ACL update issue - Githubissues

lmike-mnc commented 1 week ago

I've error during the test TestACLAccess.java

com/mindoo/domino/jna/NotesDatabase.java:

        acl.updateEntry("-Default-", "-Default-", defaultAccessLevel,  Collections.emptyList(), EnumSet.noneOf(AclFlag.class));
        acl.updateEntry("OtherDomainServers", null, AclLevel.NOACCESS, Collections.emptyList(), EnumSet.of(AclFlag.GROUP, AclFlag.SERVER));
// Error is Here
        acl.updateEntry(manager, null, AclLevel.MANAGER, Collections.emptyList(), EnumSet.noneOf(AclFlag.class));

while it trying get

public NotesACLEntry getEntry(String name) {
    LinkedHashMap<String,NotesACLEntry> entries = getEntries();

part of dump

Unhandled exception
Type=Segmentation error vmState=0x00000000
J9Generic_Signal_Number=00000004 ExceptionCode=c0000005 ExceptionAddress=585259ED ContextFlags=0001007f
Handler1=5C873D50 Handler2=5C795460 InaccessibleReadAddress=00002C33
EDI=0088E34F ESI=00002C33 EAX=00000001 EBX=222DE4D0
ECX=00000001 EDX=00000001
EIP=585259ED ESP=0088E320 EBP=0088E368 EFLAGS=00010202
GS=002B FS=0053 ES=002B DS=002B
Module=C:\Users\user1\AppData\Local\Temp\jna-111578566\jna1604782121388255234.dll
Module_base_address=58510000 Offset_in_DLL=000159ed
Target=2_90_20230810_716 (Windows 10 10.0 build 19045)
CPU=x86 (4 logical CPUs) (0x3f8e8b000 RAM)

test with notes ID for current user, server is down, test code on client this issue I've observed for temp Databae (after createTempDb in com/mindoo/domino/jna/test/BaseJNATestClass.java for , fakenames.nsf on local (ACL getting) - w/o error

Initializing Domino JNA
AutoGC - Added memory: NotesNamesList [handle=5, values=[CN=Mikhail Cholokov/O=LMIKE, Mikhail Cholokov, *, */O=LMIKE], privileged=[]]
AutoGC - Added object: NotesDatabase [handle=165, server=, filepath=C:\Users\user1\AppData\Local\Temp\jnatmp_5204291126435359216.nsf]
AutoGC - Added memory: com.mindoo.domino.jna.dxl.DXLImporter@ab580116
AutoGC - Added object: NotesNote [handle=6, noteid=286]
AutoGC - Removing object: class com.mindoo.domino.jna.NotesNote with handle=6
AutoGC - Added memory: NotesACL [handle=DHANDLE32 [handle=536 871 369], db=C:\Users\user1\AppData\Local\Temp\jnatmp_5204291126435359216.nsf]

lmike-mnc commented 1 week ago

dirty fix for NotesDatabase.createDatabase

        //write default acl entries, might lock us out
        NotesACL acl = db.getACL();
        LinkedHashMap<String, NotesACL.NotesACLEntry> entries = acl.getEntries();
        String name="-Default-";
        //write default acl entries, might lock us out
        if (entries.get(name)==null) acl.addEntry(name, defaultAccessLevel,  Collections.emptyList(), EnumSet.noneOf(AclFlag.class));
        name="OtherDomainServers";
        if (entries.get(name)==null)acl.addEntry("OtherDomainServers",AclLevel.NOACCESS, Collections.emptyList(), EnumSet.of(AclFlag.GROUP, AclFlag.SERVER));
        name=manager;
        if (entries.get(name)==null) acl.addEntry(name, AclLevel.MANAGER, Collections.emptyList(), EnumSet.of(AclFlag.PERSON));

        if (db.isRemote()) {
            name=db.getServer();
            if (entries.get(name)==null) {
                acl.addEntry(name, AclLevel.MANAGER, Collections.emptyList(), EnumSet.of(AclFlag.SERVER, AclFlag.ADMIN_SERVER));
                acl.setAdminServer(db.getServer());
            }
        }
        name="LocalDomainServers";
        if (entries.get(name)==null) acl.addEntry(name, AclLevel.MANAGER, Collections.emptyList(), EnumSet.of(AclFlag.GROUP, AclFlag.SERVER));

lmike-mnc commented 1 week ago

here code dump (w/o trc) jitdump.20241010.152219.5668.0004.dmp

javacore.20241010.152219.5668.0002.txt

klehmann commented 1 week ago

Hi! Thanks for the info and sorry for the late response. Too many things to work on and a cold. :-) So you are getting this error when reading the ACL of a newly created database? I already had some other issues there in the past. I think the design collection was missing back then. Creating new databases from scratch with valid content is incredibly hard.

lmike-mnc commented 1 week ago

Hi! Thanks for the info and sorry for the late response. Too many things to work on and a cold. :-) So you are getting this error when reading the ACL of a newly created database? I already had some other issues there in the past. I think the design collection was missing back then. Creating new databases from scratch with valid content is incredibly hard.

Hi Thanks for you reply I lauch tests from your repo public class TestACLAccess extends BaseJNATestClass More detailed test beginig changes does work

                withTempDb((db) -> {
                    System.out.println("Starting ACL modification");

                    NotesACL acl = db.getACL();
                    acl.addRole("[PolicyReader]");
                    acl.addRole("[NetCreator]");
                    NotesACLAccess aclEntry = acl.getEntry("cn=testuser123/o=mindoo");

but after add any entry to ACL

                    // role "NetCreator" will be converted to [NetCreator] by addEntry
                    acl.addEntry("Testuser123/Mindoo", AclLevel.DESIGNER, Arrays.asList("[PolicyReader]", "NetCreator"), EnumSet.noneOf(AclFlag.class));

                    aclEntry = acl.getEntry("cn=testuser123/o=mindoo");

it has crashed here

public LinkedHashMap<String,NotesACLEntry> getEntries() {
//....
        DHANDLE hAcl = getHandle();
        short result = NotesNativeAPI.get().ACLEnumEntries(hAcl.getByValue(), callback, null);
//...
}

lmike-mnc commented 1 week ago

I've tested with fakenames.nsf (not new) and the same crash here

                NotesDatabase fakeDb=getFakeNamesDb();
                NotesACL aclFake = fakeDb.getACL();
                aclFake.addEntry("Testuser123/Mindoo", AclLevel.DESIGNER, Arrays.asList("[PolicyReader]", "NetCreator"), EnumSet.noneOf(AclFlag.class));
//core dump here
                NotesACLAccess aclEntry = aclFake.getEntry("cn=testuser123/o=mindoo");

klehmann / domino-jna

ACL update issue #85