/// <exception cref="Org.Apache.Hadoop.Security.AccessControlException"/>
internal static void CheckPermissionForApi(FSPermissionChecker pc, XAttr xAttr, bool
isRawPath)
{
bool isSuperUser = pc.IsSuperUser();
if (xAttr.GetNameSpace() == XAttr.NameSpace.User || (xAttr.GetNameSpace() == XAttr.NameSpace
.Trusted && isSuperUser))
{
return;
}
if (xAttr.GetNameSpace() == XAttr.NameSpace.Raw && isRawPath && isSuperUser)
{
return;
}
if (XAttrHelper.GetPrefixName(xAttr).Equals(HdfsServerConstants.SecurityXattrUnreadableBySuperuser
))
{
if (xAttr.GetValue() != null)
{
throw new AccessControlException("Attempt to set a value for '" + HdfsServerConstants
.SecurityXattrUnreadableBySuperuser + "'. Values are not allowed for this xattr."
);
}
return;
}
throw new AccessControlException("User doesn't have permission for xattr: " + XAttrHelper
.GetPrefixName(xAttr));
}
/// <summary>Create a new encryption zone.</summary>
/// <remarks>
/// Create a new encryption zone.
/// <p/>
/// Called while holding the FSDirectory lock.
/// </remarks>
/// <exception cref="System.IO.IOException"/>
internal virtual XAttr CreateEncryptionZone(string src, CipherSuite suite, CryptoProtocolVersion
version, string keyName)
{
System.Diagnostics.Debug.Assert(dir.HasWriteLock());
INodesInPath srcIIP = dir.GetINodesInPath4Write(src, false);
if (dir.IsNonEmptyDirectory(srcIIP))
{
throw new IOException("Attempt to create an encryption zone for a non-empty directory."
);
}
if (srcIIP != null && srcIIP.GetLastINode() != null && !srcIIP.GetLastINode().IsDirectory
())
{
throw new IOException("Attempt to create an encryption zone for a file.");
}
EncryptionZoneManager.EncryptionZoneInt ezi = GetEncryptionZoneForPath(srcIIP);
if (ezi != null)
{
throw new IOException("Directory " + src + " is already in an " + "encryption zone. ("
+ GetFullPathName(ezi) + ")");
}
HdfsProtos.ZoneEncryptionInfoProto proto = PBHelper.Convert(suite, version, keyName
);
XAttr ezXAttr = XAttrHelper.BuildXAttr(HdfsServerConstants.CryptoXattrEncryptionZone
, proto.ToByteArray());
IList <XAttr> xattrs = Lists.NewArrayListWithCapacity(1);
xattrs.AddItem(ezXAttr);
// updating the xattr will call addEncryptionZone,
// done this way to handle edit log loading
FSDirXAttrOp.UnprotectedSetXAttrs(dir, src, xattrs, EnumSet.Of(XAttrSetFlag.Create
));
return(ezXAttr);
}
public virtual void TestToXAttrMap()
{
string jsonString = "{\"XAttrs\":[{\"name\":\"user.a1\",\"value\":\"0x313233\"},"
+ "{\"name\":\"user.a2\",\"value\":\"0x313131\"}]}";
ObjectReader reader = new ObjectMapper().Reader(typeof(IDictionary));
IDictionary <object, object> json = reader.ReadValue(jsonString);
XAttr xAttr1 = (new XAttr.Builder()).SetNameSpace(XAttr.NameSpace.User).SetName("a1"
).SetValue(XAttrCodec.DecodeValue("0x313233")).Build();
XAttr xAttr2 = (new XAttr.Builder()).SetNameSpace(XAttr.NameSpace.User).SetName("a2"
).SetValue(XAttrCodec.DecodeValue("0x313131")).Build();
IList <XAttr> xAttrs = Lists.NewArrayList();
xAttrs.AddItem(xAttr1);
xAttrs.AddItem(xAttr2);
IDictionary <string, byte[]> xAttrMap = XAttrHelper.BuildXAttrMap(xAttrs);
IDictionary <string, byte[]> parsedXAttrMap = JsonUtil.ToXAttrs(json);
NUnit.Framework.Assert.AreEqual(xAttrMap.Count, parsedXAttrMap.Count);
IEnumerator <KeyValuePair <string, byte[]> > iter = xAttrMap.GetEnumerator();
while (iter.HasNext())
{
KeyValuePair <string, byte[]> entry = iter.Next();
Assert.AssertArrayEquals(entry.Value, parsedXAttrMap[entry.Key]);
}
}
/// <exception cref="System.IO.IOException"/>
public static string ToJsonString(IList <XAttr> xAttrs)
{
IList <string> names = Lists.NewArrayListWithCapacity(xAttrs.Count);
foreach (XAttr xAttr in xAttrs)
{
names.AddItem(XAttrHelper.GetPrefixName(xAttr));
}
ObjectMapper mapper = new ObjectMapper();
string ret = mapper.WriteValueAsString(names);
IDictionary <string, object> finalMap = new SortedDictionary <string, object>();
finalMap["XAttrNames"] = ret;
return(mapper.WriteValueAsString(finalMap));
}
/// <exception cref="System.IO.IOException"/>
private static IDictionary <string, object> ToJsonMap(XAttr xAttr, XAttrCodec encoding
)
{
if (xAttr == null)
{
return(null);
}
IDictionary <string, object> m = new SortedDictionary <string, object>();
m["name"] = XAttrHelper.GetPrefixName(xAttr);
m["value"] = xAttr.GetValue() != null?XAttrCodec.EncodeValue(xAttr.GetValue(),
encoding) : null;
return(m);
}
/// <exception cref="System.IO.IOException"/>
internal static XAttr UnprotectedGetXAttrByName(INode inode, int snapshotId, string
xAttrName)
{
IList <XAttr> xAttrs = XAttrStorage.ReadINodeXAttrs(inode, snapshotId);
if (xAttrs == null)
{
return(null);
}
foreach (XAttr x in xAttrs)
{
if (XAttrHelper.GetPrefixName(x).Equals(xAttrName))
{
return(x);
}
}
return(null);
}
internal static IList <XAttr> FilterXAttrsForApi(FSPermissionChecker pc, IList <XAttr
> xAttrs, bool isRawPath)
{
System.Diagnostics.Debug.Assert(xAttrs != null, "xAttrs can not be null");
if (xAttrs.IsEmpty())
{
return(xAttrs);
}
IList <XAttr> filteredXAttrs = Lists.NewArrayListWithCapacity(xAttrs.Count);
bool isSuperUser = pc.IsSuperUser();
foreach (XAttr xAttr in xAttrs)
{
if (xAttr.GetNameSpace() == XAttr.NameSpace.User)
{
filteredXAttrs.AddItem(xAttr);
}
else
{
if (xAttr.GetNameSpace() == XAttr.NameSpace.Trusted && isSuperUser)
{
filteredXAttrs.AddItem(xAttr);
}
else
{
if (xAttr.GetNameSpace() == XAttr.NameSpace.Raw && isSuperUser && isRawPath)
{
filteredXAttrs.AddItem(xAttr);
}
else
{
if (XAttrHelper.GetPrefixName(xAttr).Equals(HdfsServerConstants.SecurityXattrUnreadableBySuperuser
))
{
filteredXAttrs.AddItem(xAttr);
}
}
}
}
}
return(filteredXAttrs);
}
/// <exception cref="System.IO.IOException"/>
internal static INode UnprotectedSetXAttrs(FSDirectory fsd, string src, IList <XAttr
> xAttrs, EnumSet <XAttrSetFlag> flag)
{
System.Diagnostics.Debug.Assert(fsd.HasWriteLock());
INodesInPath iip = fsd.GetINodesInPath4Write(FSDirectory.NormalizePath(src), true
);
INode inode = FSDirectory.ResolveLastINode(iip);
int snapshotId = iip.GetLatestSnapshotId();
IList <XAttr> existingXAttrs = XAttrStorage.ReadINodeXAttrs(inode);
IList <XAttr> newXAttrs = SetINodeXAttrs(fsd, existingXAttrs, xAttrs, flag);
bool isFile = inode.IsFile();
foreach (XAttr xattr in newXAttrs)
{
string xaName = XAttrHelper.GetPrefixName(xattr);
/*
* If we're adding the encryption zone xattr, then add src to the list
* of encryption zones.
*/
if (HdfsServerConstants.CryptoXattrEncryptionZone.Equals(xaName))
{
HdfsProtos.ZoneEncryptionInfoProto ezProto = HdfsProtos.ZoneEncryptionInfoProto.ParseFrom
(xattr.GetValue());
fsd.ezManager.AddEncryptionZone(inode.GetId(), PBHelper.Convert(ezProto.GetSuite(
)), PBHelper.Convert(ezProto.GetCryptoProtocolVersion()), ezProto.GetKeyName());
}
if (!isFile && HdfsServerConstants.SecurityXattrUnreadableBySuperuser.Equals(xaName
))
{
throw new IOException("Can only set '" + HdfsServerConstants.SecurityXattrUnreadableBySuperuser
+ "' on a file.");
}
}
XAttrStorage.UpdateINodeXAttrs(inode, newXAttrs, snapshotId);
return(inode);
}
public static XAttr BuildXAttr(byte policyId)
{
string name = BuildXAttrName();
return(XAttrHelper.BuildXAttr(name, new byte[] { policyId }));
}
