getActions()
-        assertEquals(sp0.getActions(), SystemPermission.SHUTDOWN);
-
-        // test SystemPermission.hashCode()
-        assertTrue(sp0.hashCode() == sp1.hashCode());
-
-        // test SystemPermission.equals()
-        assertTrue(sp0.equals(sp1));
-        assertTrue(!sp0.equals(null));
-        assertTrue(!sp0.equals(new Object()));
-
-        // test SystemPermission.implies()
-        assertTrue(sp0.implies(sp1));
-        assertTrue(sp1.implies(sp0));
+                all[c++] = p;
+            }
+        }
+        // All the permissions are different.
+        checkDistinctPermissions(all);
+        
+        // Check two actions
+        for (int n = 0; n < validNames.length; n++)
+        {
+            for (int a = 0; a < validActions.length; a++)
+            {
+                Permission base = new SystemPermission(
+                        validNames[n], validActions[a]);
+                
+                // Two actions
+                for (int oa = 0; oa < validActions.length; oa++)
+                {
+                    Permission p = new SystemPermission(
+                            validNames[n],                           
+                            validActions[a] + "," + validActions[oa]);
+                    
+                    if (oa == a)
+                    {
+                        // Same action added twice
+                        assertEquivalentPermissions(base, p);
+                        // Canonical form should collapse into a single action
+                        assertEquals(validActions[a], p.getActions());
+                    }
+                    else
+                    {
+                        // Implies logic, the one with one permission
+                        // is implied by the other but not vice-versa.
+                        assertTrue(p.implies(base));
+                        assertFalse(base.implies(p));
+                        
+                        // Names in canonical form
+                        int f;
+                        int s;
+                        if (oa < a)
+                        {
+                            f = oa;
+                            s = a;
+                        }
+                        else
+                        {
+                            f = a;
+                            s = oa;
+                        }
+                        if (oa < a)
+                        assertEquals(validActions[f] + "," + validActions[s],
+                                p.getActions());
+                    }
+                }
+                
+                
+                
+            }
+        }
 
         // test SystemPermission for authorized user against policy file
+        
+        Permission shutdown = new SystemPermission(
+                SystemPermission.SERVER,
+                SystemPermission.SHUTDOWN);
+        
         final SystemPrincipal authorizedUser
             = new SystemPrincipal("authorizedSystemUser");
-        execute(authorizedUser, new ShutdownAction(sp0), true);
+        execute(authorizedUser, new ShutdownAction(shutdown), true);
         
         // test SystemPermission for unauthorized user against policy file
         final SystemPrincipal unAuthorizedUser
             = new SystemPrincipal("unAuthorizedSystemUser");
-        execute(unAuthorizedUser, new ShutdownAction(sp0), false);
+        execute(unAuthorizedUser, new ShutdownAction(shutdown), false);
     }
     
     /**
@@ -525,6 +599,47 @@
                 //             impls[j][i], p1.implies(p0));
             }
         }
+    }
+    
+    /**
+     * Check thet a set of Permission objects are distinct,
+     * do not equal or imply each other.
+     */
+    private void checkDistinctPermissions(Permission[] set)
+    {
+        for (int i = 0; i < set.length; i++)
+        {
+            Permission pi = set[i];
+            for (int j = 0; j < set.length; j++) {
+                
+                Permission pj = set[j];
+                
+                if (i == j)
+                {
+                    // Permission is itself
+                    assertEquivalentPermissions(pi, pj);
+                    continue;
+                }
+                
+                assertFalse(pi.equals(pj));
+                assertFalse(pj.equals(pi));
+                
+                assertFalse(pi.implies(pj));
+                assertFalse(pj.implies(pi));
+            }
+        }
+    }
+    
+    private void assertEquivalentPermissions(Permission p1,
+            Permission p2) {
+        assertTrue(p1.equals(p2));
+        assertTrue(p2.equals(p1));
+        
+        
+        assertEquals(p1.hashCode(), p2.hashCode());
+        
+        assertTrue(p1.implies(p2));
+        assertTrue(p1.implies(p2));
     }
     
     /**



Mime
View raw message