void checkPermission(INodeDirectory inode, int snapshotId, FsAction access) throws AccessControlException { if (dir != null && dir.isPermissionEnabled() && pc != null && !pc.isSuperUser()) { pc.checkPermission(inode, snapshotId, access); } } }
static INodesInPath resolvePathForStartFile(FSDirectory dir, FSPermissionChecker pc, String src, EnumSet<CreateFlag> flag, boolean createParent) throws IOException { INodesInPath iip = dir.resolvePath(pc, src, DirOp.CREATE); if (dir.isPermissionEnabled()) { dir.checkAncestorAccess(pc, iip, FsAction.WRITE); } INode inode = iip.getLastINode(); if (inode != null) { // Verify that the destination does not exist as a directory already. if (inode.isDirectory()) { throw new FileAlreadyExistsException(iip.getPath() + " already exists as a directory"); } // Verifies it's indeed a file and perms allow overwrite INodeFile.valueOf(inode, src); if (dir.isPermissionEnabled() && flag.contains(CreateFlag.OVERWRITE)) { dir.checkPathAccess(pc, iip, FsAction.WRITE); } } else { if (!createParent) { dir.verifyParentDir(iip); } if (!flag.contains(CreateFlag.CREATE)) { throw new FileNotFoundException("Can't overwrite non-existent " + src); } } return iip; }
static FileStatus concat(FSDirectory fsd, FSPermissionChecker pc, String target, String[] srcs, boolean logRetryCache) throws IOException { validatePath(target, srcs); assert srcs != null; if (FSDirectory.LOG.isDebugEnabled()) { FSDirectory.LOG.debug("concat {} to {}", Arrays.toString(srcs), target); } final INodesInPath targetIIP = fsd.resolvePath(pc, target, DirOp.WRITE); // write permission for the target if (fsd.isPermissionEnabled()) { fsd.checkPathAccess(pc, targetIIP, FsAction.WRITE); } // check the target verifyTargetFile(fsd, target, targetIIP); // check the srcs INodeFile[] srcFiles = verifySrcFiles(fsd, srcs, targetIIP, pc); if(NameNode.stateChangeLog.isDebugEnabled()) { NameNode.stateChangeLog.debug("DIR* NameSystem.concat: " + Arrays.toString(srcs) + " to " + target); } long timestamp = now(); fsd.writeLock(); try { unprotectedConcat(fsd, targetIIP, srcFiles, timestamp); } finally { fsd.writeUnlock(); } fsd.getEditLog().logConcat(target, srcs, timestamp, logRetryCache); return fsd.getAuditFileInfo(targetIIP); }
static List<XAttr> listXAttrs( FSDirectory fsd, FSPermissionChecker pc, String src) throws IOException { FSDirXAttrOp.checkXAttrsConfigFlag(fsd); final boolean isRawPath = FSDirectory.isReservedRawName(src); final INodesInPath iip = fsd.resolvePath(pc, src, DirOp.READ); if (fsd.isPermissionEnabled()) { fsd.checkPathAccess(pc, iip, FsAction.READ); } final List<XAttr> all = FSDirXAttrOp.getXAttrs(fsd, iip); return XAttrPermissionFilter. filterXAttrsForApi(pc, all, isRawPath); }
/** * Get the encryption zone for the specified path. * * @param fsd fsdirectory * @param srcArg the path of a file or directory to get the EZ for * @param pc permission checker to check fs permission * @return the EZ with file status. */ static Map.Entry<EncryptionZone, FileStatus> getEZForPath( final FSDirectory fsd, final String srcArg, final FSPermissionChecker pc) throws IOException { final INodesInPath iip; final EncryptionZone ret; fsd.readLock(); try { iip = fsd.resolvePath(pc, srcArg, DirOp.READ); if (fsd.isPermissionEnabled()) { fsd.checkPathAccess(pc, iip, FsAction.READ); } ret = fsd.ezManager.getEZINodeForPath(iip); } finally { fsd.readUnlock(); } FileStatus auditStat = fsd.getAuditFileInfo(iip); return new AbstractMap.SimpleImmutableEntry<>(ret, auditStat); }
static SnapshotDiffReport getSnapshotDiffReport(FSDirectory fsd, FSPermissionChecker pc, SnapshotManager snapshotManager, String path, String fromSnapshot, String toSnapshot) throws IOException { SnapshotDiffReport diffs; fsd.readLock(); try { INodesInPath iip = fsd.resolvePath(pc, path, DirOp.READ); if (fsd.isPermissionEnabled()) { checkSubtreeReadPermission(fsd, pc, path, fromSnapshot); checkSubtreeReadPermission(fsd, pc, path, toSnapshot); } diffs = snapshotManager.diff(iip, path, fromSnapshot, toSnapshot); } finally { fsd.readUnlock(); } return diffs; }
static BlockStoragePolicy getStoragePolicy(FSDirectory fsd, FSPermissionChecker pc, BlockManager bm, String path) throws IOException { fsd.readLock(); try { final INodesInPath iip = fsd.resolvePath(pc, path, DirOp.READ_LINK); if (fsd.isPermissionEnabled()) { fsd.checkPathAccess(pc, iip, FsAction.READ); } INode inode = iip.getLastINode(); if (inode == null) { throw new FileNotFoundException("File/Directory does not exist: " + iip.getPath()); } return bm.getStoragePolicy(inode.getStoragePolicyID()); } finally { fsd.readUnlock(); } }
static QuotaUsage getQuotaUsage( FSDirectory fsd, FSPermissionChecker pc, String src) throws IOException { final INodesInPath iip; fsd.readLock(); try { iip = fsd.resolvePath(pc, src, DirOp.READ_LINK); if (fsd.isPermissionEnabled()) { fsd.checkPermission(pc, iip, false, null, null, null, FsAction.READ_EXECUTE); } } finally { fsd.readUnlock(); } QuotaUsage usage = getQuotaUsageInt(fsd, iip); if (usage != null) { return usage; } else { //If quota isn't set, fall back to getContentSummary. return getContentSummaryInt(fsd, pc, iip); } }
static FileStatus setStoragePolicy(FSDirectory fsd, FSPermissionChecker pc, BlockManager bm, String src, final byte policyId, final String operation) throws IOException { if (!fsd.isStoragePolicyEnabled()) { throw new IOException(String.format( "Failed to %s storage policy since %s is set to false.", operation, DFS_STORAGE_POLICY_ENABLED_KEY)); } INodesInPath iip; fsd.writeLock(); try { iip = fsd.resolvePath(pc, src, DirOp.WRITE); if (fsd.isPermissionEnabled()) { fsd.checkPathAccess(pc, iip, FsAction.WRITE); } unprotectedSetStoragePolicy(fsd, bm, iip, policyId); fsd.getEditLog().logSetStoragePolicy(iip.getPath(), policyId); } finally { fsd.writeUnlock(); } return fsd.getAuditFileInfo(iip); }
static SnapshotDiffReportListing getSnapshotDiffReportListing(FSDirectory fsd, FSPermissionChecker pc, SnapshotManager snapshotManager, String path, String fromSnapshot, String toSnapshot, byte[] startPath, int index, int snapshotDiffReportLimit) throws IOException { SnapshotDiffReportListing diffs; fsd.readLock(); try { INodesInPath iip = fsd.resolvePath(pc, path, DirOp.READ); if (fsd.isPermissionEnabled()) { checkSubtreeReadPermission(fsd, pc, path, fromSnapshot); checkSubtreeReadPermission(fsd, pc, path, toSnapshot); } diffs = snapshotManager .diff(iip, path, fromSnapshot, toSnapshot, startPath, index, snapshotDiffReportLimit); } catch (Exception e) { throw e; } finally { fsd.readUnlock(); } return diffs; } /** Get a collection of full snapshot paths given file and snapshot dir.
private static void checkXAttrChangeAccess( FSDirectory fsd, INodesInPath iip, XAttr xAttr, FSPermissionChecker pc) throws AccessControlException, FileNotFoundException { if (fsd.isPermissionEnabled() && xAttr.getNameSpace() == XAttr.NameSpace .USER) { final INode inode = iip.getLastINode(); if (inode != null && inode.isDirectory() && inode.getFsPermission().getStickyBit()) { if (!pc.isSuperUser()) { fsd.checkOwner(pc, iip); } } else { fsd.checkPathAccess(pc, iip, FsAction.WRITE); } } }
INodesInPath srcIIP, INodesInPath dstIIP, boolean logRetryCache) throws IOException { if (fsd.isPermissionEnabled()) {
static void renameSnapshot(FSDirectory fsd, FSPermissionChecker pc, SnapshotManager snapshotManager, String path, String snapshotOldName, String snapshotNewName, boolean logRetryCache) throws IOException { final INodesInPath iip = fsd.resolvePath(pc, path, DirOp.WRITE); if (fsd.isPermissionEnabled()) { fsd.checkOwner(pc, iip); } verifySnapshotName(fsd, snapshotNewName, path); fsd.writeLock(); try { snapshotManager.renameSnapshot(iip, path, snapshotOldName, snapshotNewName); } finally { fsd.writeUnlock(); } fsd.getEditLog().logRenameSnapshot(path, snapshotOldName, snapshotNewName, logRetryCache); }
static FileStatus setTimes( FSDirectory fsd, FSPermissionChecker pc, String src, long mtime, long atime) throws IOException { INodesInPath iip; fsd.writeLock(); try { iip = fsd.resolvePath(pc, src, DirOp.WRITE); // Write access is required to set access and modification times if (fsd.isPermissionEnabled()) { fsd.checkPathAccess(pc, iip, FsAction.WRITE); } final INode inode = iip.getLastINode(); if (inode == null) { throw new FileNotFoundException("File/Directory " + iip.getPath() + " does not exist."); } boolean changed = unprotectedSetTimes(fsd, iip, mtime, atime, true); if (changed) { fsd.getEditLog().logTimes(iip.getPath(), mtime, atime); } } finally { fsd.writeUnlock(); } return fsd.getAuditFileInfo(iip); }
static boolean setReplication( FSDirectory fsd, FSPermissionChecker pc, BlockManager bm, String src, final short replication) throws IOException { bm.verifyReplication(src, replication, null); final boolean isFile; fsd.writeLock(); try { final INodesInPath iip = fsd.resolvePath(pc, src, DirOp.WRITE); if (fsd.isPermissionEnabled()) { fsd.checkPathAccess(pc, iip, FsAction.WRITE); } final BlockInfo[] blocks = unprotectedSetReplication(fsd, iip, replication); isFile = blocks != null; if (isFile) { fsd.getEditLog().logSetReplication(iip.getPath(), replication); } } finally { fsd.writeUnlock(); } return isFile; }
if (fsd.isPermissionEnabled()) { fsd.checkPermission(pc, iip, false, null, FsAction.WRITE, null, FsAction.ALL, true);
static DirectoryListing getListingInt(FSDirectory fsd, FSPermissionChecker pc, final String srcArg, byte[] startAfter, boolean needLocation) throws IOException { final INodesInPath iip = fsd.resolvePath(pc, srcArg, DirOp.READ); // Get file name when startAfter is an INodePath. This is not the // common case so avoid any unnecessary processing unless required. if (startAfter.length > 0 && startAfter[0] == Path.SEPARATOR_CHAR) { final String startAfterString = DFSUtil.bytes2String(startAfter); if (FSDirectory.isReservedName(startAfterString)) { try { byte[][] components = INode.getPathComponents(startAfterString); components = FSDirectory.resolveComponents(components, fsd); startAfter = components[components.length - 1]; } catch (IOException e) { // Possibly the inode is deleted throw new DirectoryListingStartAfterNotFoundException( "Can't find startAfter " + startAfterString); } } } boolean isSuperUser = true; if (fsd.isPermissionEnabled()) { if (iip.getLastINode() != null && iip.getLastINode().isDirectory()) { fsd.checkPathAccess(pc, iip, FsAction.READ_EXECUTE); } isSuperUser = pc.isSuperUser(); } return getListing(fsd, iip, startAfter, needLocation, isSuperUser); }
iip = fsd.resolvePath(pc, src, DirOp.WRITE_LINK); if (fsd.isPermissionEnabled()) { fsd.checkPathAccess(pc, iip, FsAction.WRITE);
iip = fsd.resolvePath(pc, src, DirOp.WRITE_LINK); if (fsd.isPermissionEnabled()) { fsd.checkPathAccess(pc, iip, FsAction.WRITE);
/** * Set the namespace, storagespace and typespace quota for a directory. * * Note: This does not support ".inodes" relative path. */ static void setQuota(FSDirectory fsd, FSPermissionChecker pc, String src, long nsQuota, long ssQuota, StorageType type) throws IOException { if (fsd.isPermissionEnabled()) { pc.checkSuperuserPrivilege(); } fsd.writeLock(); try { INodesInPath iip = fsd.resolvePath(pc, src, DirOp.WRITE); INodeDirectory changed = unprotectedSetQuota(fsd, iip, nsQuota, ssQuota, type); if (changed != null) { final QuotaCounts q = changed.getQuotaCounts(); if (type == null) { fsd.getEditLog().logSetQuota(src, q.getNameSpace(), q.getStorageSpace()); } else { fsd.getEditLog().logSetQuotaByStorageType( src, q.getTypeSpaces().get(type), type); } } } finally { fsd.writeUnlock(); } }