/// <summary>Returns an inode's FsPermission for use in an outbound FileStatus.</summary> /// <remarks> /// Returns an inode's FsPermission for use in an outbound FileStatus. If the /// inode has an ACL or is for an encrypted file/dir, then this method will /// return an FsPermissionExtension. /// </remarks> /// <param name="node">INode to check</param> /// <param name="snapshot">int snapshot ID</param> /// <param name="isEncrypted">boolean true if the file/dir is encrypted</param> /// <returns> /// FsPermission from inode, with ACL bit on if the inode has an ACL /// and encrypted bit on if it represents an encrypted file/dir. /// </returns> private static FsPermission GetPermissionForFileStatus(INodeAttributes node, bool isEncrypted) { FsPermission perm = node.GetFsPermission(); bool hasAcl = node.GetAclFeature() != null; if (hasAcl || isEncrypted) { perm = new FsPermissionExtension(perm, hasAcl, isEncrypted); } return(perm); }
/// <exception cref="Org.Apache.Hadoop.Security.AccessControlException"/> private void Check(INodeAttributes inode, string path, FsAction access) { if (inode == null) { return; } FsPermission mode = inode.GetFsPermission(); AclFeature aclFeature = inode.GetAclFeature(); if (aclFeature != null) { // It's possible that the inode has a default ACL but no access ACL. int firstEntry = aclFeature.GetEntryAt(0); if (AclEntryStatusFormat.GetScope(firstEntry) == AclEntryScope.Access) { CheckAccessAcl(inode, path, access, mode, aclFeature); return; } } if (GetUser().Equals(inode.GetUserName())) { //user class if (mode.GetUserAction().Implies(access)) { return; } } else { if (GetGroups().Contains(inode.GetGroupName())) { //group class if (mode.GetGroupAction().Implies(access)) { return; } } else { //other class if (mode.GetOtherAction().Implies(access)) { return; } } } throw new AccessControlException(ToAccessControlString(inode, path, access, mode) ); }
/// <summary> /// Guarded by /// <see cref="FSNamesystem.ReadLock()"/> /// /// </summary> /// <exception cref="Org.Apache.Hadoop.Security.AccessControlException"/> private void CheckStickyBit(INodeAttributes parent, INodeAttributes inode) { if (!parent.GetFsPermission().GetStickyBit()) { return; } // If this user is the directory owner, return if (parent.GetUserName().Equals(GetUser())) { return; } // if this user is the file owner, return if (inode.GetUserName().Equals(GetUser())) { return; } throw new AccessControlException("Permission denied by sticky bit setting:" + " user="******", inode=" + inode); }