use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class ResourceDeferredPermission method apply.
@Override
public void apply(final DBBroker broker, final Txn transaction) {
try (final LockedDocument lockedDoc = broker.getXMLResource(getTarget(), Lock.LockMode.WRITE_LOCK)) {
final DocumentImpl doc = lockedDoc.getDocument();
final Permission permission = doc.getPermissions();
PermissionFactory.chown(broker, permission, Optional.ofNullable(getOwner()), Optional.ofNullable(getGroup()));
PermissionFactory.chmod(broker, permission, Optional.of(getMode()), Optional.ofNullable(permission instanceof ACLPermission ? getAces() : null));
broker.storeXMLResource(transaction, doc);
} catch (final PermissionDeniedException e) {
final String msg = "ERROR: Failed to set permissions on Document '" + getTarget() + "'.";
LOG.error(msg, e);
getListener().warn(msg);
}
}
use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class CreateBackupDialog method getAllCollections.
private void getAllCollections(final Collection collection, final Vector<String> collections) throws XMLDBException {
collections.add(collection.getName());
final String[] childCollections = collection.listChildCollections();
Collection child = null;
for (final String childCollection : childCollections) {
try {
child = collection.getChildCollection(childCollection);
} catch (final XMLDBException xmldbe) {
if (xmldbe.getCause() instanceof PermissionDeniedException) {
continue;
} else {
throw xmldbe;
}
} catch (final Exception npe) {
System.out.println("Corrupted resource/collection skipped: " + child != null ? child.getName() != null ? child.getName() : "unknown" : "unknown");
continue;
}
try {
getAllCollections(child, collections);
} catch (final Exception ee) {
System.out.println("Corrupted resource/collection skipped: " + child != null ? child.getName() != null ? child.getName() : "unknown" : "unknown");
continue;
}
}
}
use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class ExportMain method process.
private static void process(final ParsedArguments arguments) {
final boolean verbose = getBool(arguments, verboseArg);
final boolean noCheck = getBool(arguments, noCheckArg);
final boolean checkDocs = getBool(arguments, checkDocsArg);
final boolean direct = getBool(arguments, directAccessArg);
boolean export = getBool(arguments, exportArg);
final boolean noExport = getBool(arguments, noExportArg);
if (noExport) {
export = false;
}
final boolean incremental = getBool(arguments, incrementalArg);
boolean zip = getBool(arguments, zipArg);
final boolean noZip = getBool(arguments, noZipArg);
if (noZip) {
zip = false;
}
final Optional<Path> dbConfig = getOpt(arguments, configArg).map(File::toPath);
final Path exportTarget = arguments.get(outputDirArg).toPath();
final BrokerPool pool = startDB(dbConfig);
if (pool == null) {
System.exit(SystemExitCodes.CATCH_ALL_GENERAL_ERROR_EXIT_CODE);
}
// return value
int retval = 0;
try (final DBBroker broker = pool.get(Optional.of(pool.getSecurityManager().getSystemSubject()));
final Txn transaction = pool.getTransactionManager().beginTransaction()) {
List<ErrorReport> errors = null;
if (!noCheck) {
final ConsistencyCheck checker = new ConsistencyCheck(broker, transaction, direct, checkDocs);
errors = checker.checkAll(new CheckCallback());
}
if (errors != null && !errors.isEmpty()) {
System.err.println("ERRORS FOUND.");
retval = 1;
} else {
System.out.println("No errors.");
}
if (export) {
if (!Files.exists(exportTarget)) {
Files.createDirectories(exportTarget);
} else if (!Files.isDirectory(exportTarget)) {
System.err.println("Output dir already exists and is a file: " + exportTarget.toAbsolutePath().toString());
System.exit(SystemExitCodes.INVALID_ARGUMENT_EXIT_CODE);
}
final SystemExport sysexport = new SystemExport(broker, transaction, new Callback(verbose), null, direct);
sysexport.export(exportTarget.toAbsolutePath().toString(), incremental, zip, errors);
}
transaction.commit();
} catch (final EXistException e) {
System.err.println("ERROR: Failed to retrieve database broker: " + e.getMessage());
retval = SystemExitCodes.NO_BROKER_EXIT_CODE;
} catch (final TerminatedException e) {
System.err.println("WARN: Export was terminated by db.");
retval = SystemExitCodes.TERMINATED_EARLY_EXIT_CODE;
} catch (final PermissionDeniedException pde) {
System.err.println("ERROR: Failed to retrieve database data: " + pde.getMessage());
retval = SystemExitCodes.PERMISSION_DENIED_EXIT_CODE;
} catch (final IOException ioe) {
System.err.println("ERROR: Failed to retrieve database data: " + ioe.getMessage());
retval = SystemExitCodes.IO_ERROR_EXIT_CODE;
} finally {
BrokerPool.stopAll(false);
}
System.exit(retval);
}
use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class RestoreHandler method restoreCollectionEntry.
private DeferredPermission restoreCollectionEntry(final Attributes atts) throws SAXException {
final String name = atts.getValue("name");
if (name == null) {
throw new SAXException("Collection requires a name attribute");
}
final String owner = getAttr(atts, "owner", SecurityManager.SYSTEM);
final String group = getAttr(atts, "group", SecurityManager.DBA_GROUP);
final String mode = getAttr(atts, "mode", "644");
final String created = atts.getValue("created");
final String strVersion = atts.getValue("version");
if (strVersion != null) {
try {
this.version = Integer.parseInt(strVersion);
} catch (final NumberFormatException nfe) {
final String msg = "Could not parse version number for Collection '" + name + "', defaulting to version 0";
listener.warn(msg);
LOG.warn(msg);
this.version = 0;
}
}
try {
listener.createdCollection(name);
final XmldbURI collUri;
if (version >= STRICT_URI_VERSION) {
collUri = XmldbURI.create(name);
} else {
try {
collUri = URIUtils.encodeXmldbUriFor(name);
} catch (final URISyntaxException e) {
listener.warn("Could not parse document name into a URI: " + e.getMessage());
return new SkippedEntryDeferredPermission();
}
}
if (version >= BLOB_STORE_VERSION) {
this.deduplicateBlobs = Boolean.parseBoolean(atts.getValue("deduplicate-blobs"));
} else {
this.deduplicateBlobs = false;
}
final LockManager lockManager = broker.getBrokerPool().getLockManager();
try (final Txn transaction = beginTransaction();
final ManagedCollectionLock colLock = lockManager.acquireCollectionWriteLock(collUri)) {
Collection collection = broker.getCollection(collUri);
if (collection == null) {
final Tuple2<Permission, Long> creationAttributes = Tuple(null, getDateFromXSDateTimeStringForItem(created, name).getTime());
collection = broker.getOrCreateCollection(transaction, collUri, Optional.of(creationAttributes));
broker.saveCollection(transaction, collection);
}
transaction.commit();
this.currentCollectionUri = collection.getURI();
}
final DeferredPermission deferredPermission;
if (name.startsWith(XmldbURI.SYSTEM_COLLECTION)) {
// prevents restore of a backup from changing System collection ownership
deferredPermission = new CollectionDeferredPermission(listener, currentCollectionUri, SecurityManager.SYSTEM, SecurityManager.DBA_GROUP, Integer.parseInt(mode, 8));
} else {
deferredPermission = new CollectionDeferredPermission(listener, currentCollectionUri, owner, group, Integer.parseInt(mode, 8));
}
return deferredPermission;
} catch (final IOException | LockException | TransactionException | PermissionDeniedException e) {
final String msg = "An unrecoverable error occurred while restoring collection '" + name + "': " + e.getMessage() + ". Aborting restore!";
LOG.error(msg, e);
listener.warn(msg);
throw new SAXException(msg, e);
}
}
use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class XQueryTrigger method finish.
private void finish(int event, DBBroker broker, Txn transaction, XmldbURI src, XmldbURI dst, boolean isCollection) {
// get the query
final Source query = getQuerySource(broker);
if (query == null) {
return;
}
// avoid infinite recursion by allowing just one trigger per thread
if (!TriggerStatePerThread.verifyUniqueTriggerPerThreadBeforeFinish(this, src)) {
return;
}
final XQueryContext context = new XQueryContext(broker.getBrokerPool());
CompiledXQuery compiledQuery = null;
try {
// compile the XQuery
compiledQuery = service.compile(context, query);
// declare external variables
context.declareVariable(bindingPrefix + "type", EVENT_TYPE_FINISH);
context.declareVariable(bindingPrefix + "event", new StringValue(eventToString(event)));
if (isCollection) {
context.declareVariable(bindingPrefix + "collection", new AnyURIValue(src));
} else {
context.declareVariable(bindingPrefix + "collection", new AnyURIValue(src.removeLastSegment()));
}
context.declareVariable(bindingPrefix + "uri", new AnyURIValue(src));
if (dst == null) {
context.declareVariable(bindingPrefix + "new-uri", Sequence.EMPTY_SEQUENCE);
} else {
context.declareVariable(bindingPrefix + "new-uri", new AnyURIValue(dst));
}
// For backward compatibility
context.declareVariable(bindingPrefix + "eventType", EVENT_TYPE_FINISH);
context.declareVariable(bindingPrefix + "triggerEvent", new StringValue(eventToString(event)));
if (isCollection) {
context.declareVariable(bindingPrefix + "collectionName", new AnyURIValue(src));
} else {
context.declareVariable(bindingPrefix + "collectionName", new AnyURIValue(src.removeLastSegment()));
context.declareVariable(bindingPrefix + "documentName", new AnyURIValue(src));
}
// declare user defined parameters as external variables
for (Object o : userDefinedVariables.keySet()) {
final String varName = (String) o;
final String varValue = userDefinedVariables.getProperty(varName);
context.declareVariable(bindingPrefix + varName, new StringValue(varValue));
}
} catch (final XPathException | IOException | PermissionDeniedException e) {
// Should never be reached
LOG.error(e);
}
// execute the XQuery
try {
// TODO : should we provide another contextSet ?
final NodeSet contextSet = NodeSet.EMPTY_SET;
service.execute(broker, compiledQuery, contextSet);
// TODO : should we have a special processing ?
} catch (final XPathException e) {
// Should never be reached
LOG.error("Error during trigger finish", e);
} catch (final PermissionDeniedException e) {
// Should never be reached
LOG.error(e);
}
TriggerStatePerThread.setTriggerRunningState(TriggerStatePerThread.NO_TRIGGER_RUNNING, this, null);
TriggerStatePerThread.setTransaction(null);
LOG.debug("Trigger fired for finish");
}
Aggregations