Examples with SRMAuthorizationException org.dcache.srm.SRMAuthorizationException used on opensource projects

Example 1 with SRMAuthorizationException

use of org.dcache.srm.SRMAuthorizationException in project dcache by dCache.

the class LsFileRequest method getRecursiveMetaDataPathDetail.

private void getRecursiveMetaDataPathDetail(TMetaDataPathDetail metaDataPathDetail, FileMetaData fmd, int depth, long offset, long count, int recursionDepth, boolean longFormat) throws SRMException, URISyntaxException {
    if (!fmd.isDirectory || depth >= recursionDepth) {
        return;
    }
    List<FileMetaData> directoryList;
    URI surl = new URI(null, null, metaDataPathDetail.getPath(), null);
    // rely on our own counting
    if (offset == 0) {
        // 
        // if offset=0, trivial case, just grab information w/ verbosity level
        // provided by the user
        // 
        directoryList = getStorage().listDirectory(getUser(), surl, longFormat, 0, (int) count);
    } else {
        // 
        // if offset!=0, we loop over direntries in non-verbose mode until
        // we hit offset, then start getting information with verbosity
        // level specified by the user by calling getStorage().getFileMetaData on
        // each entry
        // 
        directoryList = getStorage().listDirectory(getUser(), surl, false, 0, Integer.MAX_VALUE);
    }
    // 
    // sort list such that directories are at the end of the list after
    // sorting. The intent is to leave the recursion calls at the
    // end of the tree, so we have less chance to even get there
    // 
    Collections.sort(directoryList, DIRECTORY_LAST_ORDER);
    List<TMetaDataPathDetail> metadataPathDetailList = new LinkedList<>();
    for (FileMetaData md : directoryList) {
        URI subpath = new URI(null, null, md.SURL, null);
        TMetaDataPathDetail dirMetaDataPathDetail;
        if (offset == 0) {
            dirMetaDataPathDetail = convertFileMetaDataToTMetaDataPathDetail(subpath, md, longFormat);
        } else {
            FileMetaData fileMetaData = md;
            if (!getContainerRequest().shouldSkipThisRecord()) {
                if (longFormat) {
                    fileMetaData = getStorage().getFileMetaData(getUser(), subpath, false);
                }
                dirMetaDataPathDetail = convertFileMetaDataToTMetaDataPathDetail(subpath, fileMetaData, longFormat);
            } else {
                // 
                // skip this record - meaning count it, and request only minimal details, do not store it
                // 
                dirMetaDataPathDetail = convertFileMetaDataToTMetaDataPathDetail(subpath, fileMetaData, false);
            }
        }
        if (!getContainerRequest().shouldSkipThisRecord()) {
            metadataPathDetailList.add(dirMetaDataPathDetail);
            try {
                if (!getContainerRequest().increaseResultsNumAndContinue()) {
                    break;
                }
            } catch (SRMTooManyResultsException e) {
                metaDataPathDetail.setStatus(new TReturnStatus(TStatusCode.SRM_FAILURE, e.getMessage()));
                break;
            }
        }
        // 
        // increment global entries counter
        // 
        getContainerRequest().incrementGlobalEntryCounter();
        if (md.isDirectory) {
            try {
                getRecursiveMetaDataPathDetail(dirMetaDataPathDetail, md, depth + 1, offset, count, recursionDepth, longFormat);
            } catch (SRMException e) {
                String msg = e.getMessage();
                if (e instanceof SRMAuthorizationException) {
                    dirMetaDataPathDetail.setStatus(new TReturnStatus(TStatusCode.SRM_AUTHORIZATION_FAILURE, msg));
                } else if (e instanceof SRMInvalidPathException) {
                    dirMetaDataPathDetail.setStatus(new TReturnStatus(TStatusCode.SRM_INVALID_PATH, msg));
                } else {
                    dirMetaDataPathDetail.setStatus(new TReturnStatus(TStatusCode.SRM_FAILURE, msg));
                }
            }
        }
    }
    metaDataPathDetail.setArrayOfSubPaths(new ArrayOfTMetaDataPathDetail(metadataPathDetailList.toArray(TMetaDataPathDetail[]::new)));
}

Example 2 with SRMAuthorizationException

use of org.dcache.srm.SRMAuthorizationException in project dcache by dCache.

the class SrmHandler method handleRequest.

public Object handleRequest(String requestName, Object request) throws RemoteException {
    long startTimeStamp = System.currentTimeMillis();
    // requestName values all start "srm".  This is redundant, so may
    // be removed when creating the session id.  The initial character is
    // converted to lowercase, so "srmPrepareToPut" becomes "prepareToPut".
    String session = "srm2:" + Character.toLowerCase(requestName.charAt(3)) + requestName.substring(4);
    try (JDC ignored = JDC.createSession(session)) {
        for (RequestLogger logger : loggers) {
            logger.request(requestName, request);
        }
        Subject user = Subject.getSubject(AccessController.getContext());
        Object response;
        if (requestName.equals("srmPing")) {
            // Ping is special as it isn't authenticated and unable to return a failure
            response = new SrmPingResponse("v2.2", pingExtraInfo);
        } else {
            try {
                response = dispatch(user, requestName, request);
            } catch (SRMInternalErrorException e) {
                LOGGER.error(e.getMessage());
                response = getFailedResponse(requestName, e.getStatusCode(), "Authentication failed (server log contains additional information).");
            } catch (SRMAuthorizationException e) {
                LOGGER.info(e.getMessage());
                response = getFailedResponse(requestName, e.getStatusCode(), "Permission denied.");
            } catch (SRMAuthenticationException e) {
                LOGGER.warn(e.getMessage());
                response = getFailedResponse(requestName, e.getStatusCode(), "Authentication failed (server log contains additional information).");
            } catch (SRMException e) {
                response = getFailedResponse(requestName, e.getStatusCode(), e.getMessage());
            } catch (PermissionDeniedCacheException e) {
                response = getFailedResponse(requestName, TStatusCode.SRM_AUTHORIZATION_FAILURE, e.getMessage());
            } catch (CacheException e) {
                response = getFailedResponse(requestName, TStatusCode.SRM_INTERNAL_ERROR, e.getMessage());
            } catch (InterruptedException e) {
                response = getFailedResponse(requestName, TStatusCode.SRM_FATAL_INTERNAL_ERROR, "Server shutdown.");
            } catch (NoRouteToCellException e) {
                LOGGER.error(e.getMessage());
                response = getFailedResponse(requestName, TStatusCode.SRM_INTERNAL_ERROR, "SRM backend serving this request is currently offline.");
            }
        }
        long time = System.currentTimeMillis() - startTimeStamp;
        for (RequestLogger logger : loggers) {
            logger.response(requestName, request, response, user, time);
        }
        return response;
    }
}

Example 3 with SRMAuthorizationException

use of org.dcache.srm.SRMAuthorizationException in project dcache by dCache.

the class PinCompanion method fail.

private void fail(int rc, String error) {
    switch(rc) {
        case FILE_NOT_FOUND:
            setException(new SRMInvalidPathException("No such file."));
            break;
        case FILE_NOT_IN_REPOSITORY:
            _log.warn("Pinning failed for {} ({})", _path, error);
            setException(new SRMFileUnvailableException(error));
            break;
        case PERMISSION_DENIED:
            _log.warn("Pinning failed for {} ({})", _path, error);
            setException(new SRMAuthorizationException(error));
            break;
        case TIMEOUT:
            _log.info("Pinning failed: {}", error);
            setException(new SRMInternalErrorException("Pin operation timed out"));
            break;
        default:
            _log.error("Pinning failed for {} [rc={},msg={}].", _path, rc, error);
            String reason = String.format("Failed to pin file [rc=%d,msg=%s].", rc, error);
            setException(new SRMException(reason));
            break;
    }
    _state = new FailedState();
}

Example 4 with SRMAuthorizationException

use of org.dcache.srm.SRMAuthorizationException in project dcache by dCache.

the class SrmShell method cd.

@SuppressWarnings("fallthrough")
private void cd(String path) throws URI.MalformedURIException, RemoteException, SRMException, InterruptedException {
    if (!path.endsWith("/")) {
        path = path + "/";
    }
    URI uri = new URI(pwd, path);
    checkValidPath(fs.stat(uri).getType() == TFileType.DIRECTORY, "Not a directory");
    switch(checkCdPermission) {
        case SRM_CHECK_PERMISSION:
            try {
                TPermissionMode permission = fs.checkPermission(uri);
                if (permission != TPermissionMode.RWX && permission != TPermissionMode.RX && permission != TPermissionMode.WX && permission != TPermissionMode.X) {
                    throw new SRMAuthorizationException("Access denied");
                }
                break;
            } catch (SRMNotSupportedException e) {
                /* StoRM does not support checkPermission:
                     *
                     *     https://ggus.eu/index.php?mode=ticket_info&ticket_id=124634
                     */
                notifications.add("The CheckPermission operation is not supported, using directory listing instead.");
                checkCdPermission = PermissionOperation.SRM_LS;
            // fall-through: use srmLs
            }
        case SRM_LS:
            fs.list(uri, false);
    }
    pwd = uri;
}

Example 5 with SRMAuthorizationException

use of org.dcache.srm.SRMAuthorizationException in project dcache by dCache.

the class Storage method putDone.

@Override
public void putDone(SRMUser user, String localTransferPath, URI surl, boolean overwrite) throws SRMException {
    try {
        Subject subject = asDcacheUser(user).getSubject();
        Restriction restriction = asDcacheUser(user).getRestriction();
        FsPath fullPath = getPath(surl);
        checkNonBrokenUpload(localTransferPath);
        EnumSet<CreateOption> options = EnumSet.noneOf(CreateOption.class);
        if (overwrite) {
            options.add(CreateOption.OVERWRITE_EXISTING);
        }
        PnfsCommitUpload msg = new PnfsCommitUpload(subject, restriction, FsPath.create(localTransferPath), fullPath, options, EnumSet.of(PNFSID, SIZE, STORAGEINFO));
        msg = _pnfsStub.sendAndWait(msg);
        DoorRequestInfoMessage infoMsg = new DoorRequestInfoMessage(getCellAddress());
        infoMsg.setSubject(subject);
        infoMsg.setBillingPath(fullPath.toString());
        infoMsg.setTransferPath(localTransferPath);
        infoMsg.setTransaction(CDC.getSession());
        infoMsg.setPnfsId(msg.getFileAttributes().getPnfsId());
        infoMsg.setResult(0, "");
        infoMsg.setFileSize(msg.getFileAttributes().getSizeIfPresent().orElse(0L));
        infoMsg.setStorageInfo(msg.getFileAttributes().getStorageInfo());
        Origin origin = Subjects.getOrigin(subject);
        if (origin != null) {
            infoMsg.setClient(origin.getAddress().getHostAddress());
        }
        _billingStub.notify(infoMsg);
    } catch (FileNotFoundCacheException e) {
        throw new SRMInvalidPathException(e.getMessage(), e);
    } catch (FileIsNewCacheException | FileCorruptedCacheException e) {
        throw new SRMException(e.getMessage(), e);
    } catch (PermissionDeniedCacheException e) {
        throw new SRMAuthorizationException("Permission denied.", e);
    } catch (FileExistsCacheException e) {
        throw new SRMDuplicationException(surl + " exists.", e);
    } catch (CacheException e) {
        throw new SRMInternalErrorException(e.getMessage(), e);
    } catch (InterruptedException e) {
        throw new SRMInternalErrorException("Operation interrupted", e);
    } catch (NoRouteToCellException e) {
        throw new SRMInternalErrorException("Internal communication failure", e);
    }
}