Author: robbie
Date: Tue Oct 20 14:45:05 2009
New Revision: 827584
URL: http://svn.apache.org/viewvc?rev=827584&view=rev
Log:
QPID-2040: remove use of FileUtils.copyCheckedEx for security reasons, generate
new file in same filesystem as existing file to avoid copying between
filesystems
Modified:
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PlainPasswordFilePrincipalDatabase.java
Modified:
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PlainPasswordFilePrincipalDatabase.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PlainPasswordFilePrincipalDatabase.java?rev=827584&r1=827583&r2=827584&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PlainPasswordFilePrincipalDatabase.java
(original)
+++
qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/PlainPasswordFilePrincipalDatabase.java
Tue Oct 20 14:45:05 2009
@@ -26,7 +26,6 @@
import org.apache.qpid.server.security.auth.sasl.amqplain.AmqPlainInitialiser;
import org.apache.qpid.server.security.auth.sasl.crammd5.CRAMMD5Initialiser;
import org.apache.qpid.server.security.auth.sasl.plain.PlainInitialiser;
-import org.apache.qpid.util.FileUtils;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.AccountNotFoundException;
@@ -41,6 +40,7 @@
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
+import java.util.Random;
import java.util.concurrent.locks.ReentrantLock;
import java.util.regex.Pattern;
@@ -395,7 +395,15 @@
BufferedReader reader = null;
PrintStream writer = null;
- File tmp = File.createTempFile(_passwordFile.getName(), ".tmp");
+
+ Random r = new Random();
+ File tmp;
+ do
+ {
+ tmp = new File(_passwordFile.getPath() + r.nextInt() + ".tmp");
+ }
+ while(tmp.exists());
+
tmp.deleteOnExit();
try
@@ -479,30 +487,26 @@
old.delete();
}
- try
- {
- if(!_passwordFile.renameTo(old))
- {
- FileUtils.copyCheckedEx(_passwordFile, old);
- }
- }
- catch (IOException e)
+ if(!_passwordFile.renameTo(old))
{
- _logger.error("Could not backup the existing password file: "
+e);
- throw new IOException("Could not backup the existing password
file: " + e);
+ //unable to rename the existing file to the backup name
+ _logger.error("Could not backup the existing password file");
+ throw new IOException("Could not backup the existing password
file");
}
-
- try
+
+ if(!tmp.renameTo(_passwordFile))
{
- if(!tmp.renameTo(_passwordFile))
+ //failed to rename the new file to the required filename
+
+ if(!old.renameTo(_passwordFile))
{
- FileUtils.copyCheckedEx(tmp, _passwordFile);
+ //unable to return the backup to required filename
+ _logger.error("Could not rename the new password file into
place, and unable to restore original file");
+ throw new IOException("Could not rename the new password
file into place, and unable to restore original file");
}
- }
- catch (IOException e)
- {
- _logger.error("Could not copy the new password file into
place: " +e);
- throw new IOException("Could not copy the new password file
into place: " + e);
+
+ _logger.error("Could not rename the new password file into
place");
+ throw new IOException("Could not rename the new password file
into place");
}
}
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:commits-subscr...@qpid.apache.org
