static final UserGroupInformation getCurrentUGI() { UserGroupInformation ugi = Server.getCurrentUGI(); if (ugi == null) ugi = UserGroupInformation.getCurrentUGI(); return ugi; }
@Override public void refreshQueueAcls() throws IOException{ LOG.info("Refreshing queue acls. requested by : " + UserGroupInformation.getCurrentUGI().getUserName()); this.queueManager.refreshAcls(new Configuration(this.conf)); }
private void checkAccess(JobInProgress job, QueueManager.QueueOperation oper) throws IOException { // get the user group info UserGroupInformation ugi = UserGroupInformation.getCurrentUGI(); checkAccess(job, oper, ugi); }
@Override public QueueAclsInfo[] getQueueAclsForCurrentUser() throws IOException{ return queueManager.getQueueAcls( UserGroupInformation.getCurrentUGI()); } private synchronized JobStatus[] getJobStatus(Collection<JobInProgress> jips,
/** * Allocates a new JobId string. */ public JobID getNewJobId() throws IOException { JobID id = new JobID(getTrackerIdentifier(), nextJobId.getAndIncrement()); // get the user group info UserGroupInformation ugi = UserGroupInformation.getCurrentUGI(); // mark the user for this id jobToUserMap.put(id, ugi.getUserName()); LOG.info("Job id " + id + " assigned to user " + ugi.getUserName()); return id; }
PermissionChecker(String fsOwner, String supergroup ) throws AccessControlException{ UserGroupInformation ugi = UserGroupInformation.getCurrentUGI(); if (LOG.isDebugEnabled()) { LOG.debug("ugi=" + ugi); } if (ugi != null) { user = ugi.getUserName(); groups.addAll(Arrays.asList(ugi.getGroupNames())); isSuper = user.equals(fsOwner) || groups.contains(supergroup); } else { throw new AccessControlException("ugi = null"); } }
PermissionChecker(String fsOwner, String supergroup ) throws AccessControlException{ UserGroupInformation ugi = UserGroupInformation.getCurrentUGI(); if (LOG.isDebugEnabled()) { LOG.debug("ugi=" + ugi); } if (ugi != null) { user = ugi.getUserName(); groups.addAll(Arrays.asList(ugi.getGroupNames())); isSuper = user.equals(fsOwner) || groups.contains(supergroup); } else { throw new AccessControlException("ugi = null"); } }
/** {@inheritDoc} */ public boolean mkdirs(String src, FsPermission masked) throws IOException { stateChangeLog.debug("*DIR* NameNode.mkdirs: " + src); if (!checkPathLength(src)) { throw new IOException("mkdirs: Pathname too long. Limit " + MAX_PATH_LENGTH + " characters, " + MAX_PATH_DEPTH + " levels."); } return namesystem.mkdirs(src, new PermissionStatus(UserGroupInformation.getCurrentUGI().getUserName(), null, masked)); }
/** * Checks if the caller has the required permission. * @param owner username of the owner * @param supergroup supergroup that the owner belongs to */ public PermissionChecker(String owner, String supergroup ) throws AccessControlException{ UserGroupInformation ugi = UserGroupInformation.getCurrentUGI(); if (LOG.isDebugEnabled()) { LOG.debug("ugi=" + ugi); } if (ugi != null) { user = ugi.getUserName(); groups.addAll(Arrays.asList(ugi.getGroupNames())); isSuper = user.equals(owner) || groups.contains(supergroup); } else { throw new AccessControlException("ugi = null"); } }
@Override public Void run() throws Exception { try { for(Permission permission : permissions) { AccessController.checkPermission(permission); } } catch (AccessControlException ace) { LOG.info("Authorization failed for " + UserGroupInformation.getCurrentUGI(), ace); throw new AuthorizationException(ace); } return null; } }
/** * Get block locations within the specified range. * @see ClientProtocol#getBlockLocations(String, long, long) */ public LocatedBlocks getBlockLocations(String src, long offset, long length, boolean doAccessTime) throws IOException { if (offset < 0) { throw new IOException("Negative offset is not supported. File: " + src ); } if (length < 0) { throw new IOException("Negative length is not supported. File: " + src ); } final LocatedBlocks ret = getBlockLocationsInternal(src, dir.getFileINode(src), offset, length, Integer.MAX_VALUE, doAccessTime); if (auditLog.isInfoEnabled()) { logAuditEvent(UserGroupInformation.getCurrentUGI(), Server.getRemoteIp(), "open", src, null, null); } return ret; }
private void checkAccess(JobInProgress job, QueueManager.QueueOperation oper) throws IOException { // get the user group info UserGroupInformation ugi = UserGroupInformation.getCurrentUGI(); // get the queue String queue = job.getProfile().getQueueName(); if (!queueManager.hasAccess(queue, job, oper, ugi)) { throw new AccessControlException("User " + ugi.getUserName() + " cannot perform " + "operation " + oper + " on queue " + queue); } }
/** {@inheritDoc} */ public void create(String src, FsPermission masked, String clientName, boolean overwrite, short replication, long blockSize ) throws IOException { String clientMachine = getClientMachine(); if (stateChangeLog.isDebugEnabled()) { stateChangeLog.debug("*DIR* NameNode.create: file " +src+" for "+clientName+" at "+clientMachine); } if (!checkPathLength(src)) { throw new IOException("create: Pathname too long. Limit " + MAX_PATH_LENGTH + " characters, " + MAX_PATH_DEPTH + " levels."); } namesystem.startFile(src, new PermissionStatus(UserGroupInformation.getCurrentUGI().getUserName(), null, masked), clientName, clientMachine, overwrite, replication, blockSize); myMetrics.numFilesCreated.inc(); myMetrics.numCreateFileOps.inc(); }
/** * Remove the indicated filename from namespace. If the filename * is a directory (non empty) and recursive is set to false then throw exception. */ public boolean delete(String src, boolean recursive) throws IOException { if ((!recursive) && (!dir.isDirEmpty(src))) { throw new IOException(src + " is non empty"); } boolean status = deleteInternal(src, true, true); getEditLog().logSync(); if (status && auditLog.isInfoEnabled()) { logAuditEvent(UserGroupInformation.getCurrentUGI(), Server.getRemoteIp(), "delete", src, null, null); } return status; }
/** Change the indicated filename. */ public boolean renameTo(String src, String dst) throws IOException { boolean status = renameToInternal(src, dst); getEditLog().logSync(); if (status && auditLog.isInfoEnabled()) { final FileStatus stat = dir.getFileInfo(dst); logAuditEvent(UserGroupInformation.getCurrentUGI(), Server.getRemoteIp(), "rename", src, dst, stat); } return status; }
/** * stores the modification and access time for this inode. * The access time is precise upto an hour. The transaction, if needed, is * written to the edits log but is not flushed. */ public synchronized void setTimes(String src, long mtime, long atime) throws IOException { if (!isAccessTimeSupported() && atime != -1) { throw new IOException("Access time for hdfs is not configured. " + " Please set dfs.support.accessTime configuration parameter."); } // // The caller needs to have write access to set access & modification times. if (isPermissionEnabled) { checkPathAccess(src, FsAction.WRITE); } INodeFile inode = dir.getFileINode(src); if (inode != null) { dir.setTimes(src, inode, mtime, atime, true); if (auditLog.isInfoEnabled()) { final FileStatus stat = dir.getFileInfo(src); logAuditEvent(UserGroupInformation.getCurrentUGI(), Server.getRemoteIp(), "setTimes", src, null, stat); } } else { throw new FileNotFoundException("File " + src + " does not exist."); } }
/** * Create all the necessary directories */ public boolean mkdirs(String src, PermissionStatus permissions ) throws IOException { boolean status = mkdirsInternal(src, permissions); getEditLog().logSync(); if (status && auditLog.isInfoEnabled()) { final FileStatus stat = dir.getFileInfo(src); logAuditEvent(UserGroupInformation.getCurrentUGI(), Server.getRemoteIp(), "mkdirs", src, null, stat); } return status; }
/** * Get a listing of all files at 'src'. The Object[] array * exists so we can return file attributes (soon to be implemented) */ public FileStatus[] getListing(String src) throws IOException { if (isPermissionEnabled) { if (dir.isDir(src)) { checkPathAccess(src, FsAction.READ_EXECUTE); } else { checkTraverse(src); } } if (auditLog.isInfoEnabled()) { logAuditEvent(UserGroupInformation.getCurrentUGI(), Server.getRemoteIp(), "listStatus", src, null, null); } return dir.getListing(src); }
/** * Set permissions for an existing file. * @throws IOException */ public synchronized void setPermission(String src, FsPermission permission ) throws IOException { checkOwner(src); dir.setPermission(src, permission); getEditLog().logSync(); if (auditLog.isInfoEnabled()) { final FileStatus stat = dir.getFileInfo(src); logAuditEvent(UserGroupInformation.getCurrentUGI(), Server.getRemoteIp(), "setPermission", src, null, stat); } }
/** * Set owner for an existing file. * @throws IOException */ public synchronized void setOwner(String src, String username, String group ) throws IOException { PermissionChecker pc = checkOwner(src); if (!pc.isSuper) { if (username != null && !pc.user.equals(username)) { throw new AccessControlException("Non-super user cannot change owner."); } if (group != null && !pc.containsGroup(group)) { throw new AccessControlException("User does not belong to " + group + " ."); } } dir.setOwner(src, username, group); getEditLog().logSync(); if (auditLog.isInfoEnabled()) { final FileStatus stat = dir.getFileInfo(src); logAuditEvent(UserGroupInformation.getCurrentUGI(), Server.getRemoteIp(), "setOwner", src, null, stat); } }