db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kahat...@apache.org
Subject svn commit: r1728681 - in /db/derby/code/trunk: ./ java/build/org/apache/derbyBuild/lastgoodjarcontents/ java/engine/org/apache/derby/iapi/services/io/ java/testing/org/apache/derbyTesting/functionTests/tests/engine/ tools/jar/
Date Fri, 05 Feb 2016 15:19:55 GMT
Author: kahatlen
Date: Fri Feb  5 15:19:55 2016
New Revision: 1728681

URL: http://svn.apache.org/viewvc?rev=1728681&view=rev
Log:
DERBY-6865: RestrictiveFilePermissionsTest fails on Windows

Move the contents of FilePermissionServiceImpl into FileUtil. It was
originally separated out of FileUtil because it used functionality
only available on Java 7 and higher, so it had to be loaded via
reflection. Since Java 8 is the minimum level on trunk, it could be
used directly from FileUtil without reflection.

The reason for the test failure was that a recent change caused
FilePermissionServiceImpl to be excluded from derby.jar, so that its
services were not used, and the database files ended up with unexpected
permissions.

Removed:
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/FilePermissionService.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/FilePermissionServiceImpl.java
Modified:
    db/derby/code/trunk/build.xml
    db/derby/code/trunk/java/build/org/apache/derbyBuild/lastgoodjarcontents/insane.derby.jar.lastcontents
    db/derby/code/trunk/java/build/org/apache/derbyBuild/lastgoodjarcontents/sane.derby.jar.lastcontents
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/FileUtil.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/engine/RestrictiveFilePermissionsTest.java
    db/derby/code/trunk/tools/jar/extraDBMSclasses.properties

Modified: db/derby/code/trunk/build.xml
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/build.xml?rev=1728681&r1=1728680&r2=1728681&view=diff
==============================================================================
--- db/derby/code/trunk/build.xml (original)
+++ db/derby/code/trunk/build.xml Fri Feb  5 15:19:55 2016
@@ -1318,17 +1318,8 @@
       <fileset dir="${derby.jar.dir}/lists" includes="**/*"/>
     </delete>
 
-    <!-- Classes that will only be compiled with JDK 7 and higher are
-         commented out. Determine here whether they should be included. -->
-    <condition property="derbyjar.jdk7.prefix" value="" else="#">
-        <isset property="vmLevelIsAtLeast1.7"/>
-    </condition>
-
     <concat destfile="${derby.jar.dir}/lists/otherDerbyClasses.properties">
       <fileset dir="${basedir}/tools/jar" includes="*DBMS*.properties"/>
-      <filterchain>
-          <replacestring from="#jdk7#" to="${derbyjar.jdk7.prefix}"/>
-      </filterchain>
     </concat>
 
     <mkdir dir="${derby.jar.dir}/lists/org/apache/derby"/>

Modified: db/derby/code/trunk/java/build/org/apache/derbyBuild/lastgoodjarcontents/insane.derby.jar.lastcontents
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/build/org/apache/derbyBuild/lastgoodjarcontents/insane.derby.jar.lastcontents?rev=1728681&r1=1728680&r2=1728681&view=diff
==============================================================================
--- db/derby/code/trunk/java/build/org/apache/derbyBuild/lastgoodjarcontents/insane.derby.jar.lastcontents
(original)
+++ db/derby/code/trunk/java/build/org/apache/derbyBuild/lastgoodjarcontents/insane.derby.jar.lastcontents
Fri Feb  5 15:19:55 2016
@@ -159,8 +159,6 @@ org.apache.derby.iapi.services.io.DerbyI
 org.apache.derby.iapi.services.io.DynamicByteArrayOutputStream.class
 org.apache.derby.iapi.services.io.ErrorInfo.class
 org.apache.derby.iapi.services.io.ErrorObjectInput.class
-org.apache.derby.iapi.services.io.FilePermissionService.class
-org.apache.derby.iapi.services.io.FilePermissionServiceImpl.class
 org.apache.derby.iapi.services.io.FileUtil.class
 org.apache.derby.iapi.services.io.FormatIdInputStream.class
 org.apache.derby.iapi.services.io.FormatIdOutputStream.class

Modified: db/derby/code/trunk/java/build/org/apache/derbyBuild/lastgoodjarcontents/sane.derby.jar.lastcontents
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/build/org/apache/derbyBuild/lastgoodjarcontents/sane.derby.jar.lastcontents?rev=1728681&r1=1728680&r2=1728681&view=diff
==============================================================================
--- db/derby/code/trunk/java/build/org/apache/derbyBuild/lastgoodjarcontents/sane.derby.jar.lastcontents
(original)
+++ db/derby/code/trunk/java/build/org/apache/derbyBuild/lastgoodjarcontents/sane.derby.jar.lastcontents
Fri Feb  5 15:19:55 2016
@@ -160,8 +160,6 @@ org.apache.derby.iapi.services.io.DerbyI
 org.apache.derby.iapi.services.io.DynamicByteArrayOutputStream.class
 org.apache.derby.iapi.services.io.ErrorInfo.class
 org.apache.derby.iapi.services.io.ErrorObjectInput.class
-org.apache.derby.iapi.services.io.FilePermissionService.class
-org.apache.derby.iapi.services.io.FilePermissionServiceImpl.class
 org.apache.derby.iapi.services.io.FileUtil.class
 org.apache.derby.iapi.services.io.FormatIdInputStream.class
 org.apache.derby.iapi.services.io.FormatIdOutputStream.class

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/FileUtil.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/FileUtil.java?rev=1728681&r1=1728680&r2=1728681&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/FileUtil.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/FileUtil.java Fri Feb
 5 15:19:55 2016
@@ -33,8 +33,17 @@ import org.apache.derby.io.StorageFile;
 
 import java.net.MalformedURLException;
 import java.net.URL;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.attribute.AclEntry;
+import java.nio.file.attribute.AclEntryPermission;
+import java.nio.file.attribute.AclEntryType;
+import java.nio.file.attribute.AclFileAttributeView;
+import java.nio.file.attribute.PosixFileAttributeView;
+import java.nio.file.attribute.PosixFilePermission;
+import java.util.Collections;
+import java.util.EnumSet;
 import org.apache.derby.iapi.reference.Property;
-import org.apache.derby.iapi.services.info.JVMInfo;
 import org.apache.derby.iapi.services.property.PropertyUtil;
 
 /**
@@ -459,28 +468,6 @@ public abstract class FileUtil {
         return result;
     }
 
-
-    // Members used by limitAccessToOwner
-    private final static FilePermissionService filePermissionService =
-            loadFilePermissionService();
-
-    private static FilePermissionService loadFilePermissionService() {
-        try {
-            Class cl = Class.forName(
-                    FilePermissionService.class.getName() + "Impl");
-            return (FilePermissionService) cl.newInstance();
-        } catch (ClassNotFoundException ex) {
-        } catch (InstantiationException ex) {
-        } catch (IllegalAccessException ex) {
-        } catch (LinkageError e) {
-        }
-
-        // Could not create an instance. This most likely means we are
-        // not on Java 7 or higher. Just return null, and let
-        // limitAccessToOwner() choose another strategy on older platforms.
-        return null;
-    }
-
     /**
      * <p>
      * Use when creating new files. If running on Unix,
@@ -503,9 +490,8 @@ public abstract class FileUtil {
      * </p>
      *
      * <p>
-     * On Windows, with NTFS with ACLs, if running with Java 7 or higher, we
-     * limit access also for Windows using the new {@code
-     * java.nio.file.attribute} package.
+     * On Windows, with NTFS with ACLs, we limit access also for Windows
+     * using the new {@code java.nio.file.attribute} package.
      * </p>
      *
      * <p>
@@ -530,16 +516,14 @@ public abstract class FileUtil {
             Property.STORAGE_USE_DEFAULT_FILE_PERMISSIONS);
 
         if (value != null) {
-            if (Boolean.valueOf(value.trim()).booleanValue()) {
+            if (Boolean.parseBoolean(value.trim())) {
                 return;
             }
         } else {
             // The property has not been specified. Only proceed if we are
-            // running with the network server started from the command line
-            // *and* at Java 7 or above
-            if (JVMInfo.JDK_ID >= JVMInfo.J2SE_17 &&
-                    (PropertyUtil.getSystemBoolean(
-                        Property.SERVER_STARTED_FROM_CMD_LINE, false)) ) {
+            // running with the network server started from the command line.
+            if (PropertyUtil.getSystemBoolean(
+                        Property.SERVER_STARTED_FROM_CMD_LINE, false)) {
                 // proceed
             } else {
                 return;
@@ -609,15 +593,55 @@ public abstract class FileUtil {
     private static boolean limitAccessToOwnerViaFileAttributeView(File file)
             throws IOException {
 
-        // See if we are running on JDK 7 so we can deny access
-        // using the new java.nio.file.attribute package.
+        Path fileP = file.toPath();
 
-        if (filePermissionService == null) {
-            // nope
-            return false;
+        PosixFileAttributeView posixView = Files.getFileAttributeView(
+                fileP, PosixFileAttributeView.class);
+        if (posixView != null) {
+
+            // This is a POSIX file system. Usually,
+            // FileUtil.limitAccessToOwnerViaFile() will successfully set
+            // the permissions on such file systems using the java.io.File
+            // class, so we don't get here. If, however, that approach failed,
+            // we try again here using a PosixFileAttributeView. That's likely
+            // to fail too, but at least now we will get an IOException that
+            // explains why it failed.
+
+            EnumSet<PosixFilePermission> perms = EnumSet.of(
+                    PosixFilePermission.OWNER_READ,
+                    PosixFilePermission.OWNER_WRITE);
+
+            if (file.isDirectory()) {
+                perms.add(PosixFilePermission.OWNER_EXECUTE);
+            }
+
+            posixView.setPermissions(perms);
+
+            return true;
+        }
+
+        AclFileAttributeView aclView = Files.getFileAttributeView(
+                fileP, AclFileAttributeView.class);
+        if (aclView != null) {
+
+            // Since we have an AclFileAttributeView which is not a
+            // PosixFileAttributeView, we probably have an NTFS file
+            // system.
+
+            // Remove existing ACEs, build a new one which simply
+            // gives all possible permissions to current owner.
+            AclEntry ace = AclEntry.newBuilder()
+                    .setPrincipal(Files.getOwner(fileP))
+                    .setType(AclEntryType.ALLOW)
+                    .setPermissions(EnumSet.allOf(AclEntryPermission.class))
+                    .build();
+
+            aclView.setAcl(Collections.singletonList(ace));
+
+            return true;
         }
 
-        // We have Java 7, so call.
-        return filePermissionService.limitAccessToOwner(file);
+        // We don't know how to set permissions on this file system.
+        return false;
     }
 }

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/engine/RestrictiveFilePermissionsTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/engine/RestrictiveFilePermissionsTest.java?rev=1728681&r1=1728680&r2=1728681&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/engine/RestrictiveFilePermissionsTest.java
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/engine/RestrictiveFilePermissionsTest.java
Fri Feb  5 15:19:55 2016
@@ -37,9 +37,8 @@ import java.sql.Connection;
 import java.sql.PreparedStatement;
 import java.sql.SQLException;
 import java.sql.Statement;
-import java.util.Arrays;
 import java.util.Collections;
-import java.util.HashSet;
+import java.util.EnumSet;
 import java.util.Properties;
 import java.util.Set;
 import javax.sql.DataSource;
@@ -496,13 +495,13 @@ public class RestrictiveFilePermissionsT
 
     // Members used by limitAccessToOwner
     private static final Set<PosixFilePermission> UNWANTED_PERMISSIONS =
-            Collections.unmodifiableSet(new HashSet<>(Arrays.asList(
+            Collections.unmodifiableSet(EnumSet.of(
                     PosixFilePermission.GROUP_EXECUTE,
                     PosixFilePermission.GROUP_READ,
                     PosixFilePermission.GROUP_WRITE,
                     PosixFilePermission.OTHERS_EXECUTE,
                     PosixFilePermission.OTHERS_READ,
-                    PosixFilePermission.OTHERS_WRITE)));
+                    PosixFilePermission.OTHERS_WRITE));
 
     /**
      * Check that the file has access only for the owner. Will throw (JUnit

Modified: db/derby/code/trunk/tools/jar/extraDBMSclasses.properties
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/tools/jar/extraDBMSclasses.properties?rev=1728681&r1=1728680&r2=1728681&view=diff
==============================================================================
--- db/derby/code/trunk/tools/jar/extraDBMSclasses.properties (original)
+++ db/derby/code/trunk/tools/jar/extraDBMSclasses.properties Fri Feb  5 15:19:55 2016
@@ -113,10 +113,6 @@ derby.module.engine.threaddump=org.apach
 derby.module.logging.provider=org.apache.derby.impl.services.stream.RollingFileStreamProvider
 derby.module.logging.stream=org.apache.derby.impl.services.stream.RollingFileStream
 
-# This class only exists if compiled using JDK 7 or higher. Will be enabled
-# by the build script if the JDK is recent enough.
-#jdk7#derby.module.permission.service=org.apache.derby.iapi.services.io.FilePermissionServiceImpl
-
 # optional tools
 derby.module.opttrace=org.apache.derby.impl.sql.compile.OptimizerTracer
 derby.module.opttraceviewer=org.apache.derby.impl.sql.compile.OptTraceViewer



Mime
View raw message