db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d..@apache.org
Subject svn commit: r1176591 [2/2] - in /db/derby/code/trunk/java: drda/org/apache/derby/drda/ drda/org/apache/derby/impl/drda/ engine/org/apache/derby/iapi/reference/ engine/org/apache/derby/iapi/services/info/ engine/org/apache/derby/iapi/services/io/ engine...
Date Tue, 27 Sep 2011 20:18:49 GMT
Added: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/engine/RestrictiveFilePermissionsTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/engine/RestrictiveFilePermissionsTest.java?rev=1176591&view=auto
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/engine/RestrictiveFilePermissionsTest.java
(added)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/engine/RestrictiveFilePermissionsTest.java
Tue Sep 27 20:18:48 2011
@@ -0,0 +1,779 @@
+/*
+   Derby - Class org.apache.derbyTesting.functionTests.tests.engine.RestrictiveFilePermissionsTest
+
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+ */
+
+package org.apache.derbyTesting.functionTests.tests.engine;
+
+import java.io.File;
+import java.lang.reflect.Array;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedExceptionAction;
+import java.sql.SQLException;
+import java.sql.Connection;
+import java.sql.Statement;
+import java.sql.PreparedStatement;
+import java.sql.CallableStatement;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Properties;
+import java.util.Set;
+import javax.sql.DataSource;
+import junit.framework.Assert;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+import org.apache.derby.drda.NetworkServerControl;
+import org.apache.derby.iapi.services.info.JVMInfo;
+import org.apache.derby.shared.common.sanity.SanityManager;
+import org.apache.derbyTesting.functionTests.util.SQLStateConstants;
+import org.apache.derbyTesting.junit.BaseJDBCTestCase;
+import org.apache.derbyTesting.junit.SystemPropertyTestSetup;
+import org.apache.derbyTesting.junit.TestConfiguration;
+import org.apache.derbyTesting.functionTests.util.streams.LoopingAlphabetReader;
+import org.apache.derbyTesting.junit.JDBCDataSource;
+import org.apache.derbyTesting.junit.NetworkServerTestSetup;
+import org.apache.derbyTesting.junit.SupportFilesSetup;
+import org.apache.derbyTesting.functionTests.util.PrivilegedFileOpsForTests;
+
+/**
+ * Tests related to use of restrictive file permissions (DERBY-5363).
+ */
+public class RestrictiveFilePermissionsTest extends BaseJDBCTestCase {
+
+    final static String dbName = "RFPT_db";
+    final static String dbName2 = dbName + "2";
+    final static String exportFileName = "ourExport.txt";
+    final static String exportFileName2 = "ourExport2.txt";
+    final static String exportLobFileName = "ourExport.lob";
+    final static String backupDir = "RFPT_backup";
+    final static String derbyDotLog = dbName + ".log";
+
+    static String home = null; // derby.system.home
+
+    // Perhaps the test user is already running with umask 0077, if so we have
+    // no way of discerning if Derby really does anything..
+    static boolean supportsLaxTesting = false;
+
+    public RestrictiveFilePermissionsTest(String name) {
+        super(name);
+    }
+
+
+    public static Test suite() throws Exception {
+        // We can not test file permissions before Java 1.7
+        if (JVMInfo.JDK_ID < JVMInfo.J2SE_17) {
+            println("warning: testing of strict permissions in " +
+                    "RestrictiveFilePermissionsTest can not take place, " +
+                    "need Java 7");
+            return new TestSuite();
+        }
+
+        File f = new File("system/testPermissions");
+        assertTrue(f.mkdirs());
+
+        supportsLaxTesting =
+            checkAccessToOwner(
+                null,
+                f,
+                false,
+                UNKNOWN);
+
+        if (!supportsLaxTesting) {
+            println("warning: testing of lax file permissions in" +
+                    "RestrictiveFilePermissionsTest can not take place, " +
+                    "use a more liberal runtime default (umask) for the tests");
+        }
+
+        assertDirectoryDeleted(f);
+
+        // First collect the tests that check that, if we actually do restrict
+        // permissions, the files created by Derby actually *are*
+        // restricted. We test that with an embedded Derby with explicit
+        // setting of the property derby.storage.useDefaultFilePermissions.
+        // The extra setup file is for testJarFiles.
+
+        TestSuite totalSuite = new TestSuite();
+
+        Properties p = new Properties();
+        p.put("derby.storage.useDefaultFilePermissions", "false");
+        p.put("derby.stream.error.file", derbyDotLog);
+
+        totalSuite.addTest(
+            new SystemPropertyTestSetup(
+                TestConfiguration.singleUseDatabaseDecorator(
+                    new SupportFilesSetup(
+                        new TestSuite(
+                            RestrictiveFilePermissionsTest.class,
+                            "haveWeGotAllCreatedFilesSuite"),
+                        new String[] {"functionTests/tests/lang/dcl_id.jar"}),
+                    dbName),
+                p,
+                true));
+
+        // Next, test deployment modes, since default settings depend on them
+
+        // For server started from command line, we should still get secure
+        // permissions.
+
+        totalSuite.addTest(
+            new NetworkServerTestSetup(
+                new RestrictiveFilePermissionsTest(
+                    "doTestCliServerIsRestrictive"),
+                new String[]{}, // system properties
+                new String[]{}, // non-default start up arguments
+                true));
+
+        // For server started from API, we should see lax permissions.
+        //
+        if (supportsLaxTesting) {
+            totalSuite.addTest(
+                TestConfiguration.clientServerDecorator(
+                    new RestrictiveFilePermissionsTest(
+                        "doTestNonCliServerIsLax")));
+
+            // For embedded, we should see lax permissions also.
+            //
+            p = new Properties();
+            p.put("derby.stream.error.file", derbyDotLog + ".lax");
+
+            totalSuite.addTest(
+                new SystemPropertyTestSetup(
+                    new RestrictiveFilePermissionsTest("dotestEmbeddedIsLax"),
+                    p,
+                    true));
+        }
+
+        return totalSuite;
+    }
+
+
+    public void setUp() throws Exception {
+        getConnection();
+        home = getSystemProperty("derby.system.home");
+    }
+
+
+    // Tests that check that check that files and directories actually have got
+    // restricted permissions.
+    //
+    public void testDerbyDotLog() throws Exception {
+        File derbydotlog = new File(home, derbyDotLog);
+
+        checkAccessToOwner(
+            this, derbydotlog, POSITIVE);
+    }
+
+
+    public void testDbDirectory() throws Exception {
+        File derbyDbDir = new File(home, dbName);
+
+        checkAccessToOwner(
+            this, derbyDbDir, POSITIVE);
+    }
+
+
+    public void testServiceProperties() throws Exception {
+        File servProp = new File(home, dbName + "/" + "service.properties");
+
+        checkAccessToOwner(
+            this, servProp, POSITIVE);
+    }
+
+
+    public void testTmpDirectory() throws Exception {
+        File tmp = new File(home, dbName + "/" + "tmp");
+
+        // create a temporary table so we get a file inside the tmp dir
+        prepareStatement("declare global temporary table foo(i int) " +
+                         "on commit preserve rows not logged").executeUpdate();
+
+        checkAccessToOwner(
+            this, tmp, true, POSITIVE);
+    }
+
+
+    public void testLockFiles() throws Exception {
+        File dbLck = new File(home, dbName + "/" + "db.lck");
+        File dbexLck = new File(home, dbName + "/" + "dbex.lck");
+
+        checkAccessToOwner(
+            this, dbLck, POSITIVE);
+
+        if (PrivilegedFileOpsForTests.exists(dbexLck)) {
+            checkAccessToOwner(
+                    this, dbexLck, POSITIVE);
+        }
+    }
+
+
+    public void testSeg0AndConglomerates() throws Exception {
+        File seg0 = new File(home, dbName + "/" + "seg0");
+
+        checkAccessToOwner(
+            this, seg0, true, POSITIVE);
+    }
+
+
+    public void testLogDirAndLogFiles() throws Exception {
+        File seg0 = new File(home, dbName + "/" + "log");
+
+        checkAccessToOwner(
+            this, seg0, true, POSITIVE);
+    }
+
+
+    public void testExportedFiles() throws Exception {
+
+        Statement s = createStatement();
+
+        // Simple exported table file
+        s.executeUpdate("call SYSCS_UTIL.SYSCS_EXPORT_TABLE(" +
+                        "    'SYS'," +
+                        "    'SYSTABLES'," +
+                        "    '" + home + "/" + dbName + "/" +
+                        exportFileName + "'," +
+                        "    NULL," + // column delimiter
+                        "    NULL," + // character delimiter
+                        "    NULL)"); // code set
+        File exp = new File(home, dbName + "/" + exportFileName);
+
+        checkAccessToOwner(
+            this, exp, POSITIVE);
+
+        // Make a lob table and insert one row
+        s.executeUpdate("create table lobtable(i int, c clob)");
+        PreparedStatement ps = prepareStatement(
+            "insert into lobtable values (1,?)");
+        ps.setCharacterStream(
+            1, new LoopingAlphabetReader(1000), 1000);
+        ps.executeUpdate();
+
+        // Export the lob table
+        s.executeUpdate("call SYSCS_UTIL.SYSCS_EXPORT_TABLE_LOBS_TO_EXTFILE(" +
+                        "    'SYS'," +
+                        "    'SYSTABLES'," +
+                        "    '" + home + "/" + dbName + "/" +
+                        exportFileName2 + "'," +
+                        "    NULL," + // column delimiter
+                        "    NULL," + // character delimiter
+                        "    NULL," + // code set
+                        "    '" + home + "/" + dbName + "/" +
+                        exportLobFileName + "')");
+
+        File exp2 = new File(home, dbName + "/" + exportFileName2);
+        File expLob = new File(home, dbName + "/" + exportLobFileName);
+
+        // Check resuling exported files
+        checkAccessToOwner(
+            this, exp2, POSITIVE);
+
+        checkAccessToOwner(
+            this, expLob, POSITIVE);
+    }
+
+
+    public void testConglomsAfterCompress() throws Exception {
+        Statement s = createStatement();
+        s.executeUpdate("create table comptable(i int primary key, j int)");
+        s.executeUpdate("create index secondary on comptable(j)");
+
+        // insert some rows
+        PreparedStatement ps = prepareStatement(
+            "insert into comptable values (?,?)");
+        setAutoCommit(false);
+        for (int i=0; i < 10000; i++) {
+            ps.setInt(1,i); ps.setInt(2,i);
+            ps.executeUpdate();
+        }
+        commit();
+
+        // delete helf the rows
+        s.executeUpdate("delete from comptable where MOD(i, 2) = 0");
+        commit();
+
+        // compress
+        setAutoCommit(true);
+        s.executeUpdate("call SYSCS_UTIL.SYSCS_COMPRESS_TABLE(" +
+                        "'APP', 'COMPTABLE', 0)");
+
+        // easiest: just check all conglomerates over again..
+        File seg0 = new File(home, dbName + "/" + "seg0");
+
+        checkAccessToOwner(
+            this, seg0, true, POSITIVE);
+    }
+
+
+    public void testTruncateTable() throws Exception {
+
+        Statement s = createStatement();
+        s.executeUpdate("create table trunctable(i int)");
+        PreparedStatement ps = prepareStatement(
+            "insert into trunctable values (?)");
+
+        // insert some data
+        setAutoCommit(false);
+        for (int i=0; i < 1000; i++) {
+            ps.setInt(1,i);
+            ps.executeUpdate();
+        }
+        commit();
+        setAutoCommit(true);
+
+        // truncate the table
+        s.executeUpdate("truncate table trunctable");
+
+        // easiest: just check all conglomerates over again..
+        File seg0 = new File(home, dbName + "/" + "seg0");
+
+        checkAccessToOwner(
+            this, seg0, true, POSITIVE);
+    }
+
+
+    public void testBackupRestoreFiles() throws Exception {
+
+        // First fill the db with a jar and a temporary file, so it's
+        // not trivially looking inside
+
+        URL jar = SupportFilesSetup.getReadOnlyURL("dcl_id.jar");
+        assertNotNull("dcl_id.jar", jar);
+
+        CallableStatement cs = prepareCall("CALL SQLJ.INSTALL_JAR(?, ?, 0)");
+        cs.setString(1, jar.toExternalForm());
+        cs.setString(2, "testBackupFiles");
+        cs.executeUpdate();
+
+        // create a temporary table so we get a file inside the tmp dir
+        prepareStatement("declare global temporary table foo(i int) " +
+                         "on commit preserve rows not logged").executeUpdate();
+
+        cs = prepareCall
+            ("CALL SYSCS_UTIL.SYSCS_BACKUP_DATABASE(?)");
+        String fullBackupDir = home + "/" + backupDir;
+        cs.setString(1, fullBackupDir);
+        cs.execute();
+
+        File fbd = new File(fullBackupDir);
+        checkAccessToOwner(
+            this, fbd, true, POSITIVE);
+
+        // Prepare to restore
+        TestConfiguration.getCurrent().shutdownDatabase();
+
+        // Restore to same db (should replace existing)
+        final DataSource ds = JDBCDataSource.getDataSource();
+        final String fullRestoreDir =
+            home + "/" + backupDir + "/" + dbName;
+
+        JDBCDataSource.setBeanProperty(
+            ds, "connectionAttributes", "restoreFrom=" + fullRestoreDir);
+        final Connection con = ds.getConnection();
+
+        final File db = new File(home, dbName);
+        checkAccessToOwner(
+            this, db, true, POSITIVE);
+
+        con.close();
+
+        // Restore to another db than current default
+        final DataSource ds2 = JDBCDataSource.getDataSource(dbName2);
+        JDBCDataSource.setBeanProperty(
+            ds2, "connectionAttributes", "restoreFrom=" + fullRestoreDir);
+        final Connection con2 = ds2.getConnection();
+
+        final File newDb = new File(home, dbName2);
+
+        checkAccessToOwner(
+            this, newDb, true, POSITIVE);
+        con2.close();
+
+        // close down both
+        final DataSource[] srcs =
+                new DataSource[] {JDBCDataSource.getDataSource(),
+                    JDBCDataSource.getDataSource(dbName2)};
+
+        for (int i=0; i < srcs.length; i++) {
+            JDBCDataSource.setBeanProperty(
+                    srcs[i], "connectionAttributes", "shutdown=true");
+
+            try {
+                srcs[i].getConnection();
+                fail("shutdown failed: expected exception");
+            } catch (SQLException e) {
+                assertSQLState(
+                    "database shutdown",
+                    SQLStateConstants.CONNECTION_EXCEPTION_CONNECTION_FAILURE,
+                    e);
+            }
+        }
+
+        assertDirectoryDeleted(newDb);
+        assertDirectoryDeleted(new File(home + "/" + backupDir));
+    }
+
+
+    public void testJarFiles() throws Exception {
+        URL jar = SupportFilesSetup.getReadOnlyURL("dcl_id.jar");
+        assertNotNull("dcl_id.jar", jar);
+
+        CallableStatement cs = prepareCall("CALL SQLJ.INSTALL_JAR(?, ?, 0)");
+        cs.setString(1, jar.toExternalForm());
+        cs.setString(2, "anyName");
+        cs.executeUpdate();
+        File jarsDir = new File(home, dbName + "/" + "jar");
+
+        checkAccessToOwner(
+            this, jarsDir, true, POSITIVE);
+    }
+
+
+    // Derby deployment mode tests: defaults for permissions differ.
+    //
+
+    public void doTestCliServerIsRestrictive() throws Exception {
+        NetworkServerControl nsctrl =
+                NetworkServerTestSetup.getNetworkServerControl();
+        String traceDir = home + "/" + dbName + "_tracefiles_restr";
+        nsctrl.setTraceDirectory(traceDir);
+        nsctrl.trace(true);
+        nsctrl.ping();
+        nsctrl.trace(false);
+
+        File traceDirF = new File(traceDir);
+
+        checkAccessToOwner(
+            this, traceDirF, true, POSITIVE);
+        nsctrl.shutdown();
+        assertDirectoryDeleted(traceDirF);
+    }
+
+
+    public void doTestNonCliServerIsLax() throws Exception {
+        NetworkServerControl nsctrl =
+                NetworkServerTestSetup.getNetworkServerControl();
+        String traceDir = home + "/" + dbName + "_tracefiles_lax";
+        nsctrl.setTraceDirectory(traceDir);
+        nsctrl.trace(true);
+        nsctrl.ping();
+        nsctrl.trace(false);
+
+        File traceDirF = new File(traceDir);
+
+        checkAccessToOwner(
+            this, traceDirF, true, NEGATIVE);
+
+        nsctrl.shutdown();
+        assertDirectoryDeleted(traceDirF);
+    }
+
+
+    public void dotestEmbeddedIsLax() throws Exception {
+        File derbydotlogF = new File(home, derbyDotLog + ".lax");
+        checkAccessToOwner(
+            this, derbydotlogF, NEGATIVE);
+    }
+
+
+    // Auxiliary methods
+    //
+
+    final public static int NEGATIVE = 0; // expected check outcome set
+    final public static int POSITIVE = 1;
+    final public static int UNKNOWN = 2;
+
+    // Members used by limitAccessToOwner
+    private static boolean initialized = false;
+
+    // Reflection helper objects for calling into Java >= 7
+    private static Class filesClz;
+    private static Class pathClz;
+    private static Class pathsClz;
+    private static Class aclEntryClz;
+    private static Class aclFileAttributeViewClz;
+    private static Class posixFileAttributeViewClz;
+    private static Class userPrincipalClz;
+    private static Class linkOptionArrayClz;
+    private static Class linkOptionClz;
+    private static Class stringArrayClz;
+    private static Class aclEntryBuilderClz;
+    private static Class aclEntryTypeClz;
+
+    private static Method get;
+    private static Method getFileAttributeView;
+    private static Method getOwner;
+    private static Method getAcl;
+    private static Method principal;
+    private static Method getName;
+    private static Method permissions;
+
+    /**
+     * Check that the file has access only for the owner. Will throw (JUnit
+     * failure) if permissions are not strict.
+     * <p/>
+     * We need Java 7 to ascertain whether we managed to restrict file
+     * permissions: The Java 6 {@code java.io.File} API only lets us check if
+     * this process has access.
+     * <p/>
+     * In this sense this testing code is asymmetric to the implementation in
+     * Derby: Java 6 can be used to restrict accesses in Java 6 on Unix, but
+     * we have no way in Java of checking the results in a portable way. So, if
+     * we do not have at least Java 7, this method will be a no-op.
+     *
+     * @param the current test
+     * @param file (or directory) for which we want to check permissions
+     * @param NEGATIVE or POSITIVE
+     * @see #checkAccessToOwner(BaseJDBCTestCase, File, boolean, int)
+     */
+
+    public static void checkAccessToOwner(
+            BaseJDBCTestCase test,
+            final File file,
+            int expectedOutcome) throws Exception {
+
+        checkAccessToOwner(test, file, false, expectedOutcome);
+    }
+
+
+    /**
+     * Same as {@link #checkAccessToOwner(BaseJDBCTestCase, File)
+     * checkAccessToOwner}, but if {@code doContents} is true, also check files
+     * directly contained in this file qua directory (not recursively).
+     *
+     * @param test
+     * @param file ((or directory) for which we want to check permissions
+     * @param doContents if a directory, an error to call with true if not
+     * @param expectedOutcome NEGATIVE, POSITIVE or UNKNOWN
+     * @return true if accesses exist for others that owner (expectedOutcome ==
+     *              UNKNOWN)
+     */
+    private static boolean checkAccessToOwner(
+            final BaseJDBCTestCase test,
+            final File file,
+            final boolean doContents,
+            final int expectedOutcome) throws Exception {
+        // Needs to be called in security context since tests run with security
+        // manager.
+        if (doContents) {
+            // visit immediately contained file in this directory also
+            checkAccessToOwner(test, file, false, expectedOutcome);
+
+            AccessController.doPrivileged(new PrivilegedExceptionAction() {
+                public Object run() throws Exception {
+                    File [] files = file.listFiles();
+                    for (int i = 0; i < files.length; i++){
+                        checkAccessToOwner(
+                            test, files[i], false, expectedOutcome);
+                    }
+                    return null;
+                }});
+        }
+
+        Boolean result =
+            (Boolean)AccessController.
+            doPrivileged(new PrivilegedExceptionAction() {
+
+                    public Object run() throws Exception {
+                        // lazy initialization
+                        if (!initialized) {
+                            initialized = true;
+
+                            // If found, we have >= Java 7.
+                            filesClz = Class.forName(
+                                "java.nio.file.Files");
+                            pathClz = Class.forName(
+                                "java.nio.file.Path");
+                            pathsClz = Class.forName(
+                                "java.nio.file.Paths");
+                            aclEntryClz = Class.forName(
+                                "java.nio.file.attribute.AclEntry");
+                            aclFileAttributeViewClz = Class.forName(
+                                "java.nio.file.attribute." +
+                                "AclFileAttributeView");
+                            posixFileAttributeViewClz = Class.forName(
+                                "java.nio.file.attribute." +
+                                "PosixFileAttributeView");
+                            userPrincipalClz = Class.forName(
+                                "java.nio.file.attribute.UserPrincipal");
+                            linkOptionArrayClz = Class.forName(
+                                "[Ljava.nio.file.LinkOption;");
+                            linkOptionClz = Class.forName(
+                                "java.nio.file.LinkOption");
+                            stringArrayClz = Class.forName(
+                                "[Ljava.lang.String;");
+                            aclEntryBuilderClz = Class.forName(
+                                "java.nio.file.attribute.AclEntry$Builder");
+                            aclEntryTypeClz = Class.forName(
+                                "java.nio.file.attribute.AclEntryType");
+
+                            get = pathsClz.
+                                getMethod("get",
+                                          new Class[]{String.class,
+                                                      stringArrayClz});
+
+                            getFileAttributeView = filesClz.
+                                getMethod("getFileAttributeView",
+                                          new Class[]{pathClz,
+                                                      Class.class,
+                                                      linkOptionArrayClz});
+
+                            getOwner = filesClz.
+                                getMethod(
+                                    "getOwner",
+                                    new Class[]{pathClz,
+                                                linkOptionArrayClz});
+                            getAcl = aclFileAttributeViewClz.
+                                getMethod("getAcl", new Class[]{});
+                            principal = aclEntryClz.
+                                getMethod("principal", new Class[]{});
+                            getName = userPrincipalClz.
+                                getMethod("getName", new Class[]{});
+                            permissions = aclEntryClz.
+                                getMethod("permissions", new Class[]{});
+                        }
+
+                        // Only used with expectedOutcome == UNKNOWN, otherwise
+                        // we throw:
+                        boolean someThingBeyondOwnerFound = false;
+
+                        // We have Java 7. We need to call reflectively, since
+                        // the source level isn't yet at Java 7.
+                        try {
+                            Object fileP = get.invoke(
+                                null, new Object[]{file.getPath(),
+                                                   new String[]{}});
+
+                            Object view = getFileAttributeView.invoke(
+                                null,
+                                new Object[]{
+                                    fileP,
+                                    aclFileAttributeViewClz,
+                                    Array.newInstance(linkOptionClz, 0)});
+
+                            if (view == null) {
+                                // ACLs not supported on this platform
+                                fail();
+                            }
+
+                            // If we have a posix view, we can use ACLs to
+                            // interface the usual Unix permission masks via
+                            // the special principals OWNER@, GROUP@ and
+                            // EVERYONE@
+
+                            Object posixView = getFileAttributeView.invoke(
+                                null,
+                                new Object[]{
+                                    fileP,
+                                    posixFileAttributeViewClz,
+                                    Array.newInstance(linkOptionClz, 0)});
+
+                            Object owner = getOwner.invoke(
+                                null,
+                                new Object[]{
+                                    fileP,
+                                    Array.newInstance(linkOptionClz, 0)});
+
+                            List oldAcl =
+                                (List)getAcl.invoke(view, (Object[])null);
+
+                            for (Iterator i = oldAcl.iterator(); i.hasNext();) {
+                                Object ace = i.next();
+                                Object princ =
+                                    principal.invoke(ace, (Object[])null);
+                                String princName =
+                                    (String)getName.invoke(
+                                        princ, (Object[])null);
+
+                                if (posixView != null) {
+                                    if (princName.equals("OWNER@")) {
+                                        // OK, permission for owner
+
+                                    } else if (
+                                        princName.equals("GROUP@") ||
+                                        princName.equals("EVERYONE@")) {
+
+                                        Set s = (Set)permissions.invoke(
+                                            ace,
+                                            (Object[])null);
+
+                                        if (expectedOutcome == POSITIVE) {
+                                            assertTrue(
+                                                "Non-empty set of  " +
+                                                "permissions for uid: " +
+                                                princName + " for file " + file,
+                                                s.isEmpty());
+                                        } else {
+                                            someThingBeyondOwnerFound =
+                                                !s.isEmpty();
+                                        }
+                                    }
+                                } else {
+                                    // NTFS, hopefully
+                                    if (princ.equals(owner)) {
+                                        // OK
+                                    } else {
+                                        if (expectedOutcome == POSITIVE) {
+                                            fail(
+                                                "unexpected uid has access: " +
+                                                princName);
+                                        } else {
+                                            someThingBeyondOwnerFound = true;
+                                        }
+                                    }
+
+                                }
+                            }
+
+                            if (expectedOutcome == NEGATIVE &&
+                                    !someThingBeyondOwnerFound) {
+                                fail(
+                                    "unexpected restrictive access: " + file);
+                            }
+
+                        } catch (IllegalAccessException e) {
+                            // coding error
+                            if (SanityManager.DEBUG) {
+                                SanityManager.THROWASSERT(e);
+                            }
+                        } catch (IllegalArgumentException e) {
+                            // coding error
+                            if (SanityManager.DEBUG) {
+                                SanityManager.THROWASSERT(e);
+                            }
+                        } catch (InvocationTargetException e) {
+                            throw e;
+                        }
+
+                        if (test != null) {
+                            test.println("checked perms on: " + file);
+                        }
+
+                        if (expectedOutcome == UNKNOWN &&
+                                someThingBeyondOwnerFound) {
+                            return Boolean.TRUE;
+                        } else {
+                            return Boolean.FALSE;
+                        }
+                    }});
+
+        return result.booleanValue();
+    }
+}

Propchange: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/engine/RestrictiveFilePermissionsTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/engine/_Suite.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/engine/_Suite.java?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/engine/_Suite.java
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/engine/_Suite.java
Tue Sep 27 20:18:48 2011
@@ -43,11 +43,12 @@ public class _Suite extends BaseTestCase
         super(name);
     }
 
-    public static Test suite() {
+    public static Test suite() throws Exception {
         TestSuite suite = new TestSuite("engine");
 
         suite.addTest(ErrorStreamTest.suite());
         suite.addTest(LockInterruptTest.suite());
+        suite.addTest(RestrictiveFilePermissionsTest.suite());
         suite.addTest(ModuleLoadingTest.suite());
 
         return suite;

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/noAbortPermission.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/noAbortPermission.policy?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/noAbortPermission.policy
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/noAbortPermission.policy
Tue Sep 27 20:18:48 2011
@@ -117,6 +117,9 @@ grant codeBase "${derbyTesting.codejar}d
 
   // This permission is needed to call the Connection.abort(Executor) method added by JDBC
4.1
   permission java.sql.SQLPermission "callAbort";
+
+  // Needed by FileUtil#limitAccessToOwner
+  permission java.lang.RuntimePermission "accessUserInformation";
 };
 
 //
@@ -318,6 +321,9 @@ grant codeBase "${derbyTesting.codeclass
   permission org.apache.derby.security.SystemPermission "jmx", "control";
   permission org.apache.derby.security.SystemPermission "engine", "monitor";
   permission org.apache.derby.security.SystemPermission "server", "control,monitor";
+
+  // Needed by FileUtil#limitAccessToOwner
+  permission java.lang.RuntimePermission "accessUserInformation";
 };
 
 // JUnit jar file tries to read junit.properties in the user's

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.initial.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.initial.policy?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.initial.policy
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.initial.policy
Tue Sep 27 20:18:48 2011
@@ -49,6 +49,8 @@ grant codeBase "${derbyTesting.codejar}d
 // You may want to restrict this access to specific directories.
 //
   permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
+  // Needed by FileUtil#limitAccessToOwner
+  permission java.lang.RuntimePermission "accessUserInformation";
 };
 
 grant codeBase "${derbyTesting.codejar}derbynet.jar"

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.modified.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.modified.policy?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.modified.policy
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.modified.policy
Tue Sep 27 20:18:48 2011
@@ -49,6 +49,8 @@ grant codeBase "${derbyTesting.codejar}d
 // You may want to restrict this access to specific directories.
 //
   permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
+  // Needed by FileUtil#limitAccessToOwner
+  permission java.lang.RuntimePermission "accessUserInformation";
 };
 
 grant codeBase "${derbyTesting.codejar}derbynet.jar"

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/corruptio/CorruptFile.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/corruptio/CorruptFile.java?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/corruptio/CorruptFile.java
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/corruptio/CorruptFile.java
Tue Sep 27 20:18:48 2011
@@ -25,13 +25,11 @@ import org.apache.derby.io.StorageRandom
 import java.io.File;
 import java.io.InputStream;
 import java.io.OutputStream;
-import java.io.FileOutputStream;
-import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.FileNotFoundException;
-import java.io.RandomAccessFile;
 import java.net.MalformedURLException;
 import java.net.URL;
+import org.apache.derby.iapi.error.StandardException;
 
 /**
  * This class provides proxy implementation of the StorageFile interface. It is
@@ -322,7 +320,7 @@ class CorruptFile implements StorageFile
      *         <br> NO_FILE_LOCK_SUPPORT if the system does not support 
      *         exclusive locks.<br>
      */
-    public synchronized int getExclusiveFileLock()
+    public synchronized int getExclusiveFileLock() throws StandardException
 	{
 		return realFile.getExclusiveFileLock();
 
@@ -383,4 +381,9 @@ class CorruptFile implements StorageFile
 	public URL getURL() throws MalformedURLException {
 		throw new MalformedURLException(toString());
 	}
+
+    public void limitAccessToOwner() {
+        realFile.limitAccessToOwner();
+    }
+
 }

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy
Tue Sep 27 20:18:48 2011
@@ -134,6 +134,9 @@ grant codeBase "${derbyTesting.codejar}d
   permission java.lang.RuntimePermission "getStackTrace";
   permission java.lang.RuntimePermission "modifyThreadGroup";
 
+  // Needed by FileUtil#limitAccessToOwner
+  permission java.lang.RuntimePermission "accessUserInformation";
+
   // This permission is needed to call the Connection.abort(Executor) method added by JDBC
4.1
   permission java.sql.SQLPermission "callAbort";
 };
@@ -145,6 +148,7 @@ grant codeBase "${derbyTesting.codejar}d
   permission java.util.PropertyPermission "java.class.path", "read";//sysinfo
   permission java.util.PropertyPermission "java.runtime.version", "read";//sysinfo
   permission java.util.PropertyPermission "java.fullversion", "read";//sysinfo
+  permission java.util.PropertyPermission "derby.__serverStartedFromCmdLine", "write";
   
   // accept is needed for the server accepting connections
   // connect is needed for ping command (which is in the server jar)
@@ -153,11 +157,21 @@ grant codeBase "${derbyTesting.codejar}d
   permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
   permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect";
   // Need to be able to write to trace file for NetworkServerControlApiTest
-  permission java.io.FilePermission "${user.dir}${/}system${/}trace", "write"; 
-  permission java.io.FilePermission "${user.dir}${/}system${/}trace${/}-", "write"; 
+  permission java.io.FilePermission "${user.dir}${/}system${/}trace", "read,write";
+  permission java.io.FilePermission "${user.dir}${/}system${/}trace${/}-", "read,write";
+
+  // Need read/write to trace file for RestrictiveFilePermissionsTest
+  permission java.io.FilePermission "${user.dir}${/}system${/}RFPT_db_tracefiles_restr",
"read,write";
+  permission java.io.FilePermission "${user.dir}${/}system${/}RFPT_db_tracefiles_lax", "read,write";
+  permission java.io.FilePermission "${user.dir}${/}system${/}RFPT_db_tracefiles_restr${/}-",
"read,write";
+  permission java.io.FilePermission "${user.dir}${/}system${/}RFPT_db_tracefiles_lax${/}-",
"read,write";
+
     // Needed for NetworkServerMBean access (see JMX section above)
   permission org.apache.derby.security.SystemPermission "server", "control,monitor";
-  
+
+  // For NetworkServerControlApiTest:
+  // Needed by FileUtil#limitAccessToOwner
+  permission java.lang.RuntimePermission "accessUserInformation";
 };
 
 //
@@ -267,6 +281,9 @@ grant codeBase "${derbyTesting.testjar}d
   
   // These permissions are needed when testing code instrumented with EMMA.
   permission java.lang.RuntimePermission "${emma.active}writeFileDescriptor";
+
+  // Needed by FileUtil#limitAccessToOwner
+  permission java.lang.RuntimePermission "accessUserInformation";
 };
 
 //
@@ -342,6 +359,10 @@ grant codeBase "${derbyTesting.codeclass
   permission org.apache.derby.security.SystemPermission "jmx", "control";
   permission org.apache.derby.security.SystemPermission "engine", "monitor";
   permission org.apache.derby.security.SystemPermission "server", "control,monitor";
+
+  // Needed by FileUtil#limitAccessToOwner
+  permission java.lang.RuntimePermission "accessUserInformation";
+
 };
 
 // JUnit jar file tries to read junit.properties in the user's

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/TestConfiguration.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/TestConfiguration.java?rev=1176591&r1=1176590&r2=1176591&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/TestConfiguration.java
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/TestConfiguration.java
Tue Sep 27 20:18:48 2011
@@ -710,7 +710,7 @@ public final class TestConfiguration {
      * name.  This decorator expects the database file to be local so it can be
      * removed.
      * @param test Test to be decorated
-     * @param dbName We sometimes need to know outside to be able topass it on
+     * @param dbName We sometimes need to know outside to be able to pass it on
      *               to other VMs/processes.
      * @return decorated test.
      */
@@ -1046,7 +1046,7 @@ public final class TestConfiguration {
         this.userName = DEFAULT_USER_NAME;
         this.userPassword = DEFAULT_USER_PASSWORD;
         this.connectionAttributes = new Properties();
-        this.hostName = null;
+        this.hostName = DEFAULT_HOSTNAME;
         this.port = basePort;
         this.isVerbose = Boolean.valueOf(
             getSystemProperties().getProperty(KEY_VERBOSE)).



Mime
View raw message