/// <exception cref="System.IO.IOException"/>
        private void TestRootReadableExecutableInternal(bool located)
        {
            // verify executable permission on root: cd /
            //
            NUnit.Framework.Assert.IsFalse("In root before cd", fsView.GetWorkingDirectory().
                                           IsRoot());
            fsView.SetWorkingDirectory(new Path("/"));
            Assert.True("Not in root dir after cd", fsView.GetWorkingDirectory
                            ().IsRoot());
            // verify readable
            //
            VerifyRootChildren(ListStatusInternal(located, fsView.GetWorkingDirectory()));
            // verify permissions
            //
            FileStatus   rootStatus = fsView.GetFileStatus(fsView.GetWorkingDirectory());
            FsPermission perms      = rootStatus.GetPermission();

            Assert.True("User-executable permission not set!", perms.GetUserAction
                            ().Implies(FsAction.Execute));
            Assert.True("User-readable permission not set!", perms.GetUserAction
                            ().Implies(FsAction.Read));
            Assert.True("Group-executable permission not set!", perms.GetGroupAction
                            ().Implies(FsAction.Execute));
            Assert.True("Group-readable permission not set!", perms.GetGroupAction
                            ().Implies(FsAction.Read));
            Assert.True("Other-executable permission not set!", perms.GetOtherAction
                            ().Implies(FsAction.Execute));
            Assert.True("Other-readable permission not set!", perms.GetOtherAction
                            ().Implies(FsAction.Read));
        }
Beispiel #2
0
        /// <summary>Whether a cache pool can be accessed by the current context</summary>
        /// <param name="pool">CachePool being accessed</param>
        /// <param name="access">type of action being performed on the cache pool</param>
        /// <exception cref="Org.Apache.Hadoop.Security.AccessControlException">if pool cannot be accessed
        ///     </exception>
        public virtual void CheckPermission(CachePool pool, FsAction access)
        {
            FsPermission mode = pool.GetMode();

            if (IsSuperUser())
            {
                return;
            }
            if (GetUser().Equals(pool.GetOwnerName()) && mode.GetUserAction().Implies(access))
            {
                return;
            }
            if (GetGroups().Contains(pool.GetGroupName()) && mode.GetGroupAction().Implies(access
                                                                                           ))
            {
                return;
            }
            if (mode.GetOtherAction().Implies(access))
            {
                return;
            }
            throw new AccessControlException("Permission denied while accessing pool " + pool
                                             .GetPoolName() + ": user " + GetUser() + " does not have " + access.ToString() +
                                             " permissions.");
        }
Beispiel #3
0
        /// <summary>
        /// Checks for a given path whether the Other permissions on it
        /// imply the permission in the passed FsAction
        /// </summary>
        /// <param name="fs"/>
        /// <param name="path"/>
        /// <param name="action"/>
        /// <returns>true if the path in the uri is visible to all, false otherwise</returns>
        /// <exception cref="System.IO.IOException"/>
        private static bool CheckPermissionOfOther(FileSystem fs, Path path, FsAction action
                                                   , LoadingCache <Path, Future <FileStatus> > statCache)
        {
            FileStatus   status      = GetFileStatus(fs, path, statCache);
            FsPermission perms       = status.GetPermission();
            FsAction     otherAction = perms.GetOtherAction();

            return(otherAction.Implies(action));
        }
        /// <summary>
        /// Checks for a given path whether the Other permissions on it
        /// imply the permission in the passed FsAction
        /// </summary>
        /// <param name="fs"/>
        /// <param name="path"/>
        /// <param name="action"/>
        /// <returns>true if the path in the uri is visible to all, false otherwise</returns>
        /// <exception cref="System.IO.IOException"/>
        private static bool CheckPermissionOfOther(FileSystem fs, Path path, FsAction action
                                                   , IDictionary <URI, FileStatus> statCache)
        {
            FileStatus   status      = GetFileStatus(fs, path.ToUri(), statCache);
            FsPermission perms       = status.GetPermission();
            FsAction     otherAction = perms.GetOtherAction();

            if (otherAction.Implies(action))
            {
                return(true);
            }
            return(false);
        }
Beispiel #5
0
        /// <exception cref="Org.Apache.Hadoop.Security.AccessControlException"/>
        private void Check(INodeAttributes inode, string path, FsAction access)
        {
            if (inode == null)
            {
                return;
            }
            FsPermission mode       = inode.GetFsPermission();
            AclFeature   aclFeature = inode.GetAclFeature();

            if (aclFeature != null)
            {
                // It's possible that the inode has a default ACL but no access ACL.
                int firstEntry = aclFeature.GetEntryAt(0);
                if (AclEntryStatusFormat.GetScope(firstEntry) == AclEntryScope.Access)
                {
                    CheckAccessAcl(inode, path, access, mode, aclFeature);
                    return;
                }
            }
            if (GetUser().Equals(inode.GetUserName()))
            {
                //user class
                if (mode.GetUserAction().Implies(access))
                {
                    return;
                }
            }
            else
            {
                if (GetGroups().Contains(inode.GetGroupName()))
                {
                    //group class
                    if (mode.GetGroupAction().Implies(access))
                    {
                        return;
                    }
                }
                else
                {
                    //other class
                    if (mode.GetOtherAction().Implies(access))
                    {
                        return;
                    }
                }
            }
            throw new AccessControlException(ToAccessControlString(inode, path, access, mode)
                                             );
        }
Beispiel #6
0
        /// <summary>Reads the existing ACL of an inode.</summary>
        /// <remarks>
        /// Reads the existing ACL of an inode.  This method always returns the full
        /// logical ACL of the inode after reading relevant data from the inode's
        /// <see cref="Org.Apache.Hadoop.FS.Permission.FsPermission"/>
        /// and
        /// <see cref="AclFeature"/>
        /// .  Note that every inode
        /// logically has an ACL, even if no ACL has been set explicitly.  If the inode
        /// does not have an extended ACL, then the result is a minimal ACL consising of
        /// exactly 3 entries that correspond to the owner, group and other permissions.
        /// This method always reads the inode's current state and does not support
        /// querying by snapshot ID.  This is because the method is intended to support
        /// ACL modification APIs, which always apply a delta on top of current state.
        /// </remarks>
        /// <param name="inode">INode to read</param>
        /// <returns>List<AclEntry> containing all logical inode ACL entries</returns>
        public static IList <AclEntry> ReadINodeLogicalAcl(INode inode)
        {
            FsPermission perm = inode.GetFsPermission();
            AclFeature   f    = inode.GetAclFeature();

            if (f == null)
            {
                return(AclUtil.GetMinimalAcl(perm));
            }
            IList <AclEntry> existingAcl;
            // Split ACL entries stored in the feature into access vs. default.
            IList <AclEntry> featureEntries = GetEntriesFromAclFeature(f);
            ScopedAclEntries scoped         = new ScopedAclEntries(featureEntries);
            IList <AclEntry> accessEntries  = scoped.GetAccessEntries();
            IList <AclEntry> defaultEntries = scoped.GetDefaultEntries();

            // Pre-allocate list size for the explicit entries stored in the feature
            // plus the 3 implicit entries (owner, group and other) from the permission
            // bits.
            existingAcl = Lists.NewArrayListWithCapacity(featureEntries.Count + 3);
            if (!accessEntries.IsEmpty())
            {
                // Add owner entry implied from user permission bits.
                existingAcl.AddItem(new AclEntry.Builder().SetScope(AclEntryScope.Access).SetType
                                        (AclEntryType.User).SetPermission(perm.GetUserAction()).Build());
                // Next add all named user and group entries taken from the feature.
                Sharpen.Collections.AddAll(existingAcl, accessEntries);
                // Add mask entry implied from group permission bits.
                existingAcl.AddItem(new AclEntry.Builder().SetScope(AclEntryScope.Access).SetType
                                        (AclEntryType.Mask).SetPermission(perm.GetGroupAction()).Build());
                // Add other entry implied from other permission bits.
                existingAcl.AddItem(new AclEntry.Builder().SetScope(AclEntryScope.Access).SetType
                                        (AclEntryType.Other).SetPermission(perm.GetOtherAction()).Build());
            }
            else
            {
                // It's possible that there is a default ACL but no access ACL. In this
                // case, add the minimal access ACL implied by the permission bits.
                Sharpen.Collections.AddAll(existingAcl, AclUtil.GetMinimalAcl(perm));
            }
            // Add all default entries after the access entries.
            Sharpen.Collections.AddAll(existingAcl, defaultEntries);
            // The above adds entries in the correct order, so no need to sort here.
            return(existingAcl);
        }
Beispiel #7
0
            /// <exception cref="System.IO.IOException"/>
            protected internal override void ProcessPath(PathData item)
            {
                @out.WriteLine("# file: " + item);
                @out.WriteLine("# owner: " + item.stat.GetOwner());
                @out.WriteLine("# group: " + item.stat.GetGroup());
                FsPermission perm = item.stat.GetPermission();

                if (perm.GetStickyBit())
                {
                    @out.WriteLine("# flags: --" + (perm.GetOtherAction().Implies(FsAction.Execute) ?
                                                    "t" : "T"));
                }
                AclStatus        aclStatus = item.fs.GetAclStatus(item.path);
                IList <AclEntry> entries   = perm.GetAclBit() ? aclStatus.GetEntries() : Collections
                                             .EmptyList <AclEntry>();
                ScopedAclEntries scopedEntries = new ScopedAclEntries(AclUtil.GetAclFromPermAndEntries
                                                                          (perm, entries));

                PrintAclEntriesForSingleScope(aclStatus, perm, scopedEntries.GetAccessEntries());
                PrintAclEntriesForSingleScope(aclStatus, perm, scopedEntries.GetDefaultEntries());
                @out.WriteLine();
            }
Beispiel #8
0
        /// <exception cref="System.IO.IOException"/>
        private static bool CheckPublicPermsForAll(FileSystem fs, FileStatus status, FsAction
                                                   dir, FsAction file)
        {
            FsPermission perms       = status.GetPermission();
            FsAction     otherAction = perms.GetOtherAction();

            if (status.IsDirectory())
            {
                if (!otherAction.Implies(dir))
                {
                    return(false);
                }
                foreach (FileStatus child in fs.ListStatus(status.GetPath()))
                {
                    if (!CheckPublicPermsForAll(fs, child, dir, file))
                    {
                        return(false);
                    }
                }
                return(true);
            }
            return(otherAction.Implies(file));
        }
Beispiel #9
0
        /// <exception cref="System.IO.IOException"/>
        private static void UnprotectedRemoveAcl(FSDirectory fsd, INodesInPath iip)
        {
            System.Diagnostics.Debug.Assert(fsd.HasWriteLock());
            INode      inode      = FSDirectory.ResolveLastINode(iip);
            int        snapshotId = iip.GetLatestSnapshotId();
            AclFeature f          = inode.GetAclFeature();

            if (f == null)
            {
                return;
            }
            FsPermission     perm           = inode.GetFsPermission();
            IList <AclEntry> featureEntries = AclStorage.GetEntriesFromAclFeature(f);

            if (featureEntries[0].GetScope() == AclEntryScope.Access)
            {
                // Restore group permissions from the feature's entry to permission
                // bits, overwriting the mask, which is not part of a minimal ACL.
                AclEntry groupEntryKey = new AclEntry.Builder().SetScope(AclEntryScope.Access).SetType
                                             (AclEntryType.Group).Build();
                int groupEntryIndex = Sharpen.Collections.BinarySearch(featureEntries, groupEntryKey
                                                                       , AclTransformation.AclEntryComparator);
                System.Diagnostics.Debug.Assert(groupEntryIndex >= 0);
                FsAction     groupPerm = featureEntries[groupEntryIndex].GetPermission();
                FsPermission newPerm   = new FsPermission(perm.GetUserAction(), groupPerm, perm.GetOtherAction
                                                              (), perm.GetStickyBit());
                inode.SetPermission(newPerm, snapshotId);
            }
            inode.RemoveAclFeature(snapshotId);
        }
Beispiel #10
0
        private static PermissionStatus AddImplicitUwx(PermissionStatus parentPerm, PermissionStatus
                                                       perm)
        {
            FsPermission p            = parentPerm.GetPermission();
            FsPermission ancestorPerm = new FsPermission(p.GetUserAction().Or(FsAction.WriteExecute
                                                                              ), p.GetGroupAction(), p.GetOtherAction());

            return(new PermissionStatus(perm.GetUserName(), perm.GetGroupName(), ancestorPerm
                                        ));
        }
Beispiel #11
0
        /// <summary>
        /// If a default ACL is defined on a parent directory, then copies that default
        /// ACL to a newly created child file or directory.
        /// </summary>
        /// <param name="child">INode newly created child</param>
        public static void CopyINodeDefaultAcl(INode child)
        {
            INodeDirectory parent           = child.GetParent();
            AclFeature     parentAclFeature = parent.GetAclFeature();

            if (parentAclFeature == null || !(child.IsFile() || child.IsDirectory()))
            {
                return;
            }
            // Split parent's entries into access vs. default.
            IList <AclEntry> featureEntries       = GetEntriesFromAclFeature(parent.GetAclFeature());
            ScopedAclEntries scopedEntries        = new ScopedAclEntries(featureEntries);
            IList <AclEntry> parentDefaultEntries = scopedEntries.GetDefaultEntries();

            // The parent may have an access ACL but no default ACL.  If so, exit.
            if (parentDefaultEntries.IsEmpty())
            {
                return;
            }
            // Pre-allocate list size for access entries to copy from parent.
            IList <AclEntry> accessEntries = Lists.NewArrayListWithCapacity(parentDefaultEntries
                                                                            .Count);
            FsPermission childPerm = child.GetFsPermission();
            // Copy each default ACL entry from parent to new child's access ACL.
            bool parentDefaultIsMinimal = AclUtil.IsMinimalAcl(parentDefaultEntries);

            foreach (AclEntry entry in parentDefaultEntries)
            {
                AclEntryType     type    = entry.GetType();
                string           name    = entry.GetName();
                AclEntry.Builder builder = new AclEntry.Builder().SetScope(AclEntryScope.Access).
                                           SetType(type).SetName(name);
                // The child's initial permission bits are treated as the mode parameter,
                // which can filter copied permission values for owner, mask and other.
                FsAction permission;
                if (type == AclEntryType.User && name == null)
                {
                    permission = entry.GetPermission().And(childPerm.GetUserAction());
                }
                else
                {
                    if (type == AclEntryType.Group && parentDefaultIsMinimal)
                    {
                        // This only happens if the default ACL is a minimal ACL: exactly 3
                        // entries corresponding to owner, group and other.  In this case,
                        // filter the group permissions.
                        permission = entry.GetPermission().And(childPerm.GetGroupAction());
                    }
                    else
                    {
                        if (type == AclEntryType.Mask)
                        {
                            // Group bits from mode parameter filter permission of mask entry.
                            permission = entry.GetPermission().And(childPerm.GetGroupAction());
                        }
                        else
                        {
                            if (type == AclEntryType.Other)
                            {
                                permission = entry.GetPermission().And(childPerm.GetOtherAction());
                            }
                            else
                            {
                                permission = entry.GetPermission();
                            }
                        }
                    }
                }
                builder.SetPermission(permission);
                accessEntries.AddItem(builder.Build());
            }
            // A new directory also receives a copy of the parent's default ACL.
            IList <AclEntry> defaultEntries = child.IsDirectory() ? parentDefaultEntries : Sharpen.Collections
                                              .EmptyList <AclEntry>();
            FsPermission newPerm;

            if (!AclUtil.IsMinimalAcl(accessEntries) || !defaultEntries.IsEmpty())
            {
                // Save the new ACL to the child.
                child.AddAclFeature(CreateAclFeature(accessEntries, defaultEntries));
                newPerm = CreateFsPermissionForExtendedAcl(accessEntries, childPerm);
            }
            else
            {
                // The child is receiving a minimal ACL.
                newPerm = CreateFsPermissionForMinimalAcl(accessEntries, childPerm);
            }
            child.SetPermission(newPerm);
        }
Beispiel #12
0
        /// <summary>Checks requested access against an Access Control List.</summary>
        /// <remarks>
        /// Checks requested access against an Access Control List.  This method relies
        /// on finding the ACL data in the relevant portions of
        /// <see cref="Org.Apache.Hadoop.FS.Permission.FsPermission"/>
        /// and
        /// <see cref="AclFeature"/>
        /// as implemented in the logic of
        /// <see cref="AclStorage"/>
        /// .  This
        /// method also relies on receiving the ACL entries in sorted order.  This is
        /// assumed to be true, because the ACL modification methods in
        /// <see cref="AclTransformation"/>
        /// sort the resulting entries.
        /// More specifically, this method depends on these invariants in an ACL:
        /// - The list must be sorted.
        /// - Each entry in the list must be unique by scope + type + name.
        /// - There is exactly one each of the unnamed user/group/other entries.
        /// - The mask entry must not have a name.
        /// - The other entry must not have a name.
        /// - Default entries may be present, but they are ignored during enforcement.
        /// </remarks>
        /// <param name="inode">INodeAttributes accessed inode</param>
        /// <param name="snapshotId">int snapshot ID</param>
        /// <param name="access">FsAction requested permission</param>
        /// <param name="mode">FsPermission mode from inode</param>
        /// <param name="aclFeature">AclFeature of inode</param>
        /// <exception cref="Org.Apache.Hadoop.Security.AccessControlException">if the ACL denies permission
        ///     </exception>
        private void CheckAccessAcl(INodeAttributes inode, string path, FsAction access,
                                    FsPermission mode, AclFeature aclFeature)
        {
            bool foundMatch = false;

            // Use owner entry from permission bits if user is owner.
            if (GetUser().Equals(inode.GetUserName()))
            {
                if (mode.GetUserAction().Implies(access))
                {
                    return;
                }
                foundMatch = true;
            }
            // Check named user and group entries if user was not denied by owner entry.
            if (!foundMatch)
            {
                for (int pos = 0; pos < aclFeature.GetEntriesSize(); pos++)
                {
                    entry = aclFeature.GetEntryAt(pos);
                    if (AclEntryStatusFormat.GetScope(entry) == AclEntryScope.Default)
                    {
                        break;
                    }
                    AclEntryType type = AclEntryStatusFormat.GetType(entry);
                    string       name = AclEntryStatusFormat.GetName(entry);
                    if (type == AclEntryType.User)
                    {
                        // Use named user entry with mask from permission bits applied if user
                        // matches name.
                        if (GetUser().Equals(name))
                        {
                            FsAction masked = AclEntryStatusFormat.GetPermission(entry).And(mode.GetGroupAction
                                                                                                ());
                            if (masked.Implies(access))
                            {
                                return;
                            }
                            foundMatch = true;
                            break;
                        }
                    }
                    else
                    {
                        if (type == AclEntryType.Group)
                        {
                            // Use group entry (unnamed or named) with mask from permission bits
                            // applied if user is a member and entry grants access.  If user is a
                            // member of multiple groups that have entries that grant access, then
                            // it doesn't matter which is chosen, so exit early after first match.
                            string group = name == null?inode.GetGroupName() : name;

                            if (GetGroups().Contains(group))
                            {
                                FsAction masked = AclEntryStatusFormat.GetPermission(entry).And(mode.GetGroupAction
                                                                                                    ());
                                if (masked.Implies(access))
                                {
                                    return;
                                }
                                foundMatch = true;
                            }
                        }
                    }
                }
            }
            // Use other entry if user was not denied by an earlier match.
            if (!foundMatch && mode.GetOtherAction().Implies(access))
            {
                return;
            }
            throw new AccessControlException(ToAccessControlString(inode, path, access, mode)
                                             );
        }