I use SAF to access files on a USB key. Since Android 6 it is impossible to delete a file by the delete method of an object FileDocument. Why ?
Use DocumentFile.html#delete(). If that failed then please post exception or error message.
Also, did you send Intent with ACTION_OPEN_DOCUMENT or ACTION_OPEN_DOCMENT_TREE?
Depending on which action you're using you'll need to request at least Intent.FLAG_GRANT_WRITE_URI_PERMISSION, i.e.:
intent.addFlags(
Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION
| Intent.FLAG_GRANT_PREFIX_URI_PERMISSION
| Intent.FLAG_GRANT_READ_URI_PERMISSION
| Intent.FLAG_GRANT_WRITE_URI_PERMISSION
Related
I am not using real-time asterisk , But still astdb.sqlite3 contains entries of online peers with Reg.Contact information in SIP/registry/peer. key . I would like to store contact information of all peers as they come online in a separate persistent database. I need this for sending push notifications by fetching deviceID etc information in registration contact .
I tried to pull this information from astdb.sqlite3 but the entries are clearing off as soon as devices go offline .Though I am able to fetch the information with "sip show peer XXXX" in asterisk CLI , It is overburdened to fetch every time like this . Instead I want to save only Regcontact information for all the devices in a database ( without realtime) as the devices come online. The other way I tried to pull the information is using AMI event listener. But with AMI I don't see complete information like contact information It displays only below information
Event: PeerStatus
Privilege: system,all
SequenceNumber: 75
File: manager.c
Line: 1856
Func: manager_default_msg_cb
ChannelType: SIP
Peer: SIP/2030
PeerStatus: Reachable
Can someone suggest a better way to push Only Regcontact information to a database as the devices come online .
There are no mechanism like that in asterisk.
You can use kamailio or write patch similar to this one https://reviewboard.asterisk.org/r/4490/
It sounds like you have dynamic IPs for your endpoints, and you want a way to update a separate DB as soon as a device registers with an IP/port pair.
If you enable the security log, you will see all auth events, including the "SuccessfulAuth" event, which includes the RemoteAddress of the endpoint (including port and protocol).
Here is an example line:
[Jul 21 19:53:45] SECURITY[1342] res_security_log.c: SecurityEvent="SuccessfulAuth",EventTV="2020-07-21T19:53:45.182+0000",Severity="Informational",Service="SIP",EventVersion="1",AccountID="102",SessionID="0x7f41040132c0",LocalAddress="IPV4/UDP/10.0.0.200/5060",RemoteAddress="IPV4/UDP/10.0.0.75/5062",UsingPassword="1"
If all you're looking for is AccountID="102" and RemoteAddress="IPV4/UDP/10.0.0.75/5062", a very fast/cheap way to get it is to enable the security log, and use a script to tail it and update your DB as soon as the event occurs. I like to keep the security log on anyways for utilities like fail2ban. Just make sure your script is able to reopen the file each time it is rotated.
Edit:
By default the log is in /var/log/asterisk. To enable it, edit /etc/asterisk/logger.conf and un-comment (or create) the line under [logfiles] that says security => security.
I have an error when i start artifactory:
[art-exec-3] [ERROR] (o.j.s.c.EncryptionWrapperBase:185) - no matched algorithm and key for AES128 16uJT
[art-exec-3] [ERROR] (o.a.r.s.RepositoryServiceImpl:2626) - Failed to initialize remote repository '(name of maven repo)'. Repository will be blacked-out!
The context is:
I had a functional standalone artifactory.
I have deployed a HA artifactory on this
So with the same database and filestore
I have destroyed my standalone instance and create 2 instances for high availability.
And then i have the error above.
The artifactory service is up
i can request API but only GET, no possible changes like POST.
But no web interface reachable.
If i test a POST request:
{
"errors" : [ {
"status" : 500,
"message" : "Could not decrypt with artifactory key, due to: org.jfrog.security.crypto.KeyIdAlgCipherNotFound: no matched algorithm and key forAES128 16uJT"
} ]
It is obviously an AES128 artifactory_key problem.
But i know my artifactory_key (and my master_key) are good.
It's still the same like before HA, no reason it's different but maybe ... ?
so, what's wrong ?
Can artifactory_key change over time without my consent ?
How can i recover ?
In my database, i have a table named "configs" and artifactory_key is used to encrypt the config i think.
If i recover this table, maybe i can override ?
Except it's all encrypted, with the artifactory_key ? or the master_key ?
It's not usable as is.
Thanks to you
Is the artifactory.key in place and located at $ARTIFACTORY_HOME/etc/security/ of both nodes?
Based on the error message it seems as it fails to decrypt a string that contains "16uJT".
Can you search for this string in $ARTIFACTORY_HOME/etc/artifactory.config.latest.xml ?
In case it is, you may check what is the expected decrypted value of that entry and manually replace it. If you are not sure, you may try to leave this one blank for now and try to see if this helped.
In order to import the new config after the change, you will need to save the config as: "artifactory.config.import.xml" and then restart the server.
In case this doesn't help, kindly attach the full errors with possible stacktraces.
Thanks for your reply
The problem is: i have destroyed the old instance and recreate two new instances with HA licenses.
So i have an artifactory_key in $ARTIFACTORY_HOME/etc/security/ and it's the same on both instances. But apparently not the good one.
And the file $ARTIFACTORY_HOME/etc/artifactory.config.latest.xml is not the good one too, like instances are new.
It's a config by default, a void config.
There is no "16uJT" string.
That's why i ask if i can retrieve the good configuration directly in the database -> table "configs"
except it's encrypted, and i don't know how decrypt without a API request
Regards,
I have a Swift app that uses the Realm Object Server running remotely on a Linux server. Everything is working, including real-time sync.
Occasionally I want to inspect the contents of a local Realm file used by the iOS Simulator so I can do some debugging. When I browse here:
~/.../CoreSimulator/.../Documents/realm-object-server/<unique id>/
...and I try to open this file: realm%3A%2F%2F104%2E236%2E129%2E235%3A9080%2F%7E%2Fmyapp.realm
I get prompted with: Please enter a valid encryption key for this Realm file.
Where do I get this encryption key? I tried using the admin token from the server, but that doesn't appear to be working.
Also, can I turn off encryption everywhere? Or is it mandatory for any app using the Realm Object Server?
It is not possible to open the local version of a synced Realm file using the Browser (or anything else, for that matter). This is due to differing history types internally (but I won't go into that now). In order to inspect the contents of the Realm file, you have to open it using the previously defined syncURL. The browser will then download the file and show you the contents.
A few links on this topic:
https://github.com/realm/RealmTasks/issues/327
https://github.com/realm/realm-core/issues/2276
You may use old version of Realm Browser, please update it and check the result again.
Use Realm Studio instead which worked for me.
Here can download the file
byte[] key = new byte[64];
new SecureRandom().nextBytes(key);
String encryptionKey = byteArrayToHexString(key);
//encryptionKey is what you want byteArrayToHexString see
Log.d("test", "encryptionKey:"+encryptionKey);
byteArrayToHexString() method you can see:How to convert a byte array to a hex string in Java?
I want to create a send port that writes all messages going in and out of BizTalk to file.
My organization is using Splunk. Splunk will import data from the file directory to make sense of the various messages.
Is it possible to create filter in a send port that subscribes to "everything"? I could solve this by applying filter for each message type in my system. However, there is a lot of messages going back and forth and I'm wondering if there a simpler solution?
I'm using BizTalk 2013.
Yes, just filter on message type like you said, but rather than selecting = and specifying the message type, just select Exists. That will then match any message that has a message type.
EDIT:
As Johns-305 has pointed out if you have any messages that don't have a message type (e.g. pass through receive locations) you may want to pick BTS.MessageID as that will always exist for a message in the message box.
Following problem occurs in Microsoft Windows 7 Implementation of Qt 4.8.1:
A QLocalServer (named pipe) is waiting for clients to connect, and it is running as an server application that runs with administrative privileges (system service for example).
How is it possible to allow an non privileged QLocalSocket client to connect to that server? Connection attempts are always denied with error code 3 (QLocalSocket::SocketAccessError). Is there a solution?
Edit: As I found out, the solution is to change pipe security by allowing full access to "Everyone" Sid. The only problem here is, that a call to SetSecurityInfo always fails with "access denied" error.
First we have to obtain a pipe handle. Since the pipe is already created by Qt, we will open it with CreateNamedPipe.
HANDLE hPipe = CreateNamedPipe(
(const wchar_t *)_Server->fullServerName().utf16(), // pipe name
PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED, // read/write access
PIPE_TYPE_BYTE | // byte type pipe
PIPE_READMODE_BYTE | // byte-read mode
PIPE_WAIT, // blocking mode
PIPE_UNLIMITED_INSTANCES, // max. instances
0, // output buffer size
0, // input buffer size
3000, // client time-out
0 // Default Security
);
// Same call to open/create pipe as in qlocalserver_win.cpp
// Code here to add/change ACEs
if (SetSecurityInfo(hPipe, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION,
0, 0, NewAcl, 0) == ERROR_SUCCESS) {
// Success
}
Even if NewAcl is set to NULL the call fails. So what could cause that "access denied" error?
I know, it's a little to late now, but this may help other people with the same Problem. Please notice this solution only works, if the server is your application to.
If thats the case, simply call server.setSocketOptions(QLocalServer::WorldAccessOption); or one of the other values of QLocalServer::​SocketOption before you call listen.
I am not familiar with Qt and so don't know what security characteristics are created by default when you use QtLocalServer in this way. However, in general there are two distinct mechanisms which could be causing the "Access denied" error.
The first is the DACL (Discretionary Access Control List) associated with the pipe. This works the same way as DACLs on any securable object in Windows (c.f. file security). There has to be an access control entry (ACE) in the list which grants your client user the desired type of access to the pipe. As you correctly indicate, adding an ACE for the "EVERYONE" SID allowing read/write access would remove any DACL barrier confronting your client. However, note that the code which amends the DACL will have to have WRITE_DAC access to the pipe already, otherwise it will be unable to open a handle through which the DACL can be amended. Your code doesn't even request WRITE_DAC access in the call to CreateNamedPipe, so this is a further reason why your call to SetSecurityInfo is failing.
The second mechanism is the Mandatory Integrity Control mechanism introduced in Windows Vista and later versions. It is not clear from your description whether this is in play here, but in general a client process can never have write access to a securable resource which is associated with a lower integrity level than that of the resource. If that is the issue here (and since your title refers specifically to Windows 7, I guess it might be) the only solution is to change the Mandatory Integrity Label on the pipe to lower the pipe's integrity level to that of your client. To do that you need to have access to the first pipe handle opened by the server (this Q&A explains why) because the integrity label is a special ACE contained in the System Access Control List (SACL) of the pipe, which you need WRITE_OWNER premission to change. Whether it is at all feasible in Qt to get hold of this pipe handle is something I have no knowledge of.
I found a solution for the Qt problem. Since one can not use the handle created by CreateNamedPipe after calling QLocalServer::listen(), we can call CreateNamedPipe before Qt is doing it. If we call it with WRITE_DAC | FILE_FLAG_FIRST_PIPE_INSTANCE we can change anything.
Then we can change security settings as stated by Chris Dickson.