Search in sources :

Example 6 with PermissionDeniedException

use of org.exist.security.PermissionDeniedException in project exist by eXist-db.

the class ResourceDeferredPermission method apply.

@Override
public void apply(final DBBroker broker, final Txn transaction) {
    try (final LockedDocument lockedDoc = broker.getXMLResource(getTarget(), Lock.LockMode.WRITE_LOCK)) {
        final DocumentImpl doc = lockedDoc.getDocument();
        final Permission permission = doc.getPermissions();
        PermissionFactory.chown(broker, permission, Optional.ofNullable(getOwner()), Optional.ofNullable(getGroup()));
        PermissionFactory.chmod(broker, permission, Optional.of(getMode()), Optional.ofNullable(permission instanceof ACLPermission ? getAces() : null));
        broker.storeXMLResource(transaction, doc);
    } catch (final PermissionDeniedException e) {
        final String msg = "ERROR: Failed to set permissions on Document '" + getTarget() + "'.";
        LOG.error(msg, e);
        getListener().warn(msg);
    }
}
Also used : ACLPermission(org.exist.security.ACLPermission) LockedDocument(org.exist.dom.persistent.LockedDocument) ACLPermission(org.exist.security.ACLPermission) Permission(org.exist.security.Permission) PermissionDeniedException(org.exist.security.PermissionDeniedException) DocumentImpl(org.exist.dom.persistent.DocumentImpl)

Example 7 with PermissionDeniedException

use of org.exist.security.PermissionDeniedException in project exist by eXist-db.

the class CreateBackupDialog method getAllCollections.

private void getAllCollections(final Collection collection, final Vector<String> collections) throws XMLDBException {
    collections.add(collection.getName());
    final String[] childCollections = collection.listChildCollections();
    Collection child = null;
    for (final String childCollection : childCollections) {
        try {
            child = collection.getChildCollection(childCollection);
        } catch (final XMLDBException xmldbe) {
            if (xmldbe.getCause() instanceof PermissionDeniedException) {
                continue;
            } else {
                throw xmldbe;
            }
        } catch (final Exception npe) {
            System.out.println("Corrupted resource/collection skipped: " + child != null ? child.getName() != null ? child.getName() : "unknown" : "unknown");
            continue;
        }
        try {
            getAllCollections(child, collections);
        } catch (final Exception ee) {
            System.out.println("Corrupted resource/collection skipped: " + child != null ? child.getName() != null ? child.getName() : "unknown" : "unknown");
            continue;
        }
    }
}
Also used : Collection(org.xmldb.api.base.Collection) XMLDBException(org.xmldb.api.base.XMLDBException) PermissionDeniedException(org.exist.security.PermissionDeniedException) XMLDBException(org.xmldb.api.base.XMLDBException) PermissionDeniedException(org.exist.security.PermissionDeniedException)

Example 8 with PermissionDeniedException

use of org.exist.security.PermissionDeniedException in project exist by eXist-db.

the class ExportMain method process.

private static void process(final ParsedArguments arguments) {
    final boolean verbose = getBool(arguments, verboseArg);
    final boolean noCheck = getBool(arguments, noCheckArg);
    final boolean checkDocs = getBool(arguments, checkDocsArg);
    final boolean direct = getBool(arguments, directAccessArg);
    boolean export = getBool(arguments, exportArg);
    final boolean noExport = getBool(arguments, noExportArg);
    if (noExport) {
        export = false;
    }
    final boolean incremental = getBool(arguments, incrementalArg);
    boolean zip = getBool(arguments, zipArg);
    final boolean noZip = getBool(arguments, noZipArg);
    if (noZip) {
        zip = false;
    }
    final Optional<Path> dbConfig = getOpt(arguments, configArg).map(File::toPath);
    final Path exportTarget = arguments.get(outputDirArg).toPath();
    final BrokerPool pool = startDB(dbConfig);
    if (pool == null) {
        System.exit(SystemExitCodes.CATCH_ALL_GENERAL_ERROR_EXIT_CODE);
    }
    // return value
    int retval = 0;
    try (final DBBroker broker = pool.get(Optional.of(pool.getSecurityManager().getSystemSubject()));
        final Txn transaction = pool.getTransactionManager().beginTransaction()) {
        List<ErrorReport> errors = null;
        if (!noCheck) {
            final ConsistencyCheck checker = new ConsistencyCheck(broker, transaction, direct, checkDocs);
            errors = checker.checkAll(new CheckCallback());
        }
        if (errors != null && !errors.isEmpty()) {
            System.err.println("ERRORS FOUND.");
            retval = 1;
        } else {
            System.out.println("No errors.");
        }
        if (export) {
            if (!Files.exists(exportTarget)) {
                Files.createDirectories(exportTarget);
            } else if (!Files.isDirectory(exportTarget)) {
                System.err.println("Output dir already exists and is a file: " + exportTarget.toAbsolutePath().toString());
                System.exit(SystemExitCodes.INVALID_ARGUMENT_EXIT_CODE);
            }
            final SystemExport sysexport = new SystemExport(broker, transaction, new Callback(verbose), null, direct);
            sysexport.export(exportTarget.toAbsolutePath().toString(), incremental, zip, errors);
        }
        transaction.commit();
    } catch (final EXistException e) {
        System.err.println("ERROR: Failed to retrieve database broker: " + e.getMessage());
        retval = SystemExitCodes.NO_BROKER_EXIT_CODE;
    } catch (final TerminatedException e) {
        System.err.println("WARN: Export was terminated by db.");
        retval = SystemExitCodes.TERMINATED_EARLY_EXIT_CODE;
    } catch (final PermissionDeniedException pde) {
        System.err.println("ERROR: Failed to retrieve database data: " + pde.getMessage());
        retval = SystemExitCodes.PERMISSION_DENIED_EXIT_CODE;
    } catch (final IOException ioe) {
        System.err.println("ERROR: Failed to retrieve database data: " + ioe.getMessage());
        retval = SystemExitCodes.IO_ERROR_EXIT_CODE;
    } finally {
        BrokerPool.stopAll(false);
    }
    System.exit(retval);
}
Also used : Path(java.nio.file.Path) Txn(org.exist.storage.txn.Txn) EXistException(org.exist.EXistException) IOException(java.io.IOException) DBBroker(org.exist.storage.DBBroker) PermissionDeniedException(org.exist.security.PermissionDeniedException) File(java.io.File) BrokerPool(org.exist.storage.BrokerPool) TerminatedException(org.exist.xquery.TerminatedException)

Example 9 with PermissionDeniedException

use of org.exist.security.PermissionDeniedException in project exist by eXist-db.

the class RestoreHandler method restoreCollectionEntry.

private DeferredPermission restoreCollectionEntry(final Attributes atts) throws SAXException {
    final String name = atts.getValue("name");
    if (name == null) {
        throw new SAXException("Collection requires a name attribute");
    }
    final String owner = getAttr(atts, "owner", SecurityManager.SYSTEM);
    final String group = getAttr(atts, "group", SecurityManager.DBA_GROUP);
    final String mode = getAttr(atts, "mode", "644");
    final String created = atts.getValue("created");
    final String strVersion = atts.getValue("version");
    if (strVersion != null) {
        try {
            this.version = Integer.parseInt(strVersion);
        } catch (final NumberFormatException nfe) {
            final String msg = "Could not parse version number for Collection '" + name + "', defaulting to version 0";
            listener.warn(msg);
            LOG.warn(msg);
            this.version = 0;
        }
    }
    try {
        listener.createdCollection(name);
        final XmldbURI collUri;
        if (version >= STRICT_URI_VERSION) {
            collUri = XmldbURI.create(name);
        } else {
            try {
                collUri = URIUtils.encodeXmldbUriFor(name);
            } catch (final URISyntaxException e) {
                listener.warn("Could not parse document name into a URI: " + e.getMessage());
                return new SkippedEntryDeferredPermission();
            }
        }
        if (version >= BLOB_STORE_VERSION) {
            this.deduplicateBlobs = Boolean.parseBoolean(atts.getValue("deduplicate-blobs"));
        } else {
            this.deduplicateBlobs = false;
        }
        final LockManager lockManager = broker.getBrokerPool().getLockManager();
        try (final Txn transaction = beginTransaction();
            final ManagedCollectionLock colLock = lockManager.acquireCollectionWriteLock(collUri)) {
            Collection collection = broker.getCollection(collUri);
            if (collection == null) {
                final Tuple2<Permission, Long> creationAttributes = Tuple(null, getDateFromXSDateTimeStringForItem(created, name).getTime());
                collection = broker.getOrCreateCollection(transaction, collUri, Optional.of(creationAttributes));
                broker.saveCollection(transaction, collection);
            }
            transaction.commit();
            this.currentCollectionUri = collection.getURI();
        }
        final DeferredPermission deferredPermission;
        if (name.startsWith(XmldbURI.SYSTEM_COLLECTION)) {
            // prevents restore of a backup from changing System collection ownership
            deferredPermission = new CollectionDeferredPermission(listener, currentCollectionUri, SecurityManager.SYSTEM, SecurityManager.DBA_GROUP, Integer.parseInt(mode, 8));
        } else {
            deferredPermission = new CollectionDeferredPermission(listener, currentCollectionUri, owner, group, Integer.parseInt(mode, 8));
        }
        return deferredPermission;
    } catch (final IOException | LockException | TransactionException | PermissionDeniedException e) {
        final String msg = "An unrecoverable error occurred while restoring collection '" + name + "': " + e.getMessage() + ". Aborting restore!";
        LOG.error(msg, e);
        listener.warn(msg);
        throw new SAXException(msg, e);
    }
}
Also used : URISyntaxException(java.net.URISyntaxException) Txn(org.exist.storage.txn.Txn) IOException(java.io.IOException) SAXException(org.xml.sax.SAXException) LockManager(org.exist.storage.lock.LockManager) TransactionException(org.exist.storage.txn.TransactionException) ACLPermission(org.exist.security.ACLPermission) Permission(org.exist.security.Permission) Collection(org.exist.collections.Collection) PermissionDeniedException(org.exist.security.PermissionDeniedException) XmldbURI(org.exist.xmldb.XmldbURI) ManagedCollectionLock(org.exist.storage.lock.ManagedCollectionLock)

Example 10 with PermissionDeniedException

use of org.exist.security.PermissionDeniedException in project exist by eXist-db.

the class XQueryTrigger method finish.

private void finish(int event, DBBroker broker, Txn transaction, XmldbURI src, XmldbURI dst, boolean isCollection) {
    // get the query
    final Source query = getQuerySource(broker);
    if (query == null) {
        return;
    }
    // avoid infinite recursion by allowing just one trigger per thread
    if (!TriggerStatePerThread.verifyUniqueTriggerPerThreadBeforeFinish(this, src)) {
        return;
    }
    final XQueryContext context = new XQueryContext(broker.getBrokerPool());
    CompiledXQuery compiledQuery = null;
    try {
        // compile the XQuery
        compiledQuery = service.compile(context, query);
        // declare external variables
        context.declareVariable(bindingPrefix + "type", EVENT_TYPE_FINISH);
        context.declareVariable(bindingPrefix + "event", new StringValue(eventToString(event)));
        if (isCollection) {
            context.declareVariable(bindingPrefix + "collection", new AnyURIValue(src));
        } else {
            context.declareVariable(bindingPrefix + "collection", new AnyURIValue(src.removeLastSegment()));
        }
        context.declareVariable(bindingPrefix + "uri", new AnyURIValue(src));
        if (dst == null) {
            context.declareVariable(bindingPrefix + "new-uri", Sequence.EMPTY_SEQUENCE);
        } else {
            context.declareVariable(bindingPrefix + "new-uri", new AnyURIValue(dst));
        }
        // For backward compatibility
        context.declareVariable(bindingPrefix + "eventType", EVENT_TYPE_FINISH);
        context.declareVariable(bindingPrefix + "triggerEvent", new StringValue(eventToString(event)));
        if (isCollection) {
            context.declareVariable(bindingPrefix + "collectionName", new AnyURIValue(src));
        } else {
            context.declareVariable(bindingPrefix + "collectionName", new AnyURIValue(src.removeLastSegment()));
            context.declareVariable(bindingPrefix + "documentName", new AnyURIValue(src));
        }
        // declare user defined parameters as external variables
        for (Object o : userDefinedVariables.keySet()) {
            final String varName = (String) o;
            final String varValue = userDefinedVariables.getProperty(varName);
            context.declareVariable(bindingPrefix + varName, new StringValue(varValue));
        }
    } catch (final XPathException | IOException | PermissionDeniedException e) {
        // Should never be reached
        LOG.error(e);
    }
    // execute the XQuery
    try {
        // TODO : should we provide another contextSet ?
        final NodeSet contextSet = NodeSet.EMPTY_SET;
        service.execute(broker, compiledQuery, contextSet);
    // TODO : should we have a special processing ?
    } catch (final XPathException e) {
        // Should never be reached
        LOG.error("Error during trigger finish", e);
    } catch (final PermissionDeniedException e) {
        // Should never be reached
        LOG.error(e);
    }
    TriggerStatePerThread.setTriggerRunningState(TriggerStatePerThread.NO_TRIGGER_RUNNING, this, null);
    TriggerStatePerThread.setTransaction(null);
    LOG.debug("Trigger fired for finish");
}
Also used : NodeSet(org.exist.dom.persistent.NodeSet) AnyURIValue(org.exist.xquery.value.AnyURIValue) PermissionDeniedException(org.exist.security.PermissionDeniedException) IOException(java.io.IOException) StringValue(org.exist.xquery.value.StringValue) StringSource(org.exist.source.StringSource) Source(org.exist.source.Source) DBSource(org.exist.source.DBSource)

Aggregations

PermissionDeniedException (org.exist.security.PermissionDeniedException)182 EXistException (org.exist.EXistException)82 XmldbURI (org.exist.xmldb.XmldbURI)70 IOException (java.io.IOException)58 DocumentImpl (org.exist.dom.persistent.DocumentImpl)48 Collection (org.exist.collections.Collection)44 DBBroker (org.exist.storage.DBBroker)41 Txn (org.exist.storage.txn.Txn)38 LockException (org.exist.util.LockException)35 SAXException (org.xml.sax.SAXException)35 LockedDocument (org.exist.dom.persistent.LockedDocument)31 XPathException (org.exist.xquery.XPathException)31 Permission (org.exist.security.Permission)23 URISyntaxException (java.net.URISyntaxException)22 TriggerException (org.exist.collections.triggers.TriggerException)22 Source (org.exist.source.Source)20 Path (java.nio.file.Path)19 Account (org.exist.security.Account)18 InputSource (org.xml.sax.InputSource)18 Sequence (org.exist.xquery.value.Sequence)17