private static void checkWritePermission(FSPermissionChecker pc, CachePool pool) throws AccessControlException { if ((pc != null)) { pc.checkPermission(pool, FsAction.WRITE); } }
@VisibleForTesting FSPermissionChecker getPermissionChecker(String fsOwner, String superGroup, UserGroupInformation ugi) throws AccessControlException { return new FSPermissionChecker( fsOwner, superGroup, ugi, getUserFilteredAttributeProvider(ugi)); }
checkTraverse(inodeAttrs, inodes, components, ancestorIndex); } catch (UnresolvedPathException | ParentNotDirectoryException ex) { if (parentAccess != null && parentAccess.implies(FsAction.WRITE) && inodeAttrs.length > 1 && last != null) { checkStickyBit(inodeAttrs, components, inodeAttrs.length - 2); check(inodeAttrs, components, ancestorIndex, ancestorAccess); check(inodeAttrs, components, inodeAttrs.length - 2, parentAccess); check(inodeAttrs, components, inodeAttrs.length - 1, access); checkSubAccess(components, inodeAttrs.length - 1, rawLast, snapshotId, subAccess, ignoreEmptyDir); checkOwner(inodeAttrs, components, inodeAttrs.length - 1);
/** Guarded by {@link FSNamesystem#readLock()} * @throws AccessControlException * @throws ParentNotDirectoryException * @throws UnresolvedPathException */ private void checkTraverse(INodeAttributes[] inodeAttrs, INode[] inodes, byte[][] components, int last) throws AccessControlException, UnresolvedPathException, ParentNotDirectoryException { for (int i=0; i <= last; i++) { checkIsDirectory(inodes[i], components, i); check(inodeAttrs, components, i, FsAction.EXECUTE); } }
void checkPermission(INodeDirectory inode, int snapshotId, FsAction access) throws AccessControlException { if (dir != null && dir.isPermissionEnabled() && pc != null && !pc.isSuperUser()) { pc.checkPermission(inode, snapshotId, access); } } }
void checkSuperuserPrivilege(FSPermissionChecker pc) throws AccessControlException { if (isPermissionEnabled) { pc.checkSuperuserPrivilege(); } }
UnresolvedPathException, ParentNotDirectoryException { try { if (pc == null || pc.isSuperUser()) { checkSimpleTraverse(iip); } else { pc.checkPermission(iip, false, null, null, null, null, false); checkNotSymlink(iip.getINode(last), iip.getPathComponents(), last);
final byte[][] components = inodesInPath.getPathComponents(); for (int i = 0; i < inodes.length && inodes[i] != null; i++) { inodeAttrs[i] = getINodeAttrs(components, i, inodes[i], snapshotId); int ancestorIndex = inodes.length - 2; AccessControlEnforcer enforcer = getAccessControlEnforcer(); enforcer.checkPermission(fsOwner, supergroup, callerUgi, inodeAttrs, inodes, components, snapshotId, path, ancestorIndex, doCheckOwner,
throws AccessControlException { boolean permissionCheckFailed = false; FSPermissionChecker pc = new FSPermissionChecker( fsOwner.getUserName(), supergroup); if (!pc.isSuper) { readLock(); try { pc.checkPermission(path, inodes, doCheckOwner, ancestorAccess, parentAccess, access, subAccess); } catch (AccessControlException e) {
private void checkTraverse(INode[] inodes, int last ) throws AccessControlException { for(int j = 0; j <= last; j++) { check(inodes[j], FsAction.EXECUTE); } }
byte[][] localComponents = {inode.getLocalNameBytes()}; INodeAttributes[] iNodeAttr = {inode.getSnapshotINode(snapshotId)}; AccessControlEnforcer enforcer = getAccessControlEnforcer(); enforcer.checkPermission( fsOwner, supergroup, callerUgi, } catch (AccessControlException ace) { throw new AccessControlException( toAccessControlString(inode, inode.getFullPathName(), access));
void checkTraverse(FSPermissionChecker pc, INodesInPath iip, boolean resolveLink) throws AccessControlException, UnresolvedPathException, ParentNotDirectoryException { FSPermissionChecker.checkTraverse( isPermissionEnabled ? pc : null, iip, resolveLink); }
private INodeAttributes getINodeAttrs(byte[][] pathByNameArr, int pathIdx, INode inode, int snapshotId) { INodeAttributes inodeAttrs = inode.getSnapshotINode(snapshotId); if (getAttributesProvider() != null) { String[] elements = new String[pathIdx + 1]; /** * {@link INode#getPathComponents(String)} returns a null component * for the root only path "/". Assign an empty string if so. */ if (pathByNameArr.length == 1 && pathByNameArr[0] == null) { elements[0] = ""; } else { for (int i = 0; i < elements.length; i++) { elements[i] = DFSUtil.bytes2String(pathByNameArr[i]); } } inodeAttrs = getAttributesProvider().getAttributes(elements, inodeAttrs); } return inodeAttrs; }
/** * Check whether current user have permissions to access the path. For more * details of the parameters, see * {@link FSPermissionChecker#checkPermission}. */ void checkPermission(FSPermissionChecker pc, INodesInPath iip, boolean doCheckOwner, FsAction ancestorAccess, FsAction parentAccess, FsAction access, FsAction subAccess, boolean ignoreEmptyDir) throws AccessControlException { if (!pc.isSuperUser()) { readLock(); try { pc.checkPermission(iip, doCheckOwner, ancestorAccess, parentAccess, access, subAccess, ignoreEmptyDir); } finally { readUnlock(); } } }
void checkSuperuserPrivilege() throws AccessControlException { if (isPermissionEnabled) { FSPermissionChecker pc = getPermissionChecker(); pc.checkSuperuserPrivilege(); } }
final byte[][] components = inodesInPath.getPathComponents(); for (int i = 0; i < inodes.length && inodes[i] != null; i++) { inodeAttrs[i] = getINodeAttrs(components, i, inodes[i], snapshotId); int ancestorIndex = inodes.length - 2; AccessControlEnforcer enforcer = getAccessControlEnforcer(); enforcer.checkPermission(fsOwner, supergroup, callerUgi, inodeAttrs, inodes, components, snapshotId, path, ancestorIndex, doCheckOwner,
private void check(INode[] inodes, int i, FsAction access ) throws AccessControlException { check(i >= 0? inodes[i]: null, access); }
private INodeAttributes getINodeAttrs(byte[][] pathByNameArr, int pathIdx, INode inode, int snapshotId) { INodeAttributes inodeAttrs = inode.getSnapshotINode(snapshotId); if (getAttributesProvider() != null) { String[] elements = new String[pathIdx + 1]; for (int i = 0; i < elements.length; i++) { elements[i] = DFSUtil.bytes2String(pathByNameArr[i]); } inodeAttrs = getAttributesProvider().getAttributes(elements, inodeAttrs); } return inodeAttrs; }
ancestorIndex--); checkTraverse(inodeAttrs, ancestorIndex); checkStickyBit(inodeAttrs, inodeAttrs.length - 2); check(inodeAttrs, ancestorIndex, ancestorAccess); check(inodeAttrs, inodeAttrs.length - 2, parentAccess); check(inodeAttrs, inodeAttrs.length - 1, access); checkSubAccess(components, inodeAttrs.length - 1, rawLast, snapshotId, subAccess, ignoreEmptyDir); checkOwner(inodeAttrs, inodeAttrs.length - 1);
if (pc != null) { try { pc.checkPermission(curDirective.getPool(), FsAction.READ); } catch (AccessControlException e) { hasPermission = false;