From 40a25b8872acb0f7da36f565098ec4f95cbc2363 Mon Sep 17 00:00:00 2001 From: Patrick Dowler Date: Mon, 10 Jun 2024 07:23:12 -0700 Subject: [PATCH 1/3] cavern: fix inheritPermissions prop usage added inheritPermisions to restricted list and only use default ACLs added defenmsive code to remove restricted props from FS when reading a node in case the list changes --- cavern/VERSION | 2 +- .../org/opencadc/cavern/nodes/NodeUtil.java | 33 ++++++++----------- 2 files changed, 15 insertions(+), 20 deletions(-) diff --git a/cavern/VERSION b/cavern/VERSION index 90dca966..8dcedbb8 100644 --- a/cavern/VERSION +++ b/cavern/VERSION @@ -1,6 +1,6 @@ ## deployable containers have a semantic and build tag # semantic version tag: major.minor # build version tag: timestamp -VER=0.7.7 +VER=0.7.8 TAGS="${VER} ${VER}-$(date -u +"%Y%m%dT%H%M%S")" unset VER diff --git a/cavern/src/main/java/org/opencadc/cavern/nodes/NodeUtil.java b/cavern/src/main/java/org/opencadc/cavern/nodes/NodeUtil.java index df95179e..463a0538 100644 --- a/cavern/src/main/java/org/opencadc/cavern/nodes/NodeUtil.java +++ b/cavern/src/main/java/org/opencadc/cavern/nodes/NodeUtil.java @@ -135,6 +135,7 @@ class NodeUtil { VOS.PROPERTY_URI_DATE, VOS.PROPERTY_URI_GROUPREAD, VOS.PROPERTY_URI_GROUPWRITE, + VOS.PROPERTY_URI_INHERIT_PERMISSIONS, // presence of default ACLs VOS.PROPERTY_URI_ISLOCKED, // but not supported VOS.PROPERTY_URI_ISPUBLIC, VOS.PROPERTY_URI_QUOTA @@ -533,18 +534,17 @@ Node pathToNode(Path p, boolean getAttrs) ret.getProperties().add(new NodeProperty(VOS.PROPERTY_URI_DATE, df.format(modified))); if (getAttrs && !attrs.isSymbolicLink()) { - Map uda = ExtendedFileAttributes.getAttributes(p); + Map uda = ExtendedFileAttributes.getAttributes(p); // no namespace: user attrs for (Map.Entry me : uda.entrySet()) { try { URI pk = new URI(me.getKey()); log.debug("found prop: " + pk + " = " + me.getValue()); - if (VOS.PROPERTY_URI_INHERIT_PERMISSIONS.equals(pk)) { - if (ret instanceof ContainerNode) { - ContainerNode cn = (ContainerNode) ret; - cn.inheritPermissions = Boolean.parseBoolean(me.getValue()); - } else { - log.error("found " + VOS.PROPERTY_URI_INHERIT_PERMISSIONS + " on a " + ret.getClass().getSimpleName()); - } + // check if this prop should not be set and fix + // could happen is user set it manually or it was not in the restructed set + // in a previous version + if (FILESYSTEM_PROPS.contains(pk)) { + ExtendedFileAttributes.setFileAttribute(p, pk.toASCIIString(), null); + log.debug("removed bogus user prop: " + pk.toASCIIString() + " from " + p); } else { ret.getProperties().add(new NodeProperty(pk, me.getValue())); } @@ -557,27 +557,22 @@ Node pathToNode(Path p, boolean getAttrs) Long quota = quotaImpl.getQuota(p); if (quota != null) { - // This quota takes precedence. - ret.getProperties().remove(new NodeProperty(VOS.PROPERTY_URI_QUOTA)); ret.getProperties().add(new NodeProperty(VOS.PROPERTY_URI_QUOTA, quota.toString())); } boolean isDir = (ret instanceof ContainerNode); AclCommandExecutor acl = new AclCommandExecutor(p, isDir); - // backwards compat: check for default ACLs and assume inheritPermission is true + // check for default ACLs aka inheritPermissions if (ret instanceof ContainerNode) { ContainerNode cn = (ContainerNode) ret; - if (cn.inheritPermissions == null || !cn.inheritPermissions) { - // check for inconsistency with default ACLs - Set dro = acl.getReadOnlyACL(true); - Set drw = acl.getReadWriteACL(true); - cn.inheritPermissions = !dro.isEmpty() || !drw.isEmpty(); - log.debug("default ACLs imply inheritPermissions==" + cn.inheritPermissions); - } + // check for inconsistency with default ACLs + Set dro = acl.getReadOnlyACL(true); + Set drw = acl.getReadWriteACL(true); + cn.inheritPermissions = !dro.isEmpty() || !drw.isEmpty(); + log.debug("default ACLs imply inheritPermissions==" + cn.inheritPermissions); } - // TODO: could collect all gids from read-only and read-write and prime the gid cache in 1 call instead of 2 Set rogids = acl.getReadOnlyACL(); if (!rogids.isEmpty()) { From 83617837f30b1f2781f8ad5a2853062f582902b5 Mon Sep 17 00:00:00 2001 From: Patrick Dowler Date: Mon, 10 Jun 2024 07:26:30 -0700 Subject: [PATCH 2/3] checkstyle fix --- cavern/src/main/java/org/opencadc/cavern/CavernConfig.java | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/cavern/src/main/java/org/opencadc/cavern/CavernConfig.java b/cavern/src/main/java/org/opencadc/cavern/CavernConfig.java index bfe4a8a5..1938c4dd 100644 --- a/cavern/src/main/java/org/opencadc/cavern/CavernConfig.java +++ b/cavern/src/main/java/org/opencadc/cavern/CavernConfig.java @@ -3,7 +3,7 @@ ******************* CANADIAN ASTRONOMY DATA CENTRE ******************* ************** CENTRE CANADIEN DE DONNÉES ASTRONOMIQUES ************** * - * (c) 2023. (c) 2023. + * (c) 2024. (c) 2024. * Government of Canada Gouvernement du Canada * National Research Council Conseil national de recherches * Ottawa, Canada, K1A 0R6 Ottawa, Canada, K1A 0R6 @@ -76,6 +76,7 @@ import ca.nrc.cadc.util.InvalidConfigException; import ca.nrc.cadc.util.MultiValuedProperties; import ca.nrc.cadc.util.PropertiesReader; +import ca.nrc.cadc.util.StringUtil; import java.io.File; import java.lang.reflect.Constructor; import java.lang.reflect.InvocationTargetException; @@ -85,8 +86,6 @@ import java.util.ArrayList; import java.util.List; import javax.security.auth.Subject; - -import ca.nrc.cadc.util.StringUtil; import org.apache.log4j.Logger; import org.opencadc.cavern.nodes.NoQuotaPlugin; import org.opencadc.cavern.nodes.QuotaPlugin; From 5543f4b92a5ee77fe0823145305127444bbd7f3c Mon Sep 17 00:00:00 2001 From: Patrick Dowler Date: Mon, 10 Jun 2024 07:50:52 -0700 Subject: [PATCH 3/3] update libs to source compat java 11 --- cadc-test-vos/build.gradle | 4 ++-- cadc-vos-client/build.gradle | 4 ++-- cadc-vos-server/build.gradle | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/cadc-test-vos/build.gradle b/cadc-test-vos/build.gradle index 0d5e0ee1..417e6baf 100644 --- a/cadc-test-vos/build.gradle +++ b/cadc-test-vos/build.gradle @@ -12,11 +12,11 @@ repositories { apply from: '../opencadc.gradle' -sourceCompatibility = 1.8 +sourceCompatibility = 11 group = 'org.opencadc' -version = '2.1.9' +version = '2.1.10' description = 'OpenCADC VOSpace test library' def git_url = 'https://github.com/opencadc/vos' diff --git a/cadc-vos-client/build.gradle b/cadc-vos-client/build.gradle index b0a8f4b2..7f174bb5 100644 --- a/cadc-vos-client/build.gradle +++ b/cadc-vos-client/build.gradle @@ -13,11 +13,11 @@ repositories { apply from: '../opencadc.gradle' -sourceCompatibility = 1.8 +sourceCompatibility = 11 group = 'org.opencadc' -version = '2.0.4' +version = '2.0.5' description = 'OpenCADC VOSpace client library' def git_url = 'https://github.com/opencadc/vos' diff --git a/cadc-vos-server/build.gradle b/cadc-vos-server/build.gradle index 7d1cd7de..d455385a 100644 --- a/cadc-vos-server/build.gradle +++ b/cadc-vos-server/build.gradle @@ -12,11 +12,11 @@ repositories { apply from: '../opencadc.gradle' -sourceCompatibility = 1.8 +sourceCompatibility = 11 group = 'org.opencadc' -version = '2.0.15' +version = '2.0.16' description = 'OpenCADC VOSpace server' def git_url = 'https://github.com/opencadc/vos'