Skip to content
Permalink
Browse files

Set permission to certs to allow correct removing on win

  • Loading branch information
luipir committed Nov 10, 2017
1 parent 25ba361 commit 878ab41ad31fed5ad27a80b40578fafc327ab60e
Showing with 55 additions and 39 deletions.
  1. +35 −38 python/plugins/db_manager/db_plugins/postgis/connector.py
  2. +20 −1 src/providers/postgres/qgspostgresconn.cpp
@@ -26,7 +26,7 @@

from functools import cmp_to_key

from qgis.PyQt.QtCore import QRegExp
from qgis.PyQt.QtCore import QRegExp, QFile
from qgis.core import Qgis, QgsCredentials, QgsDataSourceUri

from ..connector import DBConnector
@@ -66,7 +66,8 @@ def __init__(self, uri):
try:
self.connection = psycopg2.connect(expandedConnInfo)
except self.connection_error_types() as e:
err = str(e)
# get credentials if cached or assking to the user no more than 3 times
err = unicode(e)
uri = self.uri()
conninfo = uri.connectionInfo(False)

@@ -88,44 +89,13 @@ def __init__(self, uri):
except self.connection_error_types() as e:
if i == 2:
raise ConnectionError(e)

err = str(e)
err = unicode(e)
finally:
# remove certs (if any) of the expanded connectionInfo
expandedUri = QgsDataSourceUri(newExpandedConnInfo)

sslCertFile = expandedUri.param("sslcert")
if sslCertFile:
sslCertFile = sslCertFile.replace("'", "")
os.remove(sslCertFile)

sslKeyFile = expandedUri.param("sslkey")
if sslKeyFile:
sslKeyFile = sslKeyFile.replace("'", "")
os.remove(sslKeyFile)

sslCAFile = expandedUri.param("sslrootcert")
if sslCAFile:
sslCAFile = sslCAFile.replace("'", "")
os.remove(sslCAFile)
# clear certs for each time trying to connect
self._clearSslTempCertsIfAny(newExpandedConnInfo)
finally:
# remove certs (if any) of the expanded connectionInfo
expandedUri = QgsDataSourceUri(expandedConnInfo)

sslCertFile = expandedUri.param("sslcert")
if sslCertFile:
sslCertFile = sslCertFile.replace("'", "")
os.remove(sslCertFile)

sslKeyFile = expandedUri.param("sslkey")
if sslKeyFile:
sslKeyFile = sslKeyFile.replace("'", "")
os.remove(sslKeyFile)

sslCAFile = expandedUri.param("sslrootcert")
if sslCAFile:
sslCAFile = sslCAFile.replace("'", "")
os.remove(sslCAFile)
# clear certs of the first connection try
self._clearSslTempCertsIfAny(expandedConnInfo)

self.connection.set_isolation_level(psycopg2.extensions.ISOLATION_LEVEL_AUTOCOMMIT)

@@ -141,6 +111,33 @@ def __init__(self, uri):
def _connectionInfo(self):
return str(self.uri().connectionInfo(True))

def _clearSslTempCertsIfAny(self, connectionInfo):
# remove certs (if any) of the connectionInfo
expandedUri = QgsDataSourceUri(connectionInfo)

def removeCert(certFile):
certFile = certFile.replace("'", "")
file = QFile(certFile)
# set permission to allow removing on Win.
# On linux and Mac if file is set with QFile::>ReadUser
# does not create problem removing certs
if not file.setPermissions(QFile.WriteOwner):
raise Exception('Cannot change permissions on {}: error code: {}'.format(file.fileName(), file.error()))
if not file.remove():
raise Exception('Cannot remove {}: error code: {}'.format(file.fileName(), file.error()))

sslCertFile = expandedUri.param("sslcert")
if sslCertFile:
removeCert(sslCertFile)

sslKeyFile = expandedUri.param("sslkey")
if sslKeyFile:
removeCert(sslKeyFile)

sslCAFile = expandedUri.param("sslrootcert")
if sslCAFile:
removeCert(sslCAFile)

def _checkSpatial(self):
""" check whether postgis_version is present in catalog """
c = self._execute(None, u"SELECT COUNT(*) FROM pg_proc WHERE proname = 'postgis_version'")
@@ -242,7 +242,26 @@ QgsPostgresConn::QgsPostgresConn( const QString &conninfo, bool readOnly, bool s
{
QString fileName = expandedUri.param( param );
fileName.remove( QStringLiteral( "'" ) );
QFile::remove( fileName );
QFile file( fileName );
// set minimal permission to allow removing on Win.
// On linux and Mac if file is set with QFile::>ReadUser
// does not create problem removin certs
if ( !file.setPermissions( QFile::WriteOwner ) )
{
QString errorMsg = tr( "Cannot set WriteOwner permission to cert: %0 to allow removing it" ).arg( file.fileName() );
PQfinish();
QgsMessageLog::logMessage( tr( "Client security failure" ) + '\n' + errorMsg, tr( "PostGIS" ) );
mRef = 0;
return;
}
if ( !file.remove() )
{
QString errorMsg = tr( "Cannot remove cert: %0" ).arg( file.fileName() );
PQfinish();
QgsMessageLog::logMessage( tr( "Client security failure" ) + '\n' + errorMsg, tr( "PostGIS" ) );
mRef = 0;
return;
}
}
}

0 comments on commit 878ab41

Please sign in to comment.
You can’t perform that action at this time.