Commit e84212e3 authored by Tigran Mkrtchyan's avatar Tigran Mkrtchyan
Browse files

nfs: remote utility class to extract current user

Motivation:
the UnixUtils used by nfs client to extract curren user with the help of
reflection. As com.sun.security.auth.module.UnixSystem is a part of
official OpenJDK, there are no reasons to hide it usage.

Modification:
update nfs client to directly call
com.sun.security.auth.module.UnixSystem.

Result:
less magic in the code.

Acked-by: Paul Millar
Target: master
parent c9aedca6
Pipeline #467 passed with stage
in 1 minute and 16 seconds
...@@ -21,8 +21,9 @@ package org.dcache.nfs.v4.client; ...@@ -21,8 +21,9 @@ package org.dcache.nfs.v4.client;
import java.io.IOException; import java.io.IOException;
import java.net.InetAddress; import java.net.InetAddress;
import javax.security.auth.Subject; import java.util.Arrays;
import org.dcache.auth.Subjects;
import com.sun.security.auth.module.UnixSystem;
import org.dcache.nfs.v4.xdr.COMPOUND4args; import org.dcache.nfs.v4.xdr.COMPOUND4args;
import org.dcache.nfs.v4.xdr.COMPOUND4res; import org.dcache.nfs.v4.xdr.COMPOUND4res;
...@@ -34,8 +35,6 @@ import org.dcache.oncrpc4j.rpc.RpcAuthTypeUnix; ...@@ -34,8 +35,6 @@ import org.dcache.oncrpc4j.rpc.RpcAuthTypeUnix;
import org.dcache.oncrpc4j.rpc.RpcCall; import org.dcache.oncrpc4j.rpc.RpcCall;
import org.dcache.oncrpc4j.rpc.RpcTransport; import org.dcache.oncrpc4j.rpc.RpcTransport;
import org.dcache.oncrpc4j.xdr.XdrVoid; import org.dcache.oncrpc4j.xdr.XdrVoid;
import org.dcache.nfs.util.UnixUtils;
/** /**
* The class <code>nfs4_prot_NFS4_PROGRAM_Client</code> implements the client stub proxy * The class <code>nfs4_prot_NFS4_PROGRAM_Client</code> implements the client stub proxy
...@@ -74,14 +73,11 @@ public class nfs4_prot_NFS4_PROGRAM_Client { ...@@ -74,14 +73,11 @@ public class nfs4_prot_NFS4_PROGRAM_Client {
public nfs4_prot_NFS4_PROGRAM_Client(InetAddress host, int port, int protocol) public nfs4_prot_NFS4_PROGRAM_Client(InetAddress host, int port, int protocol)
throws OncRpcException, IOException { throws OncRpcException, IOException {
Subject currentUser = UnixUtils.getCurrentUser(); UnixSystem currentUser = new UnixSystem();
if (currentUser == null) {
throw new IllegalStateException("unable to determine current unix user. please provide uid/gid explicitly");
}
int uid = (int)Subjects.getUid(currentUser); int uid = (int)currentUser.getUid();
int gid = (int)Subjects.getPrimaryGid(currentUser); int gid = (int)currentUser.getGid();
int[] gids = UnixUtils.toIntArray(Subjects.getGids(currentUser)); int[] gids = Arrays.stream(currentUser.getGroups()).mapToInt(Math::toIntExact).toArray();
rpcClient = new OncRpcClient(host, protocol, port); rpcClient = new OncRpcClient(host, protocol, port);
RpcTransport transport; RpcTransport transport;
......
/*
* Copyright (c) 2009 - 2020 Deutsches Elektronen-Synchroton,
* Member of the Helmholtz Association, (DESY), HAMBURG, GERMANY
*
* This library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Library General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public
* License along with this program (see the file COPYING.LIB for more
* details); if not, write to the Free Software Foundation, Inc.,
* 675 Mass Ave, Cambridge, MA 02139, USA.
*/
package org.dcache.nfs.util;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import javax.security.auth.Subject;
import org.dcache.auth.GidPrincipal;
import org.dcache.auth.UidPrincipal;
public class UnixUtils {
private static final Logger _log = LoggerFactory.getLogger(UnixUtils.class);
/**
* attempts to get the current user, if running on a compatible OS/jre
* @return the current UnixUser, or null
*/
public static Subject getCurrentUser() {
try {
Class<?> unixSystemClass = Class.forName("com.sun.security.auth.module.UnixSystem");
Object unixSystemInstance = unixSystemClass.getDeclaredConstructor().newInstance();
Method getUidMethod = unixSystemClass.getDeclaredMethod("getUid");
Method getGidMethod = unixSystemClass.getDeclaredMethod("getGid");
Method getGroupsMethod = unixSystemClass.getDeclaredMethod("getGroups");
Subject subject = new Subject();
subject.getPrincipals().add(new UidPrincipal((Long) getUidMethod.invoke(unixSystemInstance)) );
subject.getPrincipals().add(new GidPrincipal((Long) getGidMethod.invoke(unixSystemInstance), true));
long[] groups = (long[]) getGroupsMethod.invoke(unixSystemInstance);
for (long gid: groups) {
subject.getPrincipals().add(new GidPrincipal(gid, false));
}
return subject;
} catch (IllegalAccessException |
ClassNotFoundException | InvocationTargetException |
NoSuchMethodException | InstantiationException e) {
_log.debug("couldn't get current unix user",e);
return null;
}
}
public static int[] toIntArray(long[] longArray) {
int[] intArray = new int[longArray.length];
for (int i = 0; i < longArray.length; i++) {
intArray[i] = (int) longArray[i];
}
return intArray;
}
}
/*
* Copyright (c) 2009 - 2020 Deutsches Elektronen-Synchroton,
* Member of the Helmholtz Association, (DESY), HAMBURG, GERMANY
*
* This library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Library General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public
* License along with this program (see the file COPYING.LIB for more
* details); if not, write to the Free Software Foundation, Inc.,
* 675 Mass Ave, Cambridge, MA 02139, USA.
*/
package org.dcache.nfs.util;
import org.junit.Assert;
import org.junit.Test;
import java.util.Locale;
import javax.security.auth.Subject;
public class UnixUtilsTest {
@Test
public void testGetCurrentUser() {
String osName = System.getProperty("os.name");
boolean isWindows = osName.toLowerCase(Locale.ROOT).contains("windows");
Subject currentUser = UnixUtils.getCurrentUser();
if (isWindows) {
Assert.assertNull(currentUser);
} else {
Assert.assertNotNull(currentUser);
}
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment