Example 26 with Permission
use of org.exist.security.Permission in project exist by eXist-db.
the class Deployment method storeRepoXML.
/**
* Store repo.xml into the db. Adds the time of deployment to the descriptor.
*
* @param repoXML
* @param targetCollection
* @throws XPathException
*/
private void storeRepoXML(final DBBroker broker, final Txn transaction, final DocumentImpl repoXML, final XmldbURI targetCollection, final Optional<RequestedPerms> requestedPerms) throws PackageException, XPathException {
// Store repo.xml
final DateTimeValue time = new DateTimeValue(new Date());
final MemTreeBuilder builder = new MemTreeBuilder();
builder.startDocument();
final UpdatingDocumentReceiver receiver = new UpdatingDocumentReceiver(builder, time.getStringValue());
try {
repoXML.copyTo(broker, receiver);
} catch (final SAXException e) {
throw new PackageException("Error while updating repo.xml in-memory: " + e.getMessage(), e);
}
builder.endDocument();
final DocumentImpl updatedXML = builder.getDocument();
try {
final Collection collection = broker.getOrCreateCollection(transaction, targetCollection);
final XmldbURI name = XmldbURI.createInternal("repo.xml");
final Permission permission = PermissionFactory.getDefaultResourcePermission(broker.getBrokerPool().getSecurityManager());
setPermissions(broker, requestedPerms, false, MimeType.XML_TYPE, permission);
collection.storeDocument(transaction, broker, name, updatedXML, MimeType.XML_TYPE, null, null, permission, null, null);
} catch (final PermissionDeniedException | IOException | SAXException | LockException | EXistException e) {
throw new PackageException("Error while storing updated repo.xml: " + e.getMessage(), e);
}
}
Also used :
DateTimeValue(org.exist.xquery.value.DateTimeValue)
IOException(java.io.IOException)
EXistException(org.exist.EXistException)
SAXException(org.xml.sax.SAXException)
UnixStylePermission(org.exist.security.UnixStylePermission)
Permission(org.exist.security.Permission)
Collection(org.exist.collections.Collection)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
XmldbURI(org.exist.xmldb.XmldbURI)
Example 27 with Permission
use of org.exist.security.Permission in project exist by eXist-db.
the class PermissionFactory method getPermission.
public static Permission getPermission(final SecurityManager sm, final String userName, final String groupName, final int mode) {
Permission permission = null;
try {
final Account owner = sm.getAccount(userName);
if (owner == null) {
throw new IllegalArgumentException("User was not found '" + (userName == null ? "" : userName) + "'");
}
final Group group = sm.getGroup(groupName);
if (group == null) {
throw new IllegalArgumentException("Group was not found '" + (userName == null ? "" : groupName) + "'");
}
permission = new SimpleACLPermission(sm, owner.getId(), group.getId(), mode);
} catch (final Throwable ex) {
LOG.error("Exception while instantiating security permission class.", ex);
}
return permission;
}
Also used :
Permission(org.exist.security.Permission)
Example 28 with Permission
use of org.exist.security.Permission in project exist by eXist-db.
the class PermissionFactory method updatePermissions.
private static void updatePermissions(final DBBroker broker, final Txn transaction, final XmldbURI pathUri, final ConsumerE<Permission, PermissionDeniedException> permissionModifier) throws PermissionDeniedException {
final BrokerPool brokerPool = broker.getBrokerPool();
try {
try (final Collection collection = broker.openCollection(pathUri, LockMode.WRITE_LOCK)) {
if (collection == null) {
try (final LockedDocument lockedDoc = broker.getXMLResource(pathUri, LockMode.WRITE_LOCK)) {
if (lockedDoc == null) {
throw new XPathException("Resource or collection '" + pathUri.toString() + "' does not exist.");
}
final DocumentImpl doc = lockedDoc.getDocument();
// // keep a write lock in the transaction
// transaction.acquireDocumentLock(() -> brokerPool.getLockManager().acquireDocumentWriteLock(doc.getURI()));
final Permission permissions = doc.getPermissions();
permissionModifier.accept(permissions);
broker.storeXMLResource(transaction, doc);
}
} else {
// // keep a write lock in the transaction
// transaction.acquireCollectionLock(() -> brokerPool.getLockManager().acquireCollectionWriteLock(collection.getURI()));
final Permission permissions = collection.getPermissionsNoLock();
permissionModifier.accept(permissions);
broker.saveCollection(transaction, collection);
}
broker.flush();
}
} catch (final XPathException | PermissionDeniedException | IOException e) {
throw new PermissionDeniedException("Permission to modify permissions is denied for user '" + broker.getCurrentSubject().getName() + "' on '" + pathUri.toString() + "': " + e.getMessage(), e);
}
}
Also used :
XPathException(org.exist.xquery.XPathException)
LockedDocument(org.exist.dom.persistent.LockedDocument)
Permission(org.exist.security.Permission)
Collection(org.exist.collections.Collection)
IOException(java.io.IOException)
DocumentImpl(org.exist.dom.persistent.DocumentImpl)
BrokerPool(org.exist.storage.BrokerPool)
Example 29 with Permission
use of org.exist.security.Permission in project exist by eXist-db.
the class XQuery method execute.
public Sequence execute(final DBBroker broker, final CompiledXQuery expression, Sequence contextSequence, final Properties outputProperties, final boolean resetContext) throws XPathException, PermissionDeniedException {
// check execute permissions
if (expression.getContext().getSource() instanceof DBSource) {
((DBSource) expression.getContext().getSource()).validate(Permission.EXECUTE);
}
final long start = System.currentTimeMillis();
final XQueryContext context = expression.getContext();
expression.reset();
if (resetContext) {
// context.setBroker(broker);
context.getWatchDog().reset();
}
if (context.requireDebugMode()) {
final Debuggee debuggee = broker.getBrokerPool().getDebuggee();
if (debuggee != null) {
debuggee.joint(expression);
}
}
// do any preparation before execution
context.prepareForExecution();
final Subject callingUser = broker.getCurrentSubject();
// if setUid or setGid, become Effective User
EffectiveSubject effectiveSubject = null;
final Source src = expression.getContext().getSource();
if (src instanceof DBSource) {
final DBSource dbSrc = (DBSource) src;
final Permission perm = dbSrc.getPermissions();
if (perm.isSetUid()) {
if (perm.isSetGid()) {
// setUid and SetGid
effectiveSubject = new EffectiveSubject(perm.getOwner(), perm.getGroup());
} else {
// just setUid
effectiveSubject = new EffectiveSubject(perm.getOwner());
}
} else if (perm.isSetGid()) {
// just setGid, so we use the current user as the effective user
effectiveSubject = new EffectiveSubject(callingUser, perm.getGroup());
}
}
try {
if (effectiveSubject != null) {
// switch to effective user (e.g. setuid/setgid)
broker.pushSubject(effectiveSubject);
}
context.getProfiler().traceQueryStart();
broker.getBrokerPool().getProcessMonitor().queryStarted(context.getWatchDog());
try {
// support for XQuery 3.0 - declare context item :=
if (contextSequence == null) {
if (context.getContextItemDeclartion() != null) {
contextSequence = context.getContextItemDeclartion().eval(null, null);
}
}
final Sequence result = expression.eval(contextSequence);
if (LOG.isDebugEnabled()) {
final NumberFormat nf = NumberFormat.getNumberInstance();
LOG.debug("Execution took {} ms", nf.format(System.currentTimeMillis() - start));
}
if (outputProperties != null) {
// must be done before context.reset!
context.checkOptions(outputProperties);
}
return result;
} finally {
context.getProfiler().traceQueryEnd(context);
// track query stats before context is reset
broker.getBrokerPool().getProcessMonitor().queryCompleted(context.getWatchDog());
expression.reset();
if (resetContext) {
context.reset();
}
}
} finally {
if (effectiveSubject != null) {
broker.popSubject();
}
}
}
Also used :
EffectiveSubject(org.exist.security.EffectiveSubject)
Debuggee(org.exist.debuggee.Debuggee)
Permission(org.exist.security.Permission)
DBSource(org.exist.source.DBSource)
Sequence(org.exist.xquery.value.Sequence)
Subject(org.exist.security.Subject)
EffectiveSubject(org.exist.security.EffectiveSubject)
StringSource(org.exist.source.StringSource)
Source(org.exist.source.Source)
DBSource(org.exist.source.DBSource)
FileSource(org.exist.source.FileSource)
NumberFormat(java.text.NumberFormat)
Example 30 with Permission
use of org.exist.security.Permission in project exist by eXist-db.
the class RpcConnection method describeResource.
private Map<String, Object> describeResource(final XmldbURI resourceUri) throws EXistException, PermissionDeniedException {
try {
return this.<Map<String, Object>>readDocument(resourceUri).apply((document, broker, transaction) -> {
final Map<String, Object> hash = new HashMap<>(11);
final Permission perms = document.getPermissions();
hash.put("name", resourceUri.toString());
hash.put("owner", perms.getOwner().getName());
hash.put("group", perms.getGroup().getName());
hash.put("permissions", perms.getMode());
if (perms instanceof ACLPermission) {
hash.put("acl", getACEs(perms));
}
hash.put("type", document.getResourceType() == DocumentImpl.BINARY_FILE ? "BinaryResource" : "XMLResource");
final long resourceLength = document.getContentLength();
hash.put("content-length", (resourceLength > (long) Integer.MAX_VALUE) ? Integer.MAX_VALUE : (int) resourceLength);
hash.put("content-length-64bit", Long.toString(resourceLength));
hash.put("mime-type", document.getMimeType());
hash.put("created", new Date(document.getCreated()));
hash.put("modified", new Date(document.getLastModified()));
if (document.getResourceType() == DocumentImpl.BINARY_FILE) {
hash.put("blob-id", ((BinaryDocument) document).getBlobId().getId());
final MessageDigest messageDigest = broker.getBinaryResourceContentDigest(transaction, (BinaryDocument) document, DigestType.BLAKE_256);
hash.put("digest-algorithm", messageDigest.getDigestType().getCommonNames()[0]);
hash.put("digest", messageDigest.getValue());
}
return hash;
});
} catch (final EXistException e) {
if (LOG.isDebugEnabled()) {
LOG.debug(e);
}
return new HashMap<>();
}
}
Also used :
ACLPermission(org.exist.security.ACLPermission)
ACLPermission(org.exist.security.ACLPermission)
Permission(org.exist.security.Permission)
EXistException(org.exist.EXistException)
MessageDigest(org.exist.util.crypto.digest.MessageDigest)
Aggregations
Permission (org.exist.security.Permission)49
XmldbURI (org.exist.xmldb.XmldbURI)23
PermissionDeniedException (org.exist.security.PermissionDeniedException)19
ACLPermission (org.exist.security.ACLPermission)18
Collection (org.exist.collections.Collection)17
Test (org.junit.Test)14
IOException (java.io.IOException)11
Subject (org.exist.security.Subject)11
SAXException (org.xml.sax.SAXException)9
EXistException (org.exist.EXistException)7
DocumentImpl (org.exist.dom.persistent.DocumentImpl)7
ACEAider (org.exist.security.internal.aider.ACEAider)7
Txn (org.exist.storage.txn.Txn)6
XMLDBException (org.xmldb.api.base.XMLDBException)6
URISyntaxException (java.net.URISyntaxException)4
XMLStreamException (javax.xml.stream.XMLStreamException)4
Account (org.exist.security.Account)4
TerminatedException (org.exist.xquery.TerminatedException)4
XPathException (org.exist.xquery.XPathException)4
DateTimeValue (org.exist.xquery.value.DateTimeValue)4
