Examples with UserPrincipalLookupService java.nio.file.attribute.UserPrincipalLookupService used on opensource projects

Example 6 with UserPrincipalLookupService

use of java.nio.file.attribute.UserPrincipalLookupService in project java-chassis by ServiceComb.

the class FortifyUtils method isInSecureDir.

public static boolean isInSecureDir(Path file, UserPrincipal user, int symlinkDepth) {
    if (!file.isAbsolute()) {
        file = file.toAbsolutePath();
    }
    if (symlinkDepth <= 0) {
        // Too many levels of symbolic links
        return false;
    }
    // Get UserPrincipal for specified user and superuser
    Path fileRoot = file.getRoot();
    if (fileRoot == null) {
        return false;
    }
    FileSystem fileSystem = Paths.get(fileRoot.toString()).getFileSystem();
    UserPrincipalLookupService upls = fileSystem.getUserPrincipalLookupService();
    UserPrincipal root = null;
    try {
        if (isPosix()) {
            root = upls.lookupPrincipalByName("root");
        } else {
            root = upls.lookupPrincipalByName("Administrators");
        }
        if (user == null) {
            user = upls.lookupPrincipalByName(System.getProperty("user.name"));
        }
        if (root == null || user == null) {
            return false;
        }
    } catch (IOException x) {
        return false;
    }
    // dir is not secure
    for (int i = 1; i <= file.getNameCount(); i++) {
        Path fRoot = file.getRoot();
        if (fRoot == null) {
            return false;
        }
        Path partialPath = Paths.get(fRoot.toString(), file.subpath(0, i).toString());
        try {
            if (Files.isSymbolicLink(partialPath)) {
                if (!isInSecureDir(Files.readSymbolicLink(partialPath), user, symlinkDepth - 1)) {
                    // Symbolic link, linked-to dir not secure
                    return false;
                }
            } else {
                UserPrincipal owner = Files.getOwner(partialPath);
                if (!user.equals(owner) && !root.equals(owner)) {
                    // dir owned by someone else, not secure
                    return false;
                }
            }
        } catch (IOException x) {
            return false;
        }
    }
    return true;
}

Example 7 with UserPrincipalLookupService

use of java.nio.file.attribute.UserPrincipalLookupService in project incubator-rya by apache.

the class PathUtils method isInSecureDir.

/**
 * Indicates whether file lives in a secure directory relative to the
 * program's user.
 * @param file {@link Path} to test.
 * @param user {@link UserPrincipal} to test. If {@code null}, defaults to
 * current user.
 * @param symlinkDepth Number of symbolic links allowed.
 * @return {@code true} if file's directory is secure.
 */
public static boolean isInSecureDir(Path file, UserPrincipal user, final int symlinkDepth) {
    if (!file.isAbsolute()) {
        file = file.toAbsolutePath();
    }
    if (symlinkDepth <= 0) {
        // Too many levels of symbolic links
        return false;
    }
    // Get UserPrincipal for specified user and superuser
    final Path fileRoot = file.getRoot();
    if (fileRoot == null) {
        return false;
    }
    final FileSystem fileSystem = Paths.get(fileRoot.toString()).getFileSystem();
    final UserPrincipalLookupService upls = fileSystem.getUserPrincipalLookupService();
    UserPrincipal root = null;
    try {
        if (SystemUtils.IS_OS_UNIX) {
            root = upls.lookupPrincipalByName("root");
        } else {
            root = upls.lookupPrincipalByName("Administrators");
        }
        if (user == null) {
            user = upls.lookupPrincipalByName(System.getProperty("user.name"));
        }
        if (root == null || user == null) {
            return false;
        }
    } catch (final IOException x) {
        return false;
    }
    // If any parent dirs (from root on down) are not secure, dir is not secure
    for (int i = 1; i <= file.getNameCount(); i++) {
        final Path partialPath = Paths.get(fileRoot.toString(), file.subpath(0, i).toString());
        try {
            if (Files.isSymbolicLink(partialPath)) {
                if (!isInSecureDir(Files.readSymbolicLink(partialPath), user, symlinkDepth - 1)) {
                    // Symbolic link, linked-to dir not secure
                    return false;
                }
            } else {
                final UserPrincipal owner = Files.getOwner(partialPath);
                if (!user.equals(owner) && !root.equals(owner)) {
                    // dir owned by someone else, not secure
                    return false;
                }
            }
        } catch (final IOException x) {
            return false;
        }
    }
    return true;
}

Example 8 with UserPrincipalLookupService

use of java.nio.file.attribute.UserPrincipalLookupService in project vespa by vespa-engine.

the class UnixPath method setOwner.

public void setOwner(String owner) {
    UserPrincipalLookupService service = path.getFileSystem().getUserPrincipalLookupService();
    UserPrincipal principal = uncheck(() -> service.lookupPrincipalByName(owner), "While looking up user %s", owner);
    uncheck(() -> Files.setOwner(path, principal));
}

Example 9 with UserPrincipalLookupService

use of java.nio.file.attribute.UserPrincipalLookupService in project vespa by vespa-engine.

the class UnixPath method setGroup.

public void setGroup(String group) {
    UserPrincipalLookupService service = path.getFileSystem().getUserPrincipalLookupService();
    GroupPrincipal principal = uncheck(() -> service.lookupPrincipalByGroupName(group), "while looking up group %s", group);
    uncheck(() -> Files.getFileAttributeView(path, PosixFileAttributeView.class).setGroup(principal));
}

Example 10 with UserPrincipalLookupService

use of java.nio.file.attribute.UserPrincipalLookupService in project alluxio by Alluxio.

the class AbstractFileManager method addFile.

@Override
public boolean addFile(String fileName, String permission, byte[] content) {
    try {
        verifyFileName(fileName);
        Path path = Paths.get(getNextFilePath(fileName));
        short perm = Short.parseShort(permission, 8);
        Mode mode = new Mode(perm);
        Set<PosixFilePermission> permissions = PosixFilePermissions.fromString(mode.toString());
        FileAttribute<?> fileAttribute = PosixFilePermissions.asFileAttribute(permissions);
        Files.deleteIfExists(path);
        path = Files.createFile(path, fileAttribute);
        FileSystem fileSystem = path.getFileSystem();
        UserPrincipalLookupService service = fileSystem.getUserPrincipalLookupService();
        UserPrincipal userPrincipal = service.lookupPrincipalByName(mUser);
        GroupPrincipal groupPrincipal = service.lookupPrincipalByGroupName(mGroup);
        Files.write(path, content);
        Files.setOwner(path, userPrincipal);
        Files.getFileAttributeView(path, PosixFileAttributeView.class, LinkOption.NOFOLLOW_LINKS).setGroup(groupPrincipal);
        // sometimes umask is applied, so forcefully set permissions
        Files.setPosixFilePermissions(path, permissions);
        return true;
    } catch (InvalidPathException | IOException | AlluxioException e) {
        LOG.warn("Failed to add file {} to version manager", fileName, e);
        return false;
    }
}