/// <exception cref="Org.Apache.Hadoop.Security.AccessControlException"/>
        internal static void CheckPermissionForApi(FSPermissionChecker pc, XAttr xAttr, bool
                                                   isRawPath)
        {
            bool isSuperUser = pc.IsSuperUser();

            if (xAttr.GetNameSpace() == XAttr.NameSpace.User || (xAttr.GetNameSpace() == XAttr.NameSpace
                                                                 .Trusted && isSuperUser))
            {
                return;
            }
            if (xAttr.GetNameSpace() == XAttr.NameSpace.Raw && isRawPath && isSuperUser)
            {
                return;
            }
            if (XAttrHelper.GetPrefixName(xAttr).Equals(HdfsServerConstants.SecurityXattrUnreadableBySuperuser
                                                        ))
            {
                if (xAttr.GetValue() != null)
                {
                    throw new AccessControlException("Attempt to set a value for '" + HdfsServerConstants
                                                     .SecurityXattrUnreadableBySuperuser + "'. Values are not allowed for this xattr."
                                                     );
                }
                return;
            }
            throw new AccessControlException("User doesn't have permission for xattr: " + XAttrHelper
                                             .GetPrefixName(xAttr));
        }
Example #2
0
        /// <exception cref="System.IO.IOException"/>
        internal static HdfsFileStatus SetOwner(FSDirectory fsd, string src, string username
                                                , string group)
        {
            FSPermissionChecker pc = fsd.GetPermissionChecker();

            byte[][]     pathComponents = FSDirectory.GetPathComponentsForReservedPath(src);
            INodesInPath iip;

            fsd.WriteLock();
            try
            {
                src = fsd.ResolvePath(pc, src, pathComponents);
                iip = fsd.GetINodesInPath4Write(src);
                fsd.CheckOwner(pc, iip);
                if (!pc.IsSuperUser())
                {
                    if (username != null && !pc.GetUser().Equals(username))
                    {
                        throw new AccessControlException("Non-super user cannot change owner");
                    }
                    if (group != null && !pc.ContainsGroup(group))
                    {
                        throw new AccessControlException("User does not belong to " + group);
                    }
                }
                UnprotectedSetOwner(fsd, src, username, group);
            }
            finally
            {
                fsd.WriteUnlock();
            }
            fsd.GetEditLog().LogSetOwner(src, username, group);
            return(fsd.GetAuditFileInfo(iip));
        }
Example #3
0
        /// <exception cref="System.IO.IOException"/>
        internal static SnapshottableDirectoryStatus[] GetSnapshottableDirListing(FSDirectory
                                                                                  fsd, SnapshotManager snapshotManager)
        {
            FSPermissionChecker pc = fsd.GetPermissionChecker();

            fsd.ReadLock();
            try
            {
                string user = pc.IsSuperUser() ? null : pc.GetUser();
                return(snapshotManager.GetSnapshottableDirListing(user));
            }
            finally
            {
                fsd.ReadUnlock();
            }
        }
        /// <exception cref="System.IO.IOException"/>
        internal static DirectoryListing GetListingInt(FSDirectory fsd, string srcArg, byte
                                                       [] startAfter, bool needLocation)
        {
            FSPermissionChecker pc = fsd.GetPermissionChecker();

            byte[][]     pathComponents   = FSDirectory.GetPathComponentsForReservedPath(srcArg);
            string       startAfterString = new string(startAfter, Charsets.Utf8);
            string       src = fsd.ResolvePath(pc, srcArg, pathComponents);
            INodesInPath iip = fsd.GetINodesInPath(src, true);

            // Get file name when startAfter is an INodePath
            if (FSDirectory.IsReservedName(startAfterString))
            {
                byte[][] startAfterComponents = FSDirectory.GetPathComponentsForReservedPath(startAfterString
                                                                                             );
                try
                {
                    string   tmp         = FSDirectory.ResolvePath(src, startAfterComponents, fsd);
                    byte[][] regularPath = INode.GetPathComponents(tmp);
                    startAfter = regularPath[regularPath.Length - 1];
                }
                catch (IOException)
                {
                    // Possibly the inode is deleted
                    throw new DirectoryListingStartAfterNotFoundException("Can't find startAfter " +
                                                                          startAfterString);
                }
            }
            bool isSuperUser = true;

            if (fsd.IsPermissionEnabled())
            {
                if (iip.GetLastINode() != null && iip.GetLastINode().IsDirectory())
                {
                    fsd.CheckPathAccess(pc, iip, FsAction.ReadExecute);
                }
                else
                {
                    fsd.CheckTraverse(pc, iip);
                }
                isSuperUser = pc.IsSuperUser();
            }
            return(GetListing(fsd, iip, src, startAfter, needLocation, isSuperUser));
        }
        internal static IList <XAttr> FilterXAttrsForApi(FSPermissionChecker pc, IList <XAttr
                                                                                        > xAttrs, bool isRawPath)
        {
            System.Diagnostics.Debug.Assert(xAttrs != null, "xAttrs can not be null");
            if (xAttrs.IsEmpty())
            {
                return(xAttrs);
            }
            IList <XAttr> filteredXAttrs = Lists.NewArrayListWithCapacity(xAttrs.Count);
            bool          isSuperUser    = pc.IsSuperUser();

            foreach (XAttr xAttr in xAttrs)
            {
                if (xAttr.GetNameSpace() == XAttr.NameSpace.User)
                {
                    filteredXAttrs.AddItem(xAttr);
                }
                else
                {
                    if (xAttr.GetNameSpace() == XAttr.NameSpace.Trusted && isSuperUser)
                    {
                        filteredXAttrs.AddItem(xAttr);
                    }
                    else
                    {
                        if (xAttr.GetNameSpace() == XAttr.NameSpace.Raw && isSuperUser && isRawPath)
                        {
                            filteredXAttrs.AddItem(xAttr);
                        }
                        else
                        {
                            if (XAttrHelper.GetPrefixName(xAttr).Equals(HdfsServerConstants.SecurityXattrUnreadableBySuperuser
                                                                        ))
                            {
                                filteredXAttrs.AddItem(xAttr);
                            }
                        }
                    }
                }
            }
            return(filteredXAttrs);
        }
Example #6
0
 /// <exception cref="Org.Apache.Hadoop.Security.AccessControlException"/>
 private static void CheckXAttrChangeAccess(FSDirectory fsd, INodesInPath iip, XAttr
                                            xAttr, FSPermissionChecker pc)
 {
     if (fsd.IsPermissionEnabled() && xAttr.GetNameSpace() == XAttr.NameSpace.User)
     {
         INode inode = iip.GetLastINode();
         if (inode != null && inode.IsDirectory() && inode.GetFsPermission().GetStickyBit(
                 ))
         {
             if (!pc.IsSuperUser())
             {
                 fsd.CheckOwner(pc, iip);
             }
         }
         else
         {
             fsd.CheckPathAccess(pc, iip, FsAction.Write);
         }
     }
 }
        /// <summary>Get the file info for a specific file.</summary>
        /// <param name="srcArg">The string representation of the path to the file</param>
        /// <param name="resolveLink">
        /// whether to throw UnresolvedLinkException
        /// if src refers to a symlink
        /// </param>
        /// <returns>
        /// object containing information regarding the file
        /// or null if file not found
        /// </returns>
        /// <exception cref="System.IO.IOException"/>
        internal static HdfsFileStatus GetFileInfo(FSDirectory fsd, string srcArg, bool resolveLink
                                                   )
        {
            string src = srcArg;

            if (!DFSUtil.IsValidName(src))
            {
                throw new InvalidPathException("Invalid file name: " + src);
            }
            FSPermissionChecker pc = fsd.GetPermissionChecker();

            byte[][] pathComponents = FSDirectory.GetPathComponentsForReservedPath(src);
            src = fsd.ResolvePath(pc, src, pathComponents);
            INodesInPath iip         = fsd.GetINodesInPath(src, resolveLink);
            bool         isSuperUser = true;

            if (fsd.IsPermissionEnabled())
            {
                fsd.CheckPermission(pc, iip, false, null, null, null, null, false);
                isSuperUser = pc.IsSuperUser();
            }
            return(GetFileInfo(fsd, src, resolveLink, FSDirectory.IsReservedRawName(srcArg),
                               isSuperUser));
        }