| /* |
| * Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved. |
| * |
| * Redistribution and use in source and binary forms, with or without |
| * modification, are permitted provided that the following conditions |
| * are met: |
| * |
| * - Redistributions of source code must retain the above copyright |
| * notice, this list of conditions and the following disclaimer. |
| * |
| * - Redistributions in binary form must reproduce the above copyright |
| * notice, this list of conditions and the following disclaimer in the |
| * documentation and/or other materials provided with the distribution. |
| * |
| * - Neither the name of Oracle nor the names of its |
| * contributors may be used to endorse or promote products derived |
| * from this software without specific prior written permission. |
| * |
| * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS |
| * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, |
| * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR |
| * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, |
| * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
| * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR |
| * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF |
| * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING |
| * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS |
| * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| */ |
| |
| /* |
| * This source code is provided to illustrate the usage of a given feature |
| * or technique and has been deliberately simplified. Additional steps |
| * required for a production-quality application, such as security checks, |
| * input validation and proper error handling, might not be present in |
| * this sample code. |
| */ |
| |
| |
| import java.nio.file.*; |
| import java.nio.file.attribute.*; |
| import java.io.IOException; |
| import java.util.*; |
| import java.util.regex.Pattern; |
| |
| /** |
| * Sample utility for editing a file's ACL. |
| */ |
| |
| public class AclEdit { |
| |
| // parse string as list of ACE permissions separated by / |
| static Set<AclEntryPermission> parsePermissions(String permsString) { |
| Set<AclEntryPermission> perms = new HashSet<AclEntryPermission>(); |
| String[] result = permsString.split("/"); |
| for (String s : result) { |
| if (s.equals("")) |
| continue; |
| try { |
| perms.add(AclEntryPermission.valueOf(s.toUpperCase())); |
| } catch (IllegalArgumentException x) { |
| System.err.format("Invalid permission '%s'\n", s); |
| System.exit(-1); |
| } |
| } |
| return perms; |
| } |
| |
| // parse string as list of ACE flags separated by / |
| static Set<AclEntryFlag> parseFlags(String flagsString) { |
| Set<AclEntryFlag> flags = new HashSet<AclEntryFlag>(); |
| String[] result = flagsString.split("/"); |
| for (String s : result) { |
| if (s.equals("")) |
| continue; |
| try { |
| flags.add(AclEntryFlag.valueOf(s.toUpperCase())); |
| } catch (IllegalArgumentException x) { |
| System.err.format("Invalid flag '%s'\n", s); |
| System.exit(-1); |
| } |
| } |
| return flags; |
| } |
| |
| // parse ACE type |
| static AclEntryType parseType(String typeString) { |
| // FIXME: support audit and alarm types in the future |
| if (typeString.equalsIgnoreCase("allow")) |
| return AclEntryType.ALLOW; |
| if (typeString.equalsIgnoreCase("deny")) |
| return AclEntryType.DENY; |
| System.err.format("Invalid type '%s'\n", typeString); |
| System.exit(-1); |
| return null; // keep compiler happy |
| } |
| |
| /** |
| * Parse string of the form: |
| * [user|group:]<username|groupname>:<perms>[:flags]:<allow|deny> |
| */ |
| static AclEntry parseAceString(String s, |
| UserPrincipalLookupService lookupService) |
| { |
| String[] result = s.split(":"); |
| |
| // must have at least 3 components (username:perms:type) |
| if (result.length < 3) |
| usage(); |
| |
| int index = 0; |
| int remaining = result.length; |
| |
| // optional first component can indicate user or group type |
| boolean isGroup = false; |
| if (result[index].equalsIgnoreCase("user") || |
| result[index].equalsIgnoreCase("group")) |
| { |
| if (--remaining < 3) |
| usage(); |
| isGroup = result[index++].equalsIgnoreCase("group"); |
| } |
| |
| // user and permissions required |
| String userString = result[index++]; remaining--; |
| String permsString = result[index++]; remaining--; |
| |
| // flags are optional |
| String flagsString = ""; |
| String typeString = null; |
| if (remaining == 1) { |
| typeString = result[index++]; |
| } else { |
| if (remaining == 2) { |
| flagsString = result[index++]; |
| typeString = result[index++]; |
| } else { |
| usage(); |
| } |
| } |
| |
| // lookup UserPrincipal |
| UserPrincipal user = null; |
| try { |
| user = (isGroup) ? |
| lookupService.lookupPrincipalByGroupName(userString) : |
| lookupService.lookupPrincipalByName(userString); |
| } catch (UserPrincipalNotFoundException x) { |
| System.err.format("Invalid %s '%s'\n", |
| ((isGroup) ? "group" : "user"), |
| userString); |
| System.exit(-1); |
| } catch (IOException x) { |
| System.err.format("Lookup of '%s' failed: %s\n", userString, x); |
| System.exit(-1); |
| } |
| |
| // map string representation of permissions, flags, and type |
| Set<AclEntryPermission> perms = parsePermissions(permsString); |
| Set<AclEntryFlag> flags = parseFlags(flagsString); |
| AclEntryType type = parseType(typeString); |
| |
| // build the ACL entry |
| return AclEntry.newBuilder() |
| .setType(type) |
| .setPrincipal(user) |
| .setPermissions(perms).setFlags(flags).build(); |
| } |
| |
| static void usage() { |
| System.err.println("usage: java AclEdit [ACL-operation] file"); |
| System.err.println(""); |
| System.err.println("Example 1: Prepends access control entry to the begining of the myfile's ACL"); |
| System.err.println(" java AclEdit A+alice:read_data/read_attributes:allow myfile"); |
| System.err.println(""); |
| System.err.println("Example 2: Remove the entry at index 6 of myfile's ACL"); |
| System.err.println(" java AclEdit A6- myfile"); |
| System.err.println(""); |
| System.err.println("Example 3: Replace the entry at index 2 of myfile's ACL"); |
| System.err.println(" java AclEdit A2=bob:write_data/append_data:deny myfile"); |
| System.exit(-1); |
| } |
| |
| static enum Action { |
| PRINT, |
| ADD, |
| REMOVE, |
| REPLACE; |
| } |
| |
| /** |
| * Main class: parses arguments and prints or edits ACL |
| */ |
| public static void main(String[] args) throws IOException { |
| Action action = null; |
| int index = -1; |
| String entryString = null; |
| |
| // parse arguments |
| if (args.length < 1 || args[0].equals("-help") || args[0].equals("-?")) |
| usage(); |
| |
| if (args.length == 1) { |
| action = Action.PRINT; |
| } else { |
| String s = args[0]; |
| |
| // A[index]+entry |
| if (Pattern.matches("^A[0-9]*\\+.*", s)) { |
| String[] result = s.split("\\+", 2); |
| if (result.length == 2) { |
| if (result[0].length() < 2) { |
| index = 0; |
| } else { |
| index = Integer.parseInt(result[0].substring(1)); |
| } |
| entryString = result[1]; |
| action = Action.ADD; |
| } |
| } |
| |
| // Aindex- |
| if (Pattern.matches("^A[0-9]+\\-", s)) { |
| String[] result = s.split("\\-", 2); |
| if (result.length == 2) { |
| index = Integer.parseInt(result[0].substring(1)); |
| entryString = result[1]; |
| action = Action.REMOVE; |
| } |
| } |
| |
| // Aindex=entry |
| if (Pattern.matches("^A[0-9]+=.*", s)) { |
| String[] result = s.split("=", 2); |
| if (result.length == 2) { |
| index = Integer.parseInt(result[0].substring(1)); |
| entryString = result[1]; |
| action = Action.REPLACE; |
| } |
| } |
| } |
| if (action == null) |
| usage(); |
| |
| int fileArg = (action == Action.PRINT) ? 0 : 1; |
| Path file = Paths.get(args[fileArg]); |
| |
| // read file's ACL |
| AclFileAttributeView view = |
| Files.getFileAttributeView(file, AclFileAttributeView.class); |
| if (view == null) { |
| System.err.println("ACLs not supported on this platform"); |
| System.exit(-1); |
| } |
| List<AclEntry> acl = view.getAcl(); |
| |
| switch (action) { |
| // print ACL |
| case PRINT : { |
| for (int i=0; i<acl.size(); i++) { |
| System.out.format("%5d: %s\n", i, acl.get(i)); |
| } |
| break; |
| } |
| |
| // add ACE to existing ACL |
| case ADD: { |
| AclEntry entry = parseAceString(entryString, file |
| .getFileSystem().getUserPrincipalLookupService()); |
| if (index >= acl.size()) { |
| acl.add(entry); |
| } else { |
| acl.add(index, entry); |
| } |
| view.setAcl(acl); |
| break; |
| } |
| |
| // remove ACE |
| case REMOVE: { |
| if (index >= acl.size()) { |
| System.err.format("Index '%d' is invalid", index); |
| System.exit(-1); |
| } |
| acl.remove(index); |
| view.setAcl(acl); |
| break; |
| } |
| |
| // replace ACE |
| case REPLACE: { |
| if (index >= acl.size()) { |
| System.err.format("Index '%d' is invalid", index); |
| System.exit(-1); |
| } |
| AclEntry entry = parseAceString(entryString, file |
| .getFileSystem().getUserPrincipalLookupService()); |
| acl.set(index, entry); |
| view.setAcl(acl); |
| break; |
| } |
| } |
| } |
| } |
