private static void makeFileNonReadable(String file) throws IOException { Path filePath = Paths.get(file); Set<String> supportedAttr = filePath.getFileSystem().supportedFileAttributeViews(); if (supportedAttr.contains("posix")) { Files.setPosixFilePermissions(filePath, PosixFilePermissions.fromString("-w--w----")); } else if (supportedAttr.contains("acl")) { UserPrincipal fileOwner = Files.getOwner(filePath); AclFileAttributeView view = Files.getFileAttributeView(filePath, AclFileAttributeView.class); AclEntry entry = AclEntry.newBuilder() .setType(AclEntryType.DENY) .setPrincipal(fileOwner) .setPermissions(AclEntryPermission.READ_DATA) .build(); List<AclEntry> acl = view.getAcl(); acl.add(0, entry); view.setAcl(acl); } }
@Override public boolean checkAccessAllowed(CloudPath path, UserPrincipal userOrGroup, Set<AclEntryPermission> checkPermissions) { // Get the view for the path CloudFileAttributesView cloudFileAttributeView = Files.getFileAttributeView(path, CloudFileAttributesView.class); if (cloudFileAttributeView == null) { LOG.warn("Could not get {} attribute view from path {}", CloudFileAttributesView.class, path); return false; } CloudAclFileAttributes aclFileAttributes; try { aclFileAttributes = cloudFileAttributeView.readAttributes(); } catch (IOException e) { LOG.warn("Could not read ACL file attributes for {}", path); return false; } return checkAccessAllowed(aclFileAttributes.getAclSet(), userOrGroup, checkPermissions); }
/** * Checks the access for the given user/group such that the <em>all</em> of the permissions in * <em>checkPermissions</em> are allowed in the <em>cloudAclEntrySet</em> * * @param cloudAclEntrySet Asset ACL permissions * @param userOrGroup A {@link UserPrincipal} or {@link GroupPrincipal}, which can be null for * anonymous * @param checkPermissions Permissions to check for * @return true if access is allowed with the given permissions, false otherwise */ @Override public boolean checkAccessAllowed(CloudAclEntrySet assetPermissions, UserPrincipal userOrGroup, Set<AclEntryPermission> checkPermissions) { boolean isGroup = userOrGroup != null ? GroupPrincipal.class.isAssignableFrom(userOrGroup.getClass()) : false; // Get a user's groups if required Set<GroupPrincipal> userGroups; if (!isGroup && userPrincipalLookupService != null && userOrGroup != null) { userGroups = userPrincipalLookupService.getUserPrincipalGroups(userOrGroup); } else { userGroups = null; } return doesUserHaveAccess(assetPermissions, userOrGroup, userGroups, checkPermissions); }
boolean hasNextInternal(boolean advance) { while (advance && (hasNext = currentIterator.hasNext())) { nextEntry = currentIterator.next(); // When no principal class then iterate across the whole set if (principalClass == null) { return hasNext; } // GroupPrincipal inherits from UserPrincipal so we would like to constrain the // Class.isAssignableFrom call when we are looking for UserPrincipal to exclude GroupPrincipal boolean lookingForUserPrincipal = UserPrincipal.class.isAssignableFrom(principalClass) && !GroupPrincipal.class.isAssignableFrom(principalClass); // Check if this is the class type we are looking for if (principalClass.isAssignableFrom(nextEntry.getPrincipalClass()) && (!lookingForUserPrincipal || !GroupPrincipal.class.isAssignableFrom(nextEntry.getPrincipalClass()))) { return hasNext; } } return hasNext; }
boolean hasPermissions(EnumSet<AclEntryPermission> permissions) { CloudHostConfiguration cloudHostConfiguration = cloudPath.getFileSystem().getCloudHostConfiguration(); CloudHostSecurityManager cloudHostSecurityManager = cloudHostConfiguration.getCloudHostSecurityManager(); UserGroupLookupService<?> userPrincipalLookupService = cloudHostConfiguration.getUserGroupLookupService(); if (cloudHostSecurityManager == null) { // No security manager, allow access LOG.debug("No {} found in cloud host configuration {}, default action is to allow all access", CloudHostSecurityManager.class, cloudHostConfiguration); return true; } UserPrincipal currentUser = null; // Anonymous if (userPrincipalLookupService != null) { currentUser = userPrincipalLookupService.getCurrentUser(); } else { LOG.debug("Cannot find current user, no {} in cloud host configuration {}", UserGroupLookupService.class, cloudHostConfiguration); currentUser = AnonymousUserPrincipal.INSTANCE; } return cloudHostSecurityManager.checkAccessAllowed(cloudPath, currentUser, permissions); }
@Test public void testDoesUserHaveAccessFailsForAUserWithAnAnonymousGroupAllowRuleButAnonymousUserDenyRule() { UserPrincipal user = new TestUserImpl("user1"); CloudAclEntry<GroupPrincipal> entry1 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class) .addPermission(AclEntryPermission.ADD_FILE) .setType(AclEntryType.ALLOW) .setPrincipal(AnonymousGroupPrincipal.INSTANCE) .build(); CloudAclEntry<UserPrincipal> entry2 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class) .addPermission(AclEntryPermission.ADD_FILE) .setType(AclEntryType.DENY) .setPrincipal(new AnonymousUserPrincipal()) .build(); CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1, entry2); Assert.assertFalse(mgr.doesUserHaveAccess(assetPermissions, user, null, EnumSet.of(AclEntryPermission.ADD_FILE))); }
@Test public void testDoesUserHaveAccessFailsForAUserGroupWithAnAllowRuleAndAUserWithADenyRule() { UserPrincipal user = new TestUserImpl("user1"); CloudAclEntry<UserPrincipal> entry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class) .addPermission(AclEntryPermission.ADD_FILE) .setType(AclEntryType.DENY) .setPrincipal(user) .build(); GroupPrincipal group1 = new TestGroupImpl("group1"); GroupPrincipal group2 = new TestGroupImpl("group2"); Set<GroupPrincipal> userGroups = Sets.newHashSet(group1, group2); CloudAclEntry<GroupPrincipal> entry2 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class) .addPermission(AclEntryPermission.ADD_FILE) .setType(AclEntryType.ALLOW) .setPrincipal(group2) .build(); CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1, entry2); Assert.assertFalse(mgr.doesUserHaveAccess(assetPermissions, user, userGroups, EnumSet.of(AclEntryPermission.ADD_FILE))); }
@Test public void testDoesUserHaveAccessSucceedsForAUserPrincipalWithMultipleCheckPermissionsAndMultipleAssetPermissionsAllowed() { UserPrincipal user = new TestUserImpl("user1"); CloudAclEntry<UserPrincipal> entry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class) .addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY, AclEntryPermission.WRITE_ACL) .setType(AclEntryType.ALLOW) .setPrincipal(user) .build(); CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1); Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, user, null, EnumSet.of(AclEntryPermission.ADD_FILE, AclEntryPermission.WRITE_ACL))); Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, user, null, EnumSet.of(AclEntryPermission.ADD_SUBDIRECTORY, AclEntryPermission.WRITE_ACL))); Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, user, null, EnumSet.of(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY, AclEntryPermission.WRITE_ACL))); }
@Test public void testDoesUserHaveAccessSucceedsForUsersGroupWithMultipleCheckPermissionsAndMultipleAssetPermissionsAllowed() { UserPrincipal user = new TestUserImpl("user1"); GroupPrincipal group1 = new TestGroupImpl("group1"); GroupPrincipal group2 = new TestGroupImpl("group2"); Set<GroupPrincipal> userGroups = Sets.newHashSet(group1, group2); CloudAclEntry<GroupPrincipal> entry1 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class) .addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY, AclEntryPermission.WRITE_ACL) .setType(AclEntryType.ALLOW) .setPrincipal(group2) .build(); CloudAclEntrySet assetPermissions = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE, entry1); Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, user, userGroups, EnumSet.of(AclEntryPermission.ADD_FILE))); Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, user, userGroups, EnumSet.of(AclEntryPermission.ADD_FILE, AclEntryPermission.WRITE_ACL))); Assert.assertTrue(mgr.doesUserHaveAccess(assetPermissions, user, userGroups, EnumSet.of(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY, AclEntryPermission.WRITE_ACL))); }
@Test public void testIsConflictingAclWillDetermineThatAnAllowAndDenyForTheSamePermissionsForAUserConflicts() { UserPrincipal user1 = new TestUserImpl("user1"); UserPrincipal user2 = new TestUserImpl("user1"); CloudAclEntry<UserPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class) .setPrincipal(user1) .setType(AclEntryType.DENY) .addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY) .build(); CloudAclEntry<UserPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class) .setPrincipal(user2) .setType(AclEntryType.ALLOW) .addPermissions(AclEntryPermission.DELETE, AclEntryPermission.ADD_SUBDIRECTORY) .build(); Assert.assertTrue(checker.isConflictingAcl(cloudAclEntry1, cloudAclEntry2)); }
@Test public void testIsConflictingAclWillDetermineThatAnAllowAndDenyForDifferentUsersDoesNotConflict() { UserPrincipal user1 = new TestUserImpl("user1"); UserPrincipal user2 = new TestUserImpl("user2"); CloudAclEntry<UserPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class) .setPrincipal(user1) .setType(AclEntryType.DENY) .addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY) .build(); CloudAclEntry<UserPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class) .setPrincipal(user2) .setType(AclEntryType.ALLOW) .addPermissions(AclEntryPermission.DELETE, AclEntryPermission.ADD_SUBDIRECTORY) .build(); Assert.assertFalse(checker.isConflictingAcl(cloudAclEntry1, cloudAclEntry2)); }
@Test public void testIsConflictingAclWillReturnFalseForAUserNotInAGroup() { UserPrincipal user1 = new TestUserImpl("user1"); GroupPrincipal group2 = new TestGroupImpl("group1"); CloudAclEntry<UserPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class) .setPrincipal(user1) .setType(AclEntryType.DENY) .addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY) .build(); CloudAclEntry<GroupPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class) .setPrincipal(group2) .setType(AclEntryType.ALLOW) .addPermissions(AclEntryPermission.ADD_SUBDIRECTORY) .build(); Assert.assertFalse(checker.isConflictingAcl(cloudAclEntry1, cloudAclEntry2)); }
@Test public void testIsConflictingAclWillReturnFalseByDefaultForAUserInAGroupWithConflictingPermissions() { UserPrincipal user1 = new TestUserImpl("user1"); TestGroupImpl group2 = new TestGroupImpl("group1"); group2.addMember(user1); Assert.assertTrue(group2.isMember(user1)); CloudAclEntry<UserPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class) .setPrincipal(user1) .setType(AclEntryType.DENY) .addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY) .build(); CloudAclEntry<GroupPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class) .setPrincipal(group2) .setType(AclEntryType.ALLOW) .addPermissions(AclEntryPermission.ADD_SUBDIRECTORY) .build(); Assert.assertFalse(checker.isConflictingAcl(cloudAclEntry1, cloudAclEntry2)); }
@Test public void testIsConflictingAclWillReturnTrueIfTheGroupMembershipCheckIsEnabledForAUserInAGroupWithConflictingPermissions() { checker = new DefaultCloudAclEntryConflictChecker(true); UserPrincipal user1 = new TestUserImpl("user1"); TestGroupImpl group2 = new TestGroupImpl("group1"); group2.addMember(user1); Assert.assertTrue(group2.isMember(user1)); CloudAclEntry<UserPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class) .setPrincipal(user1) .setType(AclEntryType.DENY) .addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY) .build(); CloudAclEntry<GroupPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class) .setPrincipal(group2) .setType(AclEntryType.ALLOW) .addPermissions(AclEntryPermission.ADD_SUBDIRECTORY) .build(); Assert.assertTrue(checker.isConflictingAcl(cloudAclEntry1, cloudAclEntry2)); }
@Test public void testMergeAclForTwoAllowRulesWillMergeThePermissionsAndFlagsOfTwoAclsForTheSameUser() { CloudAclEntry<UserPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class) .setPrincipal(new TestUserImpl("user1")) .setType(AclEntryType.ALLOW) .addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY) .addFlag(AclEntryFlag.DIRECTORY_INHERIT) .build(); CloudAclEntry<UserPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class) .setPrincipal(new TestUserImpl("user1")) .setType(AclEntryType.ALLOW) .addPermissions(AclEntryPermission.DELETE) .addFlag(AclEntryFlag.FILE_INHERIT) .build(); CloudAclEntry<?> mergedAcl = checker.mergeAcl(new ConflictingCloudAclEntry(cloudAclEntry1, cloudAclEntry2)); Assert.assertEquals("user1", ((TestUserImpl)mergedAcl.getPrincipal()).getName()); Assert.assertEquals(AclEntryType.ALLOW, mergedAcl.getType()); Assert.assertEquals(EnumSet.of(AclEntryPermission.DELETE, AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY), mergedAcl.getPermissions()); Assert.assertEquals(EnumSet.of(AclEntryFlag.DIRECTORY_INHERIT, AclEntryFlag.FILE_INHERIT), mergedAcl.getFlags()); }
@Test public void testMergeAclForTwoDenyRulesWillMergeThePermissionsAndFlagsOfTwoAclsForTheSameUser() { CloudAclEntry<UserPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class) .setPrincipal(new TestUserImpl("user1")) .setType(AclEntryType.DENY) .addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY) .addFlag(AclEntryFlag.DIRECTORY_INHERIT) .build(); CloudAclEntry<UserPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class) .setPrincipal(new TestUserImpl("user1")) .setType(AclEntryType.DENY) .addPermissions(AclEntryPermission.DELETE) .addFlag(AclEntryFlag.FILE_INHERIT) .build(); CloudAclEntry<?> mergedAcl = checker.mergeAcl(new ConflictingCloudAclEntry(cloudAclEntry1, cloudAclEntry2)); Assert.assertEquals("user1", ((TestUserImpl)mergedAcl.getPrincipal()).getName()); Assert.assertEquals(AclEntryType.DENY, mergedAcl.getType()); Assert.assertEquals(EnumSet.of(AclEntryPermission.DELETE, AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY), mergedAcl.getPermissions()); Assert.assertEquals(EnumSet.of(AclEntryFlag.DIRECTORY_INHERIT, AclEntryFlag.FILE_INHERIT), mergedAcl.getFlags()); }
@Test public void testCloneProducesACloneEqualsToTheOriginalSet() throws NotOwnerException { UserPrincipal user1 = new TestUserImpl("user1"); TestGroupImpl group1 = new TestGroupImpl("group1"); CloudAclEntrySet acls = new CloudAclEntrySet(AnonymousUserPrincipal.INSTANCE); CloudAclEntry<UserPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class) .setPrincipal(user1) .setType(AclEntryType.DENY) .addPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY) .build(); CloudAclEntry<GroupPrincipal> cloudAclEntry2 = new CloudAclEntryBuilder<GroupPrincipal>(GroupPrincipal.class) .setPrincipal(group1) .setType(AclEntryType.ALLOW) .addPermissions(AclEntryPermission.ADD_SUBDIRECTORY) .build(); Assert.assertTrue(acls.addAllEntries(AnonymousUserPrincipal.INSTANCE, Arrays.asList(new CloudAclEntry<?>[] {cloudAclEntry1, cloudAclEntry2}))); CloudAclEntrySet clone = acls.clone(); Assert.assertEquals(acls, clone); }
@Test public void testGetAclEntriesUsesClonedEntriesAndDoesNotModifyTheUnderlyingAclEntry() throws NotOwnerException { UserPrincipal user1 = new TestUserImpl("user1"); CloudAclEntry<UserPrincipal> cloudAclEntry1 = new CloudAclEntryBuilder<UserPrincipal>(UserPrincipal.class) .setPrincipal(user1) .setType(AclEntryType.ALLOW) .addPermissions(AclConstants.ALL_DIRECTORY_READ_PERMISSIONS) .build(); CloudAclEntrySet acls = new CloudAclEntrySet(user1, cloudAclEntry1); Set<CloudAclEntry<?>> aclEntries = acls.getAclEntries(); Assert.assertEquals(1, aclEntries.size()); CloudAclEntry<?> cloudAclEntryClone = aclEntries.stream().findFirst().get(); Assert.assertEquals(cloudAclEntry1, cloudAclEntryClone); Assert.assertFalse(cloudAclEntry1 == cloudAclEntryClone); cloudAclEntryClone.setPermissions(AclConstants.ALL_FILE_WRITE_PERMISSIONS); Assert.assertEquals(AclConstants.ALL_FILE_WRITE_PERMISSIONS, cloudAclEntryClone.getPermissions()); Assert.assertNotEquals(AclConstants.ALL_DIRECTORY_READ_PERMISSIONS, cloudAclEntryClone.getPermissions()); Assert.assertEquals(AclConstants.ALL_DIRECTORY_READ_PERMISSIONS, cloudAclEntry1.getPermissions()); Assert.assertNotEquals(AclConstants.ALL_FILE_WRITE_PERMISSIONS, cloudAclEntry1.getPermissions()); }
public void otherPotentiallyUsefulFeatures() { final Path path = Paths.get("/foo/bar"); Files.isRegularFile(path); Files.isExecutable(path); Files.isReadable(path); Files.isDirectory(path); try { Files.isHidden(path); UserPrincipal userPrincipal = FileSystems.getDefault().getUserPrincipalLookupService() .lookupPrincipalByName("zmelnick"); Files.setOwner(path, userPrincipal); Files.isExecutable(path); } catch (IOException e) { e.printStackTrace(); } }
/** * Add the proper File-System permissions to a file so that SQL Server can run a RESTORE query. * * @param username The username that SQL Server runs as, e.g. "NETWORK SERVICE" * @param file The file whose permissions will be modified. * @throws IOException */ public static void addRestorePermissions(String username, Path file) throws IOException { AclFileAttributeView aclAttr = Files.getFileAttributeView(file, AclFileAttributeView.class); UserPrincipalLookupService currULS = file.getFileSystem().getUserPrincipalLookupService(); UserPrincipal principal = currULS.lookupPrincipalByName(username); AclEntry.Builder builder = AclEntry.newBuilder(); builder.setPermissions(EnumSet.of(AclEntryPermission.READ_DATA, AclEntryPermission.READ_ACL, AclEntryPermission.READ_ATTRIBUTES, AclEntryPermission.READ_NAMED_ATTRS, AclEntryPermission.EXECUTE, AclEntryPermission.SYNCHRONIZE)); builder.setPrincipal(principal); builder.setType(AclEntryType.ALLOW); aclAttr.setAcl(Collections.singletonList(builder.build())); }
public static void setOwner( final String owner, final Path... dirs) throws IOException { UserPrincipal principal = FileSystems.getDefault() .getUserPrincipalLookupService() .lookupPrincipalByName(owner); for (Path dir : dirs) { try { java.nio.file.Files.setOwner(dir, principal); } catch (IOException e) { m_logger.warn("Failed to set \"{}\" as the owner of \"{}\"", owner, dir); } } }
/** * @throws Exception */ @Test public void shouldPassAuth() throws Exception { SecurityConstraint securityConstraint = new SecurityConstraint(); securityConstraint.setAuthConstraint(true); when(realm.findSecurityConstraints(request, request.getContext())) .thenReturn(new SecurityConstraint[] { securityConstraint }); when(request.getHeader(JwtConstants.AUTH_HEADER)).thenReturn( getTestToken()); jwtValve.invoke(request, response); InOrder inOrder = inOrder(request, nextValve); inOrder.verify(request).getHeader(JwtConstants.AUTH_HEADER); inOrder.verify(request).setUserPrincipal(any(UserPrincipal.class)); inOrder.verify(request).setAuthType("TOKEN"); inOrder.verify(nextValve).invoke(request, response); }
@Test(expected = UnsupportedOperationException.class) public void setOwnerOfFile_shouldThrowUnsupportedOperationException() throws IOException { writeToCache("/file.txt"); commitToMaster(); initGitFileSystem(); GfsFileAttributeView.Posix view = provider.getFileAttributeView(gfs.getPath("/file.txt"), GfsFileAttributeView.Posix.class); assertNotNull(view); view.setOwner(new UserPrincipal() { @Nonnull @Override public String getName() { return "some_owner"; } }); }
@Override protected void protectPrivateKeyFile(File sshKey) throws ServerException { try { AclFileAttributeView attributes = Files.getFileAttributeView(sshKey.toPath(), AclFileAttributeView.class); AclEntry.Builder builder = AclEntry.newBuilder(); builder.setType(ALLOW); String ownerName = System.getProperty(OWNER_NAME_PROPERTY); UserPrincipal userPrincipal = FileSystems.getDefault().getUserPrincipalLookupService().lookupPrincipalByName(ownerName); builder.setPrincipal(userPrincipal); builder.setPermissions( READ_DATA, APPEND_DATA, READ_NAMED_ATTRS, READ_ATTRIBUTES, DELETE, READ_ACL, SYNCHRONIZE); AclEntry entry = builder.build(); List<AclEntry> aclEntryList = new ArrayList<>(); aclEntryList.add(entry); attributes.setAcl(aclEntryList); } catch (IOException e) { throw new ServerException("Failed to set file permissions"); } }
private String getOwnerName(File file) { String directory = file.getAbsolutePath(); Path path = Paths.get(directory); FileOwnerAttributeView ownerAttributeView = Files.getFileAttributeView(path, FileOwnerAttributeView.class); UserPrincipal owner = null; try { owner = ownerAttributeView.getOwner(); } catch (IOException e) { throw new PersonifilerException(e); } return owner.getName(); }
/** * Cleans off the user principal and group principal from the subject. * * @param messageInfo * message info * @param subject * subject */ @Override public void cleanSubject(final MessageInfo messageInfo, final Subject subject) throws AuthException { final Iterator<Principal> i = subject.getPrincipals().iterator(); while (i.hasNext()) { final Principal principal = i.next(); if (principal instanceof UserPrincipal) { i.remove(); } if (principal instanceof GroupPrincipal) { i.remove(); } } }
private RsyncFileAttributes fullStat(Path path) throws IOException { String toStat = "unix:mode,lastModifiedTime,size,uid,gid,owner,group"; Map<String, Object> attrs = Files.readAttributes(path, toStat, LinkOption.NOFOLLOW_LINKS); int mode = (int) attrs.get("mode"); long mtime = ((FileTime) attrs.get("lastModifiedTime")).to(TimeUnit.SECONDS); long size = (long) attrs.get("size"); int uid = (int) attrs.get("uid"); int gid = (int) attrs.get("gid"); String userName = ((UserPrincipal ) attrs.get("owner")).getName(); String groupName = ((GroupPrincipal) attrs.get("group")).getName(); User user = new User(userName, uid); Group group = new Group(groupName, gid); return new RsyncFileAttributes(mode, size, mtime, user, group); }
@Override public RsyncFileAttributes stat(Path path) throws IOException { PosixFileAttributes attrs = Files.readAttributes(path, PosixFileAttributes.class, LinkOption.NOFOLLOW_LINKS); UserPrincipal userPrincipal = attrs.owner(); String userName = userPrincipal.getName(); GroupPrincipal groupPrincipal = attrs.group(); String groupName = groupPrincipal.getName(); _nameToUserPrincipal.putIfAbsent(userName, userPrincipal); _nameToGroupPrincipal.putIfAbsent(groupName, groupPrincipal); return new RsyncFileAttributes(toMode(attrs), attrs.size(), attrs.lastModifiedTime().to(TimeUnit.SECONDS), new User(userName, _defaultUserId), new Group(groupName, _defaultGroupId)); }
@Override public void checkAccess( EightyPath path, AccessMode... modes ) { checkContract( path ); // can not be moved to Eighty because Files.exists calls checkAccess first -> loop if( !isDirectory( path ) && !isFile( path ) ) { throw u( new NoSuchFileException( "files does not exist " + path ) ); } // todo generalize if( Arrays.asList( modes ).contains( AccessMode.WRITE ) ) { UserPrincipal fileOwner = Unchecked.u( () -> Files.getOwner( path ) ); if( !principals.getCurrentUser().equals( fileOwner ) ) { throw u( new AccessDeniedException( "file is not writable " ) ); } } }
@Test public void testUsersEquals() throws IOException { Path rootPath = Paths.get(clusterUri); UserPrincipal user = Files.getOwner(rootPath); assertNotNull(user); // Get the same user UserPrincipal user2 = Files.getOwner(rootPath); assertNotNull(user2); Assert.assertTrue(user.equals(user)); Assert.assertTrue(user.equals(user2) && user2.equals(user)); Assert.assertFalse(user.equals(null)); Assert.assertFalse(user.equals(new Double(-1))); UserPrincipal userTest = rootPath.getFileSystem() .getUserPrincipalLookupService().lookupPrincipalByName("test"); Assert.assertFalse(user.equals(userTest)); }
@Test public void testDefaultOwnership() throws Exception { // This is unix test only if (!Util.isWindows()) { CommandContext ctx = CLITestUtil.getCommandContext(TestSuiteEnvironment.getServerAddress(), TestSuiteEnvironment.getServerPort(), System.in, System.out); String tmpFile = "tmpFile"; Path path = Paths.get(tmpFile); try { ctx.handle("echo \"aaa\" >> " + tmpFile); UserPrincipal userPrincipal = Files.getOwner(path); assertThat("The test file has unexpected ownership: " + userPrincipal.toString(), userPrincipal.toString(), CoreMatchers.is(CoreMatchers.equalTo(System.getProperty("user.name")))); } finally { ctx.terminateSession(); Files.delete(path); } } }
private AclEntry createConfigurationAccessACLEntry(UserPrincipal user) { AclEntry entry = AclEntry .newBuilder() .setType(AclEntryType.ALLOW) .setPrincipal(user) .setPermissions( AclEntryPermission.WRITE_NAMED_ATTRS, AclEntryPermission.WRITE_DATA, AclEntryPermission.WRITE_ATTRIBUTES, AclEntryPermission.READ_ATTRIBUTES, AclEntryPermission.APPEND_DATA, AclEntryPermission.READ_DATA, AclEntryPermission.READ_NAMED_ATTRS, AclEntryPermission.READ_ACL, AclEntryPermission.SYNCHRONIZE, AclEntryPermission.DELETE) .setFlags(AclEntryFlag.FILE_INHERIT) .build(); return entry; }
@Test public void testUserLookupService() throws IOException { UserPrincipalLookupService service = new UserLookupService(true); UserPrincipal bob1 = service.lookupPrincipalByName("bob"); UserPrincipal bob2 = service.lookupPrincipalByName("bob"); UserPrincipal alice = service.lookupPrincipalByName("alice"); assertThat(bob1).isEqualTo(bob2); assertThat(bob1).isNotEqualTo(alice); GroupPrincipal group1 = service.lookupPrincipalByGroupName("group"); GroupPrincipal group2 = service.lookupPrincipalByGroupName("group"); GroupPrincipal foo = service.lookupPrincipalByGroupName("foo"); assertThat(group1).isEqualTo(group2); assertThat(group1).isNotEqualTo(foo); }
private void sortByOwner(String param){ toSort.forEach(event ->{ try { UserPrincipal user = Files.getOwner(new File(event).toPath(), LinkOption.NOFOLLOW_LINKS); if(user.toString().equals(param)){ sorted.add(event); } } catch (IOException ex) { } }); }
/** * * @param filename the file name * @return the file owner * @throws FileSystemOperationException */ private String getOwner( String filename ) { try { UserPrincipal owner = Files.readAttributes( new File( filename ).toPath(), PosixFileAttributes.class, LinkOption.NOFOLLOW_LINKS ) .owner(); return owner.getName(); } catch( Exception e ) { throw new FileSystemOperationException( "Could not get owner for '" + filename + "'", e ); } }
@Override public void setUnixOwner(final Path file, final String owner) throws BackgroundException { try { final UserPrincipal principal = session.getClient().getUserPrincipalLookupService().lookupPrincipalByName(owner); Files.setOwner(session.toPath(file), principal); } catch(IOException e) { throw new LocalExceptionMappingService().map("Failure to write attributes of {0}", e, file); } }
private static String getOwner(Path path) { UserPrincipal user = null; try { user = Files.getOwner(path); } catch (Exception x) { System.err.println("Failed to get owner of: " + path); System.err.println("\terror is: " + x); } return user == null ? "???" : user.getName(); }
