Beispiel #1
0
        /// <exception cref="System.Exception"/>
        protected internal virtual void TestSetPermission()
        {
            FileSystem fs   = FileSystem.Get(GetProxiedFSConf());
            Path       path = new Path(GetProxiedFSTestDir(), "foodir");

            fs.Mkdirs(path);
            fs = GetHttpFSFileSystem();
            FsPermission permission1 = new FsPermission(FsAction.ReadWrite, FsAction.None, FsAction
                                                        .None);

            fs.SetPermission(path, permission1);
            fs.Close();
            fs = FileSystem.Get(GetProxiedFSConf());
            FileStatus status1 = fs.GetFileStatus(path);

            fs.Close();
            FsPermission permission2 = status1.GetPermission();

            NUnit.Framework.Assert.AreEqual(permission2, permission1);
            //sticky bit
            fs          = GetHttpFSFileSystem();
            permission1 = new FsPermission(FsAction.ReadWrite, FsAction.None, FsAction.None,
                                           true);
            fs.SetPermission(path, permission1);
            fs.Close();
            fs      = FileSystem.Get(GetProxiedFSConf());
            status1 = fs.GetFileStatus(path);
            fs.Close();
            permission2 = status1.GetPermission();
            NUnit.Framework.Assert.IsTrue(permission2.GetStickyBit());
            NUnit.Framework.Assert.AreEqual(permission2, permission1);
        }
Beispiel #2
0
        /// <exception cref="System.IO.IOException"/>
        private static void UnprotectedRemoveAcl(FSDirectory fsd, INodesInPath iip)
        {
            System.Diagnostics.Debug.Assert(fsd.HasWriteLock());
            INode      inode      = FSDirectory.ResolveLastINode(iip);
            int        snapshotId = iip.GetLatestSnapshotId();
            AclFeature f          = inode.GetAclFeature();

            if (f == null)
            {
                return;
            }
            FsPermission     perm           = inode.GetFsPermission();
            IList <AclEntry> featureEntries = AclStorage.GetEntriesFromAclFeature(f);

            if (featureEntries[0].GetScope() == AclEntryScope.Access)
            {
                // Restore group permissions from the feature's entry to permission
                // bits, overwriting the mask, which is not part of a minimal ACL.
                AclEntry groupEntryKey = new AclEntry.Builder().SetScope(AclEntryScope.Access).SetType
                                             (AclEntryType.Group).Build();
                int groupEntryIndex = Sharpen.Collections.BinarySearch(featureEntries, groupEntryKey
                                                                       , AclTransformation.AclEntryComparator);
                System.Diagnostics.Debug.Assert(groupEntryIndex >= 0);
                FsAction     groupPerm = featureEntries[groupEntryIndex].GetPermission();
                FsPermission newPerm   = new FsPermission(perm.GetUserAction(), groupPerm, perm.GetOtherAction
                                                              (), perm.GetStickyBit());
                inode.SetPermission(newPerm, snapshotId);
            }
            inode.RemoveAclFeature(snapshotId);
        }
Beispiel #3
0
 /// <summary>
 /// Creates the new FsPermission for an inode that is receiving an extended
 /// ACL, based on its access ACL entries.
 /// </summary>
 /// <remarks>
 /// Creates the new FsPermission for an inode that is receiving an extended
 /// ACL, based on its access ACL entries.  For a correctly sorted ACL, the
 /// first entry is the owner and the last 2 entries are the mask and other
 /// entries respectively.  Also preserve sticky bit and toggle ACL bit on.
 /// Note that this method intentionally copies the permissions of the mask
 /// entry into the FsPermission group permissions.  This is consistent with the
 /// POSIX ACLs model, which presents the mask as the permissions of the group
 /// class.
 /// </remarks>
 /// <param name="accessEntries">List<AclEntry> access ACL entries</param>
 /// <param name="existingPerm">FsPermission existing permissions</param>
 /// <returns>FsPermission new permissions</returns>
 private static FsPermission CreateFsPermissionForExtendedAcl(IList <AclEntry> accessEntries
                                                              , FsPermission existingPerm)
 {
     return(new FsPermission(accessEntries[0].GetPermission(), accessEntries[accessEntries
                                                                             .Count - 2].GetPermission(), accessEntries[accessEntries.Count - 1].GetPermission
                                 (), existingPerm.GetStickyBit()));
 }
Beispiel #4
0
        /// <summary>Return the JSON formatted ACL status of the specified file.</summary>
        /// <param name="path">a path specifies a file</param>
        /// <returns>JSON formatted AclStatus</returns>
        /// <exception cref="System.IO.IOException">if failed to serialize fileStatus to JSON.
        ///     </exception>
        internal virtual string GetAclStatus(string path)
        {
            PermissionStatus p            = GetPermissionStatus(path);
            IList <AclEntry> aclEntryList = GetAclEntryList(path);
            FsPermission     permission   = p.GetPermission();

            AclStatus.Builder builder = new AclStatus.Builder();
            builder.Owner(p.GetUserName()).Group(p.GetGroupName()).AddEntries(aclEntryList).SetPermission
                (permission).StickyBit(permission.GetStickyBit());
            AclStatus aclStatus = builder.Build();

            return(JsonUtil.ToJsonString(aclStatus));
        }
Beispiel #5
0
            /// <exception cref="System.IO.IOException"/>
            protected internal override void ProcessPath(PathData item)
            {
                @out.WriteLine("# file: " + item);
                @out.WriteLine("# owner: " + item.stat.GetOwner());
                @out.WriteLine("# group: " + item.stat.GetGroup());
                FsPermission perm = item.stat.GetPermission();

                if (perm.GetStickyBit())
                {
                    @out.WriteLine("# flags: --" + (perm.GetOtherAction().Implies(FsAction.Execute) ?
                                                    "t" : "T"));
                }
                AclStatus        aclStatus = item.fs.GetAclStatus(item.path);
                IList <AclEntry> entries   = perm.GetAclBit() ? aclStatus.GetEntries() : Collections
                                             .EmptyList <AclEntry>();
                ScopedAclEntries scopedEntries = new ScopedAclEntries(AclUtil.GetAclFromPermAndEntries
                                                                          (perm, entries));

                PrintAclEntriesForSingleScope(aclStatus, perm, scopedEntries.GetAccessEntries());
                PrintAclEntriesForSingleScope(aclStatus, perm, scopedEntries.GetDefaultEntries());
                @out.WriteLine();
            }
Beispiel #6
0
        /// <exception cref="System.IO.IOException"/>
        internal static AclStatus GetAclStatus(FSDirectory fsd, string src)
        {
            CheckAclsConfigFlag(fsd);
            FSPermissionChecker pc = fsd.GetPermissionChecker();

            byte[][] pathComponents = FSDirectory.GetPathComponentsForReservedPath(src);
            src = fsd.ResolvePath(pc, src, pathComponents);
            string srcs = FSDirectory.NormalizePath(src);

            fsd.ReadLock();
            try
            {
                // There is no real inode for the path ending in ".snapshot", so return a
                // non-null, unpopulated AclStatus.  This is similar to getFileInfo.
                if (srcs.EndsWith(HdfsConstants.SeparatorDotSnapshotDir) && fsd.GetINode4DotSnapshot
                        (srcs) != null)
                {
                    return(new AclStatus.Builder().Owner(string.Empty).Group(string.Empty).Build());
                }
                INodesInPath iip = fsd.GetINodesInPath(srcs, true);
                if (fsd.IsPermissionEnabled())
                {
                    fsd.CheckTraverse(pc, iip);
                }
                INode            inode      = FSDirectory.ResolveLastINode(iip);
                int              snapshotId = iip.GetPathSnapshotId();
                IList <AclEntry> acl        = AclStorage.ReadINodeAcl(fsd.GetAttributes(src, inode.GetLocalNameBytes
                                                                                            (), inode, snapshotId));
                FsPermission fsPermission = inode.GetFsPermission(snapshotId);
                return(new AclStatus.Builder().Owner(inode.GetUserName()).Group(inode.GetGroupName
                                                                                    ()).StickyBit(fsPermission.GetStickyBit()).SetPermission(fsPermission).AddEntries
                           (acl).Build());
            }
            finally
            {
                fsd.ReadUnlock();
            }
        }
Beispiel #7
0
 /// <summary>
 /// Creates the new FsPermission for an inode that is receiving a minimal ACL,
 /// based on its access ACL entries.
 /// </summary>
 /// <remarks>
 /// Creates the new FsPermission for an inode that is receiving a minimal ACL,
 /// based on its access ACL entries.  For a correctly sorted ACL, the owner,
 /// group and other permissions are in order.  Also preserve sticky bit and
 /// toggle ACL bit off.
 /// </remarks>
 /// <param name="accessEntries">List<AclEntry> access ACL entries</param>
 /// <param name="existingPerm">FsPermission existing permissions</param>
 /// <returns>FsPermission new permissions</returns>
 private static FsPermission CreateFsPermissionForMinimalAcl(IList <AclEntry> accessEntries
                                                             , FsPermission existingPerm)
 {
     return(new FsPermission(accessEntries[0].GetPermission(), accessEntries[1].GetPermission
                                 (), accessEntries[2].GetPermission(), existingPerm.GetStickyBit()));
 }