List<AclEntry> featureEntries = getEntriesFromAclFeature(parent .getAclFeature()); ScopedAclEntries scopedEntries = new ScopedAclEntries(featureEntries); if (!AclUtil.isMinimalAcl(accessEntries) || !defaultEntries.isEmpty()) { child.addAclFeature(createAclFeature(accessEntries, defaultEntries)); newPerm = createFsPermissionForExtendedAcl(accessEntries, childPerm); } else { newPerm = createFsPermissionForMinimalAcl(accessEntries, childPerm);
static List<AclEntry> unprotectedSetAcl(FSDirectory fsd, INodesInPath iip, List<AclEntry> aclSpec, boolean fromEdits) throws IOException { assert fsd.hasWriteLock(); // ACL removal is logged to edits as OP_SET_ACL with an empty list. if (aclSpec.isEmpty()) { unprotectedRemoveAcl(fsd, iip); return AclFeature.EMPTY_ENTRY_LIST; } INode inode = FSDirectory.resolveLastINode(iip); int snapshotId = iip.getLatestSnapshotId(); List<AclEntry> newAcl = aclSpec; if (!fromEdits) { List<AclEntry> existingAcl = AclStorage.readINodeLogicalAcl(inode); newAcl = AclTransformation.replaceAclEntries(existingAcl, aclSpec); } AclStorage.updateINodeAcl(inode, newAcl, snapshotId); return newAcl; }
SnapshotCopy(byte[] name, PermissionStatus permissions, AclFeature aclFeature, long modificationTime, long accessTime, XAttrFeature xAttrFeature) { this.name = name; this.permission = PermissionStatusFormat.toLong(permissions); if (aclFeature != null) { aclFeature = AclStorage.addAclFeature(aclFeature); } this.aclFeature = aclFeature; this.modificationTime = modificationTime; this.accessTime = accessTime; this.xAttrFeature = xAttrFeature; }
inode.removeAclFeature(snapshotId); inode.addAclFeature(createAclFeature(accessEntries, defaultEntries), snapshotId); newPerm = createFsPermissionForExtendedAcl(accessEntries, perm); } else { inode.removeAclFeature(snapshotId); newPerm = createFsPermissionForMinimalAcl(newAcl, perm);
/** * Reads the existing extended ACL entries of an INodeAttribute object. * * @param inodeAttr INode to read * @return List<AclEntry> containing extended inode ACL entries */ public static List<AclEntry> readINodeAcl(INodeAttributes inodeAttr) { AclFeature f = inodeAttr.getAclFeature(); return getEntriesFromAclFeature(f); }
public void removeAclFeature() { AclFeature f = getAclFeature(); Preconditions.checkNotNull(f); removeFeature(f); AclStorage.removeAclFeature(f); }
if (iip != null) { if (aclEntries != null) { AclStorage.updateINodeAcl(newNode, aclEntries, CURRENT_STATE_ID);
/** * Add create directory record to edit log */ public void logMkDir(String path, INode newNode) { PermissionStatus permissions = newNode.getPermissionStatus(); MkdirOp op = MkdirOp.getInstance(cache.get()) .setInodeId(newNode.getId()) .setPath(path) .setTimestamp(newNode.getModificationTime()) .setPermissionStatus(permissions); AclFeature f = newNode.getAclFeature(); if (f != null) { op.setAclEntries(AclStorage.readINodeLogicalAcl(newNode)); } XAttrFeature x = newNode.getXAttrFeature(); if (x != null) { op.setXAttrs(x.getXAttrs()); } logEdit(op); }
static AclStatus getAclStatus( FSDirectory fsd, FSPermissionChecker pc, String src) throws IOException { checkAclsConfigFlag(fsd); fsd.readLock(); try { INodesInPath iip = fsd.resolvePath(pc, src, DirOp.READ); // There is no real inode for the path ending in ".snapshot", so return a // non-null, unpopulated AclStatus. This is similar to getFileInfo. if (iip.isDotSnapshotDir() && fsd.getINode4DotSnapshot(iip) != null) { return new AclStatus.Builder().owner("").group("").build(); } INode inode = FSDirectory.resolveLastINode(iip); int snapshotId = iip.getPathSnapshotId(); List<AclEntry> acl = AclStorage.readINodeAcl(fsd.getAttributes(iip)); FsPermission fsPermission = inode.getFsPermission(snapshotId); return new AclStatus.Builder() .owner(inode.getUserName()).group(inode.getGroupName()) .stickyBit(fsPermission.getStickyBit()) .setPermission(fsPermission) .addEntries(acl).build(); } catch (AclException e){ throw new AclException(e.getMessage() + " Path: " + src, e); } finally { fsd.readUnlock(); } }
if (!AclStorage.copyINodeDefaultAcl(child)) { if (LOG.isDebugEnabled()) { LOG.debug("{}: no parent default ACL to inherit", child); AclStorage.copyINodeDefaultAcl(child);
inode.removeAclFeature(snapshotId); inode.addAclFeature(createAclFeature(accessEntries, defaultEntries), snapshotId); newPerm = createFsPermissionForExtendedAcl(accessEntries, perm); } else { inode.removeAclFeature(snapshotId); newPerm = createFsPermissionForMinimalAcl(newAcl, perm);
/** * Reads the existing extended ACL entries of an inode. This method returns * only the extended ACL entries stored in the AclFeature. If the inode does * not have an ACL, then this method returns an empty list. This method * supports querying by snapshot ID. * * @param inode INode to read * @param snapshotId int ID of snapshot to read * @return List<AclEntry> containing extended inode ACL entries */ public static List<AclEntry> readINodeAcl(INode inode, int snapshotId) { AclFeature f = inode.getAclFeature(snapshotId); return getEntriesFromAclFeature(f); }
@Override void destroyDiffAndCollectBlocks( INode.ReclaimContext reclaimContext, INodeDirectory currentINode) { // this diff has been deleted diff.destroyDeletedList(reclaimContext); INodeDirectoryAttributes snapshotINode = getSnapshotINode(); if (snapshotINode != null && snapshotINode.getAclFeature() != null) { AclStorage.removeAclFeature(snapshotINode.getAclFeature()); } } }
/** * create a directory at path specified by parent */ private static INodesInPath unprotectedMkdir(FSDirectory fsd, long inodeId, INodesInPath parent, byte[] name, PermissionStatus permission, List<AclEntry> aclEntries, long timestamp) throws QuotaExceededException, AclException, FileAlreadyExistsException { assert fsd.hasWriteLock(); assert parent.getLastINode() != null; if (!parent.getLastINode().isDirectory()) { throw new FileAlreadyExistsException("Parent path is not a directory: " + parent.getPath() + " " + DFSUtil.bytes2String(name)); } final INodeDirectory dir = new INodeDirectory(inodeId, name, permission, timestamp); INodesInPath iip = fsd.addLastINode(parent, dir, permission.getPermission(), true); if (iip != null && aclEntries != null) { AclStorage.updateINodeAcl(dir, aclEntries, Snapshot.CURRENT_STATE_ID); } return iip; } }
op.setAclEntries(AclStorage.readINodeLogicalAcl(newNode));
static AclStatus getAclStatus( FSDirectory fsd, String src) throws IOException { checkAclsConfigFlag(fsd); FSPermissionChecker pc = fsd.getPermissionChecker(); fsd.readLock(); try { INodesInPath iip = fsd.resolvePath(pc, src); src = iip.getPath(); // There is no real inode for the path ending in ".snapshot", so return a // non-null, unpopulated AclStatus. This is similar to getFileInfo. if (iip.isDotSnapshotDir() && fsd.getINode4DotSnapshot(iip) != null) { return new AclStatus.Builder().owner("").group("").build(); } if (fsd.isPermissionEnabled()) { fsd.checkTraverse(pc, iip); } INode inode = FSDirectory.resolveLastINode(iip); int snapshotId = iip.getPathSnapshotId(); List<AclEntry> acl = AclStorage.readINodeAcl(fsd.getAttributes(src, inode.getLocalNameBytes(), inode, snapshotId)); FsPermission fsPermission = inode.getFsPermission(snapshotId); return new AclStatus.Builder() .owner(inode.getUserName()).group(inode.getGroupName()) .stickyBit(fsPermission.getStickyBit()) .setPermission(fsPermission) .addEntries(acl).build(); } finally { fsd.readUnlock(); } }
} else { if (!isRename) { AclStorage.copyINodeDefaultAcl(inode);
static FileStatus removeDefaultAcl(FSDirectory fsd, FSPermissionChecker pc, final String srcArg) throws IOException { String src = srcArg; checkAclsConfigFlag(fsd); INodesInPath iip; fsd.writeLock(); try { iip = fsd.resolvePath(pc, src, DirOp.WRITE); src = iip.getPath(); fsd.checkOwner(pc, iip); INode inode = FSDirectory.resolveLastINode(iip); int snapshotId = iip.getLatestSnapshotId(); List<AclEntry> existingAcl = AclStorage.readINodeLogicalAcl(inode); List<AclEntry> newAcl = AclTransformation.filterDefaultAclEntries( existingAcl); AclStorage.updateINodeAcl(inode, newAcl, snapshotId); fsd.getEditLog().logSetAcl(src, newAcl); } catch (AclException e){ throw new AclException(e.getMessage() + " Path: " + src, e); } finally { fsd.writeUnlock(); } return fsd.getAuditFileInfo(iip); }
List<AclEntry> featureEntries = getEntriesFromAclFeature(parent .getAclFeature()); ScopedAclEntries scopedEntries = new ScopedAclEntries(featureEntries); if (!AclUtil.isMinimalAcl(accessEntries) || !defaultEntries.isEmpty()) { child.addAclFeature(createAclFeature(accessEntries, defaultEntries)); newPerm = createFsPermissionForExtendedAcl(accessEntries, childPerm); } else { newPerm = createFsPermissionForMinimalAcl(accessEntries, childPerm);
inode.removeAclFeature(snapshotId); inode.addAclFeature(createAclFeature(accessEntries, defaultEntries), snapshotId); newPerm = createFsPermissionForExtendedAcl(accessEntries, perm); } else { inode.removeAclFeature(snapshotId); newPerm = createFsPermissionForMinimalAcl(newAcl, perm);