private static void setWindowsPermissions(Path path) throws IOException { AclFileAttributeView view = Files.getFileAttributeView(path, AclFileAttributeView.class); UserPrincipal owner = view.getOwner(); List<AclEntry> acl = view.getAcl(); ListIterator<AclEntry> it = acl.listIterator(); while (it.hasNext()) { AclEntry entry = it.next(); if ("BUILTIN\\Administrators".equals(entry.principal().getName()) || "NT AUTHORITY\\SYSTEM".equals(entry.principal().getName())) { continue; } it.remove(); } AclEntry entry = AclEntry.newBuilder() .setType(AclEntryType.ALLOW) .setPrincipal(owner) .setPermissions(AclEntryPermission.READ_DATA, AclEntryPermission.WRITE_DATA, AclEntryPermission.APPEND_DATA, AclEntryPermission.READ_NAMED_ATTRS, AclEntryPermission.WRITE_NAMED_ATTRS, AclEntryPermission.EXECUTE, AclEntryPermission.READ_ATTRIBUTES, AclEntryPermission.WRITE_ATTRIBUTES, AclEntryPermission.DELETE, AclEntryPermission.READ_ACL, AclEntryPermission.SYNCHRONIZE) .build(); acl.add(entry); view.setAcl(acl); }
public static <B extends Buffer> B writeAclEntry(B buffer, AclEntry acl) { Objects.requireNonNull(acl, "No ACL"); AclEntryType type = acl.type(); int aclType = encodeAclEntryType(type); ValidateUtils.checkTrue(aclType >= 0, "Unknown ACL type: %s", type); buffer.putInt(aclType); buffer.putInt(encodeAclFlags(acl.flags())); buffer.putInt(encodeAclMask(acl.permissions())); Principal user = acl.principal(); buffer.putString(user.getName()); return buffer; }
public void checkAccess(AclEntryPermission mode) throws AccessDeniedException { // TODO "OWNER@", "GROUP@", and "EVERYONE@" UserPrincipal currentUser = this.attributes.getCurrentUser(); GroupPrincipal currentGroup = this.attributes.getCurrentGroup(); for (AclEntry entry : this.acl) { UserPrincipal principal = entry.principal(); if (principal.equals(currentUser) || principal.equals(currentGroup)) { Set<AclEntryPermission> permissions = entry.permissions(); boolean applies = permissions.contains(mode); AclEntryType type = entry.type(); if (applies) { if (type == ALLOW) { return; } if (type == DENY) { throw new AccessDeniedException(this.path.toString()); } } } } }
/** * @param path Remove "Everyone" from this path's Windows ACL permissions. */ public static void setPrivate(Path path) throws IOException { UserPrincipal everyone = getDefault().getUserPrincipalLookupService() .lookupPrincipalByName(WINDOWS_EVERYONE); AclFileAttributeView aclFileAttributes = java.nio.file.Files.getFileAttributeView( path, AclFileAttributeView.class); CopyOnWriteArrayList<AclEntry> aclList = new CopyOnWriteArrayList(aclFileAttributes.getAcl()); for (AclEntry aclEntry : aclList) { if (aclEntry.principal().equals(everyone) && aclEntry.type().equals(AclEntryType.ALLOW)) { aclList.remove(aclEntry); } } aclFileAttributes.setAcl(aclList); }
if(!owner.equals(acl.principal())) else if(acl.type() == AclEntryType.ALLOW) AclEntry.Builder builder = AclEntry.newBuilder(acl); Set<AclEntryPermission> permissions = acl.permissions().isEmpty() ? new HashSet<AclEntryPermission>() : EnumSet.copyOf(acl.permissions()); permissions.addAll(Arrays.asList(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY, AclEntryPermission.LIST_DIRECTORY)); builder.setPermissions(permissions); AclEntry.Builder builder = AclEntry.newBuilder(); builder.setPermissions(AclEntryPermission.ADD_FILE, AclEntryPermission.ADD_SUBDIRECTORY, AclEntryPermission.LIST_DIRECTORY); builder.setType(AclEntryType.ALLOW);
@Override public List<AclEntry> value() { AclEntry.Builder builder = AclEntry.newBuilder(); builder.setType(AclEntryType.ALLOW); builder.setPermissions(EnumSet.allOf(AclEntryPermission.class)); builder.setPrincipal(owner); return Collections.singletonList(builder.build()); } });
/** * @param path The path to a Windows file or directory. * @return true if path has permissions set to Everyone on windows. The exact permissions are not checked. */ public static boolean isPrivate(Path path) throws IOException { UserPrincipal everyone = getDefault().getUserPrincipalLookupService() .lookupPrincipalByName(WINDOWS_EVERYONE); AclFileAttributeView aclFileAttributes = java.nio.file.Files.getFileAttributeView( path, AclFileAttributeView.class); for (AclEntry aclEntry : aclFileAttributes.getAcl()) { if (aclEntry.principal().equals(everyone)) { return false; } } return true; }
Set<AclEntryPermission> originalPermissions = acl.permissions(); Set<AclEntryPermission> updatedPermissions = EnumSet.copyOf(originalPermissions); AclEntryPermission.WRITE_OWNER))) AclEntry.Builder builder = AclEntry.newBuilder(acl); builder.setPermissions(updatedPermissions); iter.set(builder.build());
if(acl.type() == AclEntryType.ALLOW) Set<AclEntryPermission> originalPermissions = acl.permissions(); Set<AclEntryPermission> updatedPermissions = EnumSet.copyOf(originalPermissions); + "' has incorrect permissions. The file should not be modifiable by any user."); if (!owner.equals(acl.principal()) && updatedPermissions.removeAll(EnumSet.of(AclEntryPermission.READ_DATA))) { throw new IllegalArgumentException("Key file '" + fileLocation
/** * @param path Remove "Everyone" from this path's Windows ACL permissions. */ public static void setPrivate(Path path) throws IOException { UserPrincipal everyone = getDefault().getUserPrincipalLookupService() .lookupPrincipalByName(WINDOWS_EVERYONE); AclFileAttributeView aclFileAttributes = java.nio.file.Files.getFileAttributeView( path, AclFileAttributeView.class); CopyOnWriteArrayList<AclEntry> aclList = new CopyOnWriteArrayList(aclFileAttributes.getAcl()); for (AclEntry aclEntry : aclList) { if (aclEntry.principal().equals(everyone) && aclEntry.type().equals(AclEntryType.ALLOW)) { aclList.remove(aclEntry); } } aclFileAttributes.setAcl(aclList); }
void fixSshKeyOnWindows(File key) throws GitException { if (launcher.isUnix()) return; Path file = Paths.get(key.toURI()); AclFileAttributeView fileAttributeView = Files.getFileAttributeView(file, AclFileAttributeView.class); if (fileAttributeView == null) return; String username = getWindowsUserName(fileAttributeView); if (StringUtils.isBlank(username)) return; try { UserPrincipalLookupService userPrincipalLookupService = file.getFileSystem().getUserPrincipalLookupService(); UserPrincipal userPrincipal = userPrincipalLookupService.lookupPrincipalByName(username); AclEntry aclEntry = AclEntry.newBuilder() .setType(AclEntryType.ALLOW) .setPrincipal(userPrincipal) .setPermissions(ACL_ENTRY_PERMISSIONS) .build(); fileAttributeView.setAcl(Collections.singletonList(aclEntry)); } catch (IOException | UnsupportedOperationException e) { throw new GitException("Error updating file permission for \"" + key.getAbsolutePath() + "\""); } }
/** * @param path The path to a Windows file or directory. * @return true if path has permissions set to Everyone on windows. The exact permissions are not checked. */ public static boolean isPrivate(Path path) throws IOException { UserPrincipal everyone = getDefault().getUserPrincipalLookupService() .lookupPrincipalByName(WINDOWS_EVERYONE); AclFileAttributeView aclFileAttributes = java.nio.file.Files.getFileAttributeView( path, AclFileAttributeView.class); for (AclEntry aclEntry : aclFileAttributes.getAcl()) { if (aclEntry.principal().equals(everyone)) { return false; } } return true; }
private static void setWindowsPermissions(Path path) throws IOException { AclFileAttributeView view = Files.getFileAttributeView(path, AclFileAttributeView.class); UserPrincipal owner = view.getOwner(); List<AclEntry> acl = view.getAcl(); ListIterator<AclEntry> it = acl.listIterator(); while (it.hasNext()) { AclEntry entry = it.next(); if ("BUILTIN\\Administrators".equals(entry.principal().getName()) || "NT AUTHORITY\\SYSTEM".equals(entry.principal().getName())) { continue; } it.remove(); } AclEntry entry = AclEntry.newBuilder() .setType(AclEntryType.ALLOW) .setPrincipal(owner) .setPermissions(AclEntryPermission.READ_DATA, AclEntryPermission.WRITE_DATA, AclEntryPermission.APPEND_DATA, AclEntryPermission.READ_NAMED_ATTRS, AclEntryPermission.WRITE_NAMED_ATTRS, AclEntryPermission.EXECUTE, AclEntryPermission.READ_ATTRIBUTES, AclEntryPermission.WRITE_ATTRIBUTES, AclEntryPermission.DELETE, AclEntryPermission.READ_ACL, AclEntryPermission.SYNCHRONIZE) .build(); acl.add(entry); view.setAcl(acl); }
public static void writeAclEntry(Buffer buffer, AclEntry acl) { Objects.requireNonNull(acl, "No ACL"); AclEntryType type = acl.type(); int aclType = encodeAclEntryType(type); ValidateUtils.checkTrue(aclType >= 0, "Unknown ACL type: %s", type); buffer.putInt(aclType); buffer.putInt(encodeAclFlags(acl.flags())); buffer.putInt(encodeAclMask(acl.permissions())); Principal user = acl.principal(); buffer.putString(user.getName()); }
/** * @param path Remove "Everyone" from this path's Windows ACL permissions. */ public static void setPrivate(Path path) throws IOException { UserPrincipal everyone = getDefault().getUserPrincipalLookupService() .lookupPrincipalByName(WINDOWS_EVERYONE); AclFileAttributeView aclFileAttributes = java.nio.file.Files.getFileAttributeView( path, AclFileAttributeView.class); CopyOnWriteArrayList<AclEntry> aclList = new CopyOnWriteArrayList(aclFileAttributes.getAcl()); for (AclEntry aclEntry : aclList) { if (aclEntry.principal().equals(everyone) && aclEntry.type().equals(AclEntryType.ALLOW)) { aclList.remove(aclEntry); } } aclFileAttributes.setAcl(aclList); }
/** * @param path Add "Everyone" with read enabled to this path's Windows ACL permissions. */ public static void setPublic(Path path) throws IOException { UserPrincipal everyone = getDefault().getUserPrincipalLookupService() .lookupPrincipalByName(WINDOWS_EVERYONE); AclFileAttributeView aclFileAttributes = java.nio.file.Files.getFileAttributeView( path, AclFileAttributeView.class); List<AclEntry> list = aclFileAttributes.getAcl(); list.add(AclEntry.newBuilder().setPrincipal(everyone).setPermissions( AclEntryPermission.READ_DATA, AclEntryPermission.READ_ACL, AclEntryPermission.READ_ATTRIBUTES, AclEntryPermission.READ_NAMED_ATTRS) .setType(AclEntryType.ALLOW) .build()); aclFileAttributes.setAcl(list); } }
/** * @param path The path to a Windows file or directory. * @return true if path has permissions set to Everyone on windows. The exact permissions are not checked. */ public static boolean isPrivate(Path path) throws IOException { UserPrincipal everyone = getDefault().getUserPrincipalLookupService() .lookupPrincipalByName(WINDOWS_EVERYONE); AclFileAttributeView aclFileAttributes = java.nio.file.Files.getFileAttributeView( path, AclFileAttributeView.class); for (AclEntry aclEntry : aclFileAttributes.getAcl()) { if (aclEntry.principal().equals(everyone)) { return false; } } return true; }
private static void setWindowsPermissions(Path path) throws IOException { AclFileAttributeView view = Files.getFileAttributeView(path, AclFileAttributeView.class); UserPrincipal owner = view.getOwner(); List<AclEntry> acl = view.getAcl(); ListIterator<AclEntry> it = acl.listIterator(); while (it.hasNext()) { AclEntry entry = it.next(); if ("BUILTIN\\Administrators".equals(entry.principal().getName()) || "NT AUTHORITY\\SYSTEM".equals(entry.principal().getName())) { continue; } it.remove(); } AclEntry entry = AclEntry.newBuilder() .setType(AclEntryType.ALLOW) .setPrincipal(owner) .setPermissions(AclEntryPermission.READ_DATA, AclEntryPermission.WRITE_DATA, AclEntryPermission.APPEND_DATA, AclEntryPermission.READ_NAMED_ATTRS, AclEntryPermission.WRITE_NAMED_ATTRS, AclEntryPermission.EXECUTE, AclEntryPermission.READ_ATTRIBUTES, AclEntryPermission.WRITE_ATTRIBUTES, AclEntryPermission.DELETE, AclEntryPermission.READ_ACL, AclEntryPermission.SYNCHRONIZE) .build(); acl.add(entry); view.setAcl(acl); }
/** * @param path Add "Everyone" with read enabled to this path's Windows ACL permissions. */ public static void setPublic(Path path) throws IOException { UserPrincipal everyone = getDefault().getUserPrincipalLookupService() .lookupPrincipalByName(WINDOWS_EVERYONE); AclFileAttributeView aclFileAttributes = java.nio.file.Files.getFileAttributeView( path, AclFileAttributeView.class); List<AclEntry> list = aclFileAttributes.getAcl(); list.add(AclEntry.newBuilder().setPrincipal(everyone).setPermissions( AclEntryPermission.READ_DATA, AclEntryPermission.READ_ACL, AclEntryPermission.READ_ATTRIBUTES, AclEntryPermission.READ_NAMED_ATTRS) .setType(AclEntryType.ALLOW) .build()); aclFileAttributes.setAcl(list); } }
protected FileOwnerAttributeView parseFileOwnerAttribute(final ResponseData responseData, File file) { try { final FileOwnerAttributeView ownerAttrView = Files.getFileAttributeView(file.toPath(), FileOwnerAttributeView.class); if (ownerAttrView != null) { UserPrincipal owner = ownerAttrView.getOwner(); if (owner != null) { responseData.addMetaData(FS_FILE_USER, owner.getName()); } } final AclFileAttributeView aclFileAttributeView = Files.getFileAttributeView(file.toPath(), AclFileAttributeView.class); if (aclFileAttributeView != null) { responseData.addMetaData(FILE_ATTRIBUTE_VIEW, aclFileAttributeView); responseData.addMetaData(FS_FILE_GROUPS, aclFileAttributeView.getAcl().stream().map(acl -> acl.principal().getName()).toArray(n -> new String[n])); return aclFileAttributeView; } final PosixFileAttributeView posixFileAttributeView = Files.getFileAttributeView(file.toPath(), PosixFileAttributeView.class); if (posixFileAttributeView != null) { responseData.addMetaData(FILE_ATTRIBUTE_VIEW, posixFileAttributeView); responseData.addMetaData(FS_FILE_GROUPS, new String[] { posixFileAttributeView.readAttributes().group().getName() }); return posixFileAttributeView; } return ownerAttrView; } catch (Exception e) { throw new CrawlingAccessException("Failed to parse FileAttributeView.", e); } }