use of org.exist.util.SyntaxException in project exist by eXist-db.
the class PermissionsFunction method functionModeToOctal.
private Sequence functionModeToOctal(final String modeStr) throws XPathException {
try {
final int mode = AbstractUnixStylePermission.simpleSymbolicModeToInt(modeStr);
final String octal = mode == 0 ? "0" : "0" + Integer.toOctalString(mode);
return new StringValue(octal);
} catch (final SyntaxException se) {
throw new XPathException(se.getMessage(), se);
}
}
use of org.exist.util.SyntaxException in project exist by eXist-db.
the class AbstractUnixStylePermission method setExistSymbolicMode.
/**
* Set mode using a string. The string has the
* following syntax:
*
* [user|group|other]=[+|-][read|write|execute]
*
* For example, to set read and write mode for the group, but
* not for others:
*
* group=+read,+write,other=-read,-write
*
* The new settings are or'ed with the existing settings.
*
*@param existSymbolicMode The new mode
*@throws SyntaxException Description of the Exception
*
* @deprecated setUnixSymbolicMode should be used instead
*/
@Deprecated
private void setExistSymbolicMode(final String existSymbolicMode) throws SyntaxException, PermissionDeniedException {
LOG.warn("Permission modes should not be set using this format '{}', consider using the UNIX symbolic mode instead", existSymbolicMode);
int shift = 0;
int mode = getMode();
for (final String s : existSymbolicMode.toLowerCase().split("=|,")) {
if (s.equalsIgnoreCase(USER_STRING)) {
shift = 6;
} else if (s.equalsIgnoreCase(GROUP_STRING)) {
shift = 3;
} else if (s.equalsIgnoreCase(OTHER_STRING)) {
shift = 0;
} else {
int perm = 0;
if (s.endsWith(READ_STRING.toLowerCase())) {
perm = READ;
} else if (s.endsWith(WRITE_STRING.toLowerCase())) {
perm = WRITE;
} else if (s.endsWith(EXECUTE_STRING.toLowerCase())) {
perm = EXECUTE;
} else {
throw new SyntaxException("Unrecognised mode char '" + s + "'");
}
if (s.startsWith("+")) {
mode |= (perm << shift);
} else if (s.startsWith("-")) {
mode &= (~(perm << shift));
} else {
throw new SyntaxException("Unrecognised mode char '" + s + "'");
}
}
}
setMode(mode);
}
use of org.exist.util.SyntaxException in project exist by eXist-db.
the class PermissionFactory method chmod_impl.
private static void chmod_impl(final DBBroker broker, final Permission permission, final Optional<Either<String, Integer>> mode, final Optional<List<ACEAider>> acl) throws PermissionDeniedException {
if ((!mode.isPresent()) && !acl.isPresent()) {
throw new IllegalArgumentException("Either mode or acl must be provided");
}
try {
final boolean changeMode;
if (mode.isPresent()) {
if (mode.get().isLeft()) {
final Subject effectiveUser = broker.getCurrentSubject();
final Permission other = new UnixStylePermission(broker.getBrokerPool().getSecurityManager(), effectiveUser.getId(), effectiveUser.getDefaultGroup().getId(), 0);
other.setMode(mode.get().left().get());
changeMode = permission.getMode() != other.getMode();
} else {
changeMode = permission.getMode() != mode.get().right().get();
}
} else {
changeMode = false;
}
final boolean changeAcl = acl.map(desiredAces -> !aclEquals(permission, desiredAces)).orElse(false);
/*
To change the permission bits of a file, the effective user ID of the process must be equal to the owner ID
of the file, or the process must have superuser permissions.
*/
if ((changeMode || changeAcl) && (!permission.isCurrentSubjectDBA()) && !permission.isCurrentSubjectOwner()) {
throw new PermissionDeniedException("Only a DBA or the resources owner can change the mode of a resource.");
}
// change the mode
if (changeMode) {
final boolean matchedGroup = permission.isCurrentSubjectInGroup();
if (permission.isCurrentSubjectDBA() || matchedGroup) {
if (mode.get().isLeft()) {
permission.setMode(mode.get().left().get());
} else {
permission.setMode(mode.get().right().get());
}
} else {
/*
If the group ID of the file does not equal either the effective group ID of the process or one of
the processâs supplementary group IDs and if the process does not have superuser privileges,
then the set-group-ID bit is automatically turned off.
This prevents a user from creating a set-group-ID file owned by a group that the user doesnât
belong to.
*/
if (mode.get().isLeft()) {
permission.setMode(removeSetGid(mode.get().left().get()));
} else {
permission.setMode(removeSetGid(mode.get().right().get()));
}
}
}
// change the acl
if (changeAcl) {
final ACLPermission aclPermission = (ACLPermission) permission;
aclPermission.clear();
for (final ACEAider ace : acl.get()) {
aclPermission.addACE(ace.getAccessType(), ace.getTarget(), ace.getWho(), ace.getMode());
}
}
} catch (final SyntaxException se) {
throw new PermissionDeniedException("Unrecognised mode syntax: " + se.getMessage(), se);
}
}
Aggregations