Example 26 with BrokerPool
use of org.exist.storage.BrokerPool in project exist by eXist-db.
the class PermissionsFunctionChownTest method changeCollectionOwnerToSelfAsDBA_preservesSetUidAndSetGid.
/**
* With {@code posix-chown-restricted="false"},
* as the DBA user change the owner of {@link #USER1_COL2} from "user1" to "user1".
* Finally make sure that chown has preserved the setUid and setGid bits.
*/
@Test
public void changeCollectionOwnerToSelfAsDBA_preservesSetUidAndSetGid() throws EXistException, PermissionDeniedException, XPathException {
final BrokerPool pool = existWebServer.getBrokerPool();
final Subject user1 = pool.getSecurityManager().getSystemSubject();
// check the setUid and setGid bits are set before we begin
assertCollectionSetUidSetGid(user1, TestConstants.TEST_COLLECTION_URI.append(USER1_COL2), IS_SET);
// change the owner
changeOwner(user1, NOT_RESTRICTED, TestConstants.TEST_COLLECTION_URI.append(USER1_COL2), USER1_NAME);
// check the setUid and setGid bits are still set
assertCollectionSetUidSetGid(user1, TestConstants.TEST_COLLECTION_URI.append(USER1_COL2), IS_SET);
}
Also used :
BrokerPool(org.exist.storage.BrokerPool)
Example 27 with BrokerPool
use of org.exist.storage.BrokerPool in project exist by eXist-db.
the class PermissionsFunctionChownTest method prepareDb.
@BeforeClass
public static void prepareDb() throws EXistException, PermissionDeniedException, IOException, TriggerException {
final BrokerPool pool = existWebServer.getBrokerPool();
final SecurityManager sm = pool.getSecurityManager();
try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
final Txn transaction = pool.getTransactionManager().beginTransaction()) {
final Collection collection = broker.getOrCreateCollection(transaction, TestConstants.TEST_COLLECTION_URI);
PermissionFactory.chmod(broker, collection, Optional.of(511), Optional.empty());
broker.saveCollection(transaction, collection);
createUser(broker, sm, USER1_NAME, USER1_PWD);
createUser(broker, sm, USER2_NAME, USER2_PWD);
createUser(broker, sm, USERRM_NAME, USERRM_PWD);
final Group otherGroup = new GroupAider(OTHER_GROUP_NAME);
sm.addGroup(broker, otherGroup);
final Account user1 = sm.getAccount(USER1_NAME);
user1.addGroup(OTHER_GROUP_NAME);
sm.updateAccount(user1);
final Account user2 = sm.getAccount(USER2_NAME);
user2.addGroup(OTHER_GROUP_NAME);
sm.updateAccount(user2);
transaction.commit();
}
try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
final Txn transaction = pool.getTransactionManager().beginTransaction()) {
removeUser(sm, USERRM_NAME);
transaction.commit();
}
}
Also used :
DBBroker(org.exist.storage.DBBroker)
SecurityManager(org.exist.security.SecurityManager)
Collection(org.exist.collections.Collection)
Txn(org.exist.storage.txn.Txn)
GroupAider(org.exist.security.internal.aider.GroupAider)
BrokerPool(org.exist.storage.BrokerPool)
Example 28 with BrokerPool
use of org.exist.storage.BrokerPool in project exist by eXist-db.
the class PermissionsFunctionChownTest method changeCollectionOwnerToSelfAsNonDBAOwner_clearsSetUidAndSetGid.
/**
* With {@code posix-chown-restricted="false"},
* as the collection owner user change the owner of {@link #USER1_COL2} from "user1" to "user1".
* Finally make sure that chown has cleared the setUid and setGid bits.
*/
@Test
public void changeCollectionOwnerToSelfAsNonDBAOwner_clearsSetUidAndSetGid() throws AuthenticationException, EXistException, PermissionDeniedException, XPathException {
final BrokerPool pool = existWebServer.getBrokerPool();
final Subject user1 = pool.getSecurityManager().authenticate(USER1_NAME, USER1_PWD);
// check the setUid and setGid bits are set before we begin
assertCollectionSetUidSetGid(user1, TestConstants.TEST_COLLECTION_URI.append(USER1_COL2), IS_SET);
// change the owner
changeOwner(user1, NOT_RESTRICTED, TestConstants.TEST_COLLECTION_URI.append(USER1_COL2), USER1_NAME);
// check the setUid and setGid bits are now cleared
assertCollectionSetUidSetGid(user1, TestConstants.TEST_COLLECTION_URI.append(USER1_COL2), NOT_SET);
}
Also used :
BrokerPool(org.exist.storage.BrokerPool)
Example 29 with BrokerPool
use of org.exist.storage.BrokerPool in project exist by eXist-db.
the class PermissionsFunctionChownTest method changeOwner.
private void changeOwner(final Subject execAsUser, final boolean restricted, final XmldbURI uri, final String newOwnerGroup, final String expectedOwnerGroup) throws EXistException, PermissionDeniedException, XPathException {
final BrokerPool pool = existWebServer.getBrokerPool();
final boolean prevRestricted = setPosixChownRestricted(restricted);
final String query = "import module namespace sm = 'http://exist-db.org/xquery/securitymanager';\n" + "sm:chown(xs:anyURI('" + uri.getRawCollectionPath() + "'), '" + newOwnerGroup + "'),\n" + "sm:get-permissions(xs:anyURI('" + uri.getRawCollectionPath() + "'))/sm:permission/(string(@owner), string(@group))";
try (final DBBroker broker = pool.get(Optional.of(execAsUser))) {
final XQuery xquery = existWebServer.getBrokerPool().getXQueryService();
final Sequence result = xquery.execute(broker, query, null);
assertEquals(2, result.getItemCount());
final String[] expectedOwnerGroupParts = expectedOwnerGroup.split(":");
assertEquals(expectedOwnerGroupParts[0], result.itemAt(0).getStringValue());
if (expectedOwnerGroupParts.length == 2) {
assertEquals(expectedOwnerGroupParts[1], result.itemAt(1).getStringValue());
}
} finally {
setPosixChownRestricted(prevRestricted);
}
}
Also used :
DBBroker(org.exist.storage.DBBroker)
XQuery(org.exist.xquery.XQuery)
Sequence(org.exist.xquery.value.Sequence)
BrokerPool(org.exist.storage.BrokerPool)
Example 30 with BrokerPool
use of org.exist.storage.BrokerPool in project exist by eXist-db.
the class PermissionsFunctionChownTest method changeCollectionGroupToSelfAsNonDBAOwner_clearsSetUidAndSetGid_restricted.
/**
* With {@code posix-chown-restricted="true"},
* as the collection owner user change the group of {@link #USER1_COL2} from "user1" to "user1".
* Finally make sure that chown has cleared the setUid and setGid bits.
*/
@Test
public void changeCollectionGroupToSelfAsNonDBAOwner_clearsSetUidAndSetGid_restricted() throws AuthenticationException, EXistException, PermissionDeniedException, XPathException {
final BrokerPool pool = existWebServer.getBrokerPool();
final Subject user1 = pool.getSecurityManager().authenticate(USER1_NAME, USER1_PWD);
// check the setUid and setGid bits are set before we begin
assertCollectionSetUidSetGid(user1, TestConstants.TEST_COLLECTION_URI.append(USER1_COL2), IS_SET);
// change the owner
changeGroup(user1, RESTRICTED, TestConstants.TEST_COLLECTION_URI.append(USER1_COL2), USER1_NAME);
// check the setUid and setGid bits are now cleared
assertCollectionSetUidSetGid(user1, TestConstants.TEST_COLLECTION_URI.append(USER1_COL2), NOT_SET);
}
Also used :
BrokerPool(org.exist.storage.BrokerPool)
Aggregations
BrokerPool (org.exist.storage.BrokerPool)381
DBBroker (org.exist.storage.DBBroker)300
Txn (org.exist.storage.txn.Txn)180
Sequence (org.exist.xquery.value.Sequence)157
Test (org.junit.Test)115
XQuery (org.exist.xquery.XQuery)105
Collection (org.exist.collections.Collection)71
StringInputSource (org.exist.util.StringInputSource)66
TransactionManager (org.exist.storage.txn.TransactionManager)61
Source (org.exist.source.Source)43
StringSource (org.exist.source.StringSource)40
CompiledXQuery (org.exist.xquery.CompiledXQuery)38
Path (java.nio.file.Path)22
XmldbURI (org.exist.xmldb.XmldbURI)21
XPathException (org.exist.xquery.XPathException)21
Properties (java.util.Properties)20
LockedDocument (org.exist.dom.persistent.LockedDocument)20
InputSource (org.xml.sax.InputSource)20
IOException (java.io.IOException)19
XQueryContext (org.exist.xquery.XQueryContext)19
