/// <exception cref="System.IO.IOException"/> private void TestRootReadableExecutableInternal(bool located) { // verify executable permission on root: cd / // NUnit.Framework.Assert.IsFalse("In root before cd", fsView.GetWorkingDirectory(). IsRoot()); fsView.SetWorkingDirectory(new Path("/")); Assert.True("Not in root dir after cd", fsView.GetWorkingDirectory ().IsRoot()); // verify readable // VerifyRootChildren(ListStatusInternal(located, fsView.GetWorkingDirectory())); // verify permissions // FileStatus rootStatus = fsView.GetFileStatus(fsView.GetWorkingDirectory()); FsPermission perms = rootStatus.GetPermission(); Assert.True("User-executable permission not set!", perms.GetUserAction ().Implies(FsAction.Execute)); Assert.True("User-readable permission not set!", perms.GetUserAction ().Implies(FsAction.Read)); Assert.True("Group-executable permission not set!", perms.GetGroupAction ().Implies(FsAction.Execute)); Assert.True("Group-readable permission not set!", perms.GetGroupAction ().Implies(FsAction.Read)); Assert.True("Other-executable permission not set!", perms.GetOtherAction ().Implies(FsAction.Execute)); Assert.True("Other-readable permission not set!", perms.GetOtherAction ().Implies(FsAction.Read)); }
/// <summary>Whether a cache pool can be accessed by the current context</summary> /// <param name="pool">CachePool being accessed</param> /// <param name="access">type of action being performed on the cache pool</param> /// <exception cref="Org.Apache.Hadoop.Security.AccessControlException">if pool cannot be accessed /// </exception> public virtual void CheckPermission(CachePool pool, FsAction access) { FsPermission mode = pool.GetMode(); if (IsSuperUser()) { return; } if (GetUser().Equals(pool.GetOwnerName()) && mode.GetUserAction().Implies(access)) { return; } if (GetGroups().Contains(pool.GetGroupName()) && mode.GetGroupAction().Implies(access )) { return; } if (mode.GetOtherAction().Implies(access)) { return; } throw new AccessControlException("Permission denied while accessing pool " + pool .GetPoolName() + ": user " + GetUser() + " does not have " + access.ToString() + " permissions."); }
/// <summary> /// Checks for a given path whether the Other permissions on it /// imply the permission in the passed FsAction /// </summary> /// <param name="fs"/> /// <param name="path"/> /// <param name="action"/> /// <returns>true if the path in the uri is visible to all, false otherwise</returns> /// <exception cref="System.IO.IOException"/> private static bool CheckPermissionOfOther(FileSystem fs, Path path, FsAction action , LoadingCache <Path, Future <FileStatus> > statCache) { FileStatus status = GetFileStatus(fs, path, statCache); FsPermission perms = status.GetPermission(); FsAction otherAction = perms.GetOtherAction(); return(otherAction.Implies(action)); }
/// <summary> /// Checks for a given path whether the Other permissions on it /// imply the permission in the passed FsAction /// </summary> /// <param name="fs"/> /// <param name="path"/> /// <param name="action"/> /// <returns>true if the path in the uri is visible to all, false otherwise</returns> /// <exception cref="System.IO.IOException"/> private static bool CheckPermissionOfOther(FileSystem fs, Path path, FsAction action , IDictionary <URI, FileStatus> statCache) { FileStatus status = GetFileStatus(fs, path.ToUri(), statCache); FsPermission perms = status.GetPermission(); FsAction otherAction = perms.GetOtherAction(); if (otherAction.Implies(action)) { return(true); } return(false); }
/// <exception cref="Org.Apache.Hadoop.Security.AccessControlException"/> private void Check(INodeAttributes inode, string path, FsAction access) { if (inode == null) { return; } FsPermission mode = inode.GetFsPermission(); AclFeature aclFeature = inode.GetAclFeature(); if (aclFeature != null) { // It's possible that the inode has a default ACL but no access ACL. int firstEntry = aclFeature.GetEntryAt(0); if (AclEntryStatusFormat.GetScope(firstEntry) == AclEntryScope.Access) { CheckAccessAcl(inode, path, access, mode, aclFeature); return; } } if (GetUser().Equals(inode.GetUserName())) { //user class if (mode.GetUserAction().Implies(access)) { return; } } else { if (GetGroups().Contains(inode.GetGroupName())) { //group class if (mode.GetGroupAction().Implies(access)) { return; } } else { //other class if (mode.GetOtherAction().Implies(access)) { return; } } } throw new AccessControlException(ToAccessControlString(inode, path, access, mode) ); }
/// <summary>Reads the existing ACL of an inode.</summary> /// <remarks> /// Reads the existing ACL of an inode. This method always returns the full /// logical ACL of the inode after reading relevant data from the inode's /// <see cref="Org.Apache.Hadoop.FS.Permission.FsPermission"/> /// and /// <see cref="AclFeature"/> /// . Note that every inode /// logically has an ACL, even if no ACL has been set explicitly. If the inode /// does not have an extended ACL, then the result is a minimal ACL consising of /// exactly 3 entries that correspond to the owner, group and other permissions. /// This method always reads the inode's current state and does not support /// querying by snapshot ID. This is because the method is intended to support /// ACL modification APIs, which always apply a delta on top of current state. /// </remarks> /// <param name="inode">INode to read</param> /// <returns>List<AclEntry> containing all logical inode ACL entries</returns> public static IList <AclEntry> ReadINodeLogicalAcl(INode inode) { FsPermission perm = inode.GetFsPermission(); AclFeature f = inode.GetAclFeature(); if (f == null) { return(AclUtil.GetMinimalAcl(perm)); } IList <AclEntry> existingAcl; // Split ACL entries stored in the feature into access vs. default. IList <AclEntry> featureEntries = GetEntriesFromAclFeature(f); ScopedAclEntries scoped = new ScopedAclEntries(featureEntries); IList <AclEntry> accessEntries = scoped.GetAccessEntries(); IList <AclEntry> defaultEntries = scoped.GetDefaultEntries(); // Pre-allocate list size for the explicit entries stored in the feature // plus the 3 implicit entries (owner, group and other) from the permission // bits. existingAcl = Lists.NewArrayListWithCapacity(featureEntries.Count + 3); if (!accessEntries.IsEmpty()) { // Add owner entry implied from user permission bits. existingAcl.AddItem(new AclEntry.Builder().SetScope(AclEntryScope.Access).SetType (AclEntryType.User).SetPermission(perm.GetUserAction()).Build()); // Next add all named user and group entries taken from the feature. Sharpen.Collections.AddAll(existingAcl, accessEntries); // Add mask entry implied from group permission bits. existingAcl.AddItem(new AclEntry.Builder().SetScope(AclEntryScope.Access).SetType (AclEntryType.Mask).SetPermission(perm.GetGroupAction()).Build()); // Add other entry implied from other permission bits. existingAcl.AddItem(new AclEntry.Builder().SetScope(AclEntryScope.Access).SetType (AclEntryType.Other).SetPermission(perm.GetOtherAction()).Build()); } else { // It's possible that there is a default ACL but no access ACL. In this // case, add the minimal access ACL implied by the permission bits. Sharpen.Collections.AddAll(existingAcl, AclUtil.GetMinimalAcl(perm)); } // Add all default entries after the access entries. Sharpen.Collections.AddAll(existingAcl, defaultEntries); // The above adds entries in the correct order, so no need to sort here. return(existingAcl); }
/// <exception cref="System.IO.IOException"/> protected internal override void ProcessPath(PathData item) { @out.WriteLine("# file: " + item); @out.WriteLine("# owner: " + item.stat.GetOwner()); @out.WriteLine("# group: " + item.stat.GetGroup()); FsPermission perm = item.stat.GetPermission(); if (perm.GetStickyBit()) { @out.WriteLine("# flags: --" + (perm.GetOtherAction().Implies(FsAction.Execute) ? "t" : "T")); } AclStatus aclStatus = item.fs.GetAclStatus(item.path); IList <AclEntry> entries = perm.GetAclBit() ? aclStatus.GetEntries() : Collections .EmptyList <AclEntry>(); ScopedAclEntries scopedEntries = new ScopedAclEntries(AclUtil.GetAclFromPermAndEntries (perm, entries)); PrintAclEntriesForSingleScope(aclStatus, perm, scopedEntries.GetAccessEntries()); PrintAclEntriesForSingleScope(aclStatus, perm, scopedEntries.GetDefaultEntries()); @out.WriteLine(); }
/// <exception cref="System.IO.IOException"/> private static bool CheckPublicPermsForAll(FileSystem fs, FileStatus status, FsAction dir, FsAction file) { FsPermission perms = status.GetPermission(); FsAction otherAction = perms.GetOtherAction(); if (status.IsDirectory()) { if (!otherAction.Implies(dir)) { return(false); } foreach (FileStatus child in fs.ListStatus(status.GetPath())) { if (!CheckPublicPermsForAll(fs, child, dir, file)) { return(false); } } return(true); } return(otherAction.Implies(file)); }
/// <exception cref="System.IO.IOException"/> private static void UnprotectedRemoveAcl(FSDirectory fsd, INodesInPath iip) { System.Diagnostics.Debug.Assert(fsd.HasWriteLock()); INode inode = FSDirectory.ResolveLastINode(iip); int snapshotId = iip.GetLatestSnapshotId(); AclFeature f = inode.GetAclFeature(); if (f == null) { return; } FsPermission perm = inode.GetFsPermission(); IList <AclEntry> featureEntries = AclStorage.GetEntriesFromAclFeature(f); if (featureEntries[0].GetScope() == AclEntryScope.Access) { // Restore group permissions from the feature's entry to permission // bits, overwriting the mask, which is not part of a minimal ACL. AclEntry groupEntryKey = new AclEntry.Builder().SetScope(AclEntryScope.Access).SetType (AclEntryType.Group).Build(); int groupEntryIndex = Sharpen.Collections.BinarySearch(featureEntries, groupEntryKey , AclTransformation.AclEntryComparator); System.Diagnostics.Debug.Assert(groupEntryIndex >= 0); FsAction groupPerm = featureEntries[groupEntryIndex].GetPermission(); FsPermission newPerm = new FsPermission(perm.GetUserAction(), groupPerm, perm.GetOtherAction (), perm.GetStickyBit()); inode.SetPermission(newPerm, snapshotId); } inode.RemoveAclFeature(snapshotId); }
private static PermissionStatus AddImplicitUwx(PermissionStatus parentPerm, PermissionStatus perm) { FsPermission p = parentPerm.GetPermission(); FsPermission ancestorPerm = new FsPermission(p.GetUserAction().Or(FsAction.WriteExecute ), p.GetGroupAction(), p.GetOtherAction()); return(new PermissionStatus(perm.GetUserName(), perm.GetGroupName(), ancestorPerm )); }
/// <summary> /// If a default ACL is defined on a parent directory, then copies that default /// ACL to a newly created child file or directory. /// </summary> /// <param name="child">INode newly created child</param> public static void CopyINodeDefaultAcl(INode child) { INodeDirectory parent = child.GetParent(); AclFeature parentAclFeature = parent.GetAclFeature(); if (parentAclFeature == null || !(child.IsFile() || child.IsDirectory())) { return; } // Split parent's entries into access vs. default. IList <AclEntry> featureEntries = GetEntriesFromAclFeature(parent.GetAclFeature()); ScopedAclEntries scopedEntries = new ScopedAclEntries(featureEntries); IList <AclEntry> parentDefaultEntries = scopedEntries.GetDefaultEntries(); // The parent may have an access ACL but no default ACL. If so, exit. if (parentDefaultEntries.IsEmpty()) { return; } // Pre-allocate list size for access entries to copy from parent. IList <AclEntry> accessEntries = Lists.NewArrayListWithCapacity(parentDefaultEntries .Count); FsPermission childPerm = child.GetFsPermission(); // Copy each default ACL entry from parent to new child's access ACL. bool parentDefaultIsMinimal = AclUtil.IsMinimalAcl(parentDefaultEntries); foreach (AclEntry entry in parentDefaultEntries) { AclEntryType type = entry.GetType(); string name = entry.GetName(); AclEntry.Builder builder = new AclEntry.Builder().SetScope(AclEntryScope.Access). SetType(type).SetName(name); // The child's initial permission bits are treated as the mode parameter, // which can filter copied permission values for owner, mask and other. FsAction permission; if (type == AclEntryType.User && name == null) { permission = entry.GetPermission().And(childPerm.GetUserAction()); } else { if (type == AclEntryType.Group && parentDefaultIsMinimal) { // This only happens if the default ACL is a minimal ACL: exactly 3 // entries corresponding to owner, group and other. In this case, // filter the group permissions. permission = entry.GetPermission().And(childPerm.GetGroupAction()); } else { if (type == AclEntryType.Mask) { // Group bits from mode parameter filter permission of mask entry. permission = entry.GetPermission().And(childPerm.GetGroupAction()); } else { if (type == AclEntryType.Other) { permission = entry.GetPermission().And(childPerm.GetOtherAction()); } else { permission = entry.GetPermission(); } } } } builder.SetPermission(permission); accessEntries.AddItem(builder.Build()); } // A new directory also receives a copy of the parent's default ACL. IList <AclEntry> defaultEntries = child.IsDirectory() ? parentDefaultEntries : Sharpen.Collections .EmptyList <AclEntry>(); FsPermission newPerm; if (!AclUtil.IsMinimalAcl(accessEntries) || !defaultEntries.IsEmpty()) { // Save the new ACL to the child. child.AddAclFeature(CreateAclFeature(accessEntries, defaultEntries)); newPerm = CreateFsPermissionForExtendedAcl(accessEntries, childPerm); } else { // The child is receiving a minimal ACL. newPerm = CreateFsPermissionForMinimalAcl(accessEntries, childPerm); } child.SetPermission(newPerm); }
/// <summary>Checks requested access against an Access Control List.</summary> /// <remarks> /// Checks requested access against an Access Control List. This method relies /// on finding the ACL data in the relevant portions of /// <see cref="Org.Apache.Hadoop.FS.Permission.FsPermission"/> /// and /// <see cref="AclFeature"/> /// as implemented in the logic of /// <see cref="AclStorage"/> /// . This /// method also relies on receiving the ACL entries in sorted order. This is /// assumed to be true, because the ACL modification methods in /// <see cref="AclTransformation"/> /// sort the resulting entries. /// More specifically, this method depends on these invariants in an ACL: /// - The list must be sorted. /// - Each entry in the list must be unique by scope + type + name. /// - There is exactly one each of the unnamed user/group/other entries. /// - The mask entry must not have a name. /// - The other entry must not have a name. /// - Default entries may be present, but they are ignored during enforcement. /// </remarks> /// <param name="inode">INodeAttributes accessed inode</param> /// <param name="snapshotId">int snapshot ID</param> /// <param name="access">FsAction requested permission</param> /// <param name="mode">FsPermission mode from inode</param> /// <param name="aclFeature">AclFeature of inode</param> /// <exception cref="Org.Apache.Hadoop.Security.AccessControlException">if the ACL denies permission /// </exception> private void CheckAccessAcl(INodeAttributes inode, string path, FsAction access, FsPermission mode, AclFeature aclFeature) { bool foundMatch = false; // Use owner entry from permission bits if user is owner. if (GetUser().Equals(inode.GetUserName())) { if (mode.GetUserAction().Implies(access)) { return; } foundMatch = true; } // Check named user and group entries if user was not denied by owner entry. if (!foundMatch) { for (int pos = 0; pos < aclFeature.GetEntriesSize(); pos++) { entry = aclFeature.GetEntryAt(pos); if (AclEntryStatusFormat.GetScope(entry) == AclEntryScope.Default) { break; } AclEntryType type = AclEntryStatusFormat.GetType(entry); string name = AclEntryStatusFormat.GetName(entry); if (type == AclEntryType.User) { // Use named user entry with mask from permission bits applied if user // matches name. if (GetUser().Equals(name)) { FsAction masked = AclEntryStatusFormat.GetPermission(entry).And(mode.GetGroupAction ()); if (masked.Implies(access)) { return; } foundMatch = true; break; } } else { if (type == AclEntryType.Group) { // Use group entry (unnamed or named) with mask from permission bits // applied if user is a member and entry grants access. If user is a // member of multiple groups that have entries that grant access, then // it doesn't matter which is chosen, so exit early after first match. string group = name == null?inode.GetGroupName() : name; if (GetGroups().Contains(group)) { FsAction masked = AclEntryStatusFormat.GetPermission(entry).And(mode.GetGroupAction ()); if (masked.Implies(access)) { return; } foundMatch = true; } } } } } // Use other entry if user was not denied by an earlier match. if (!foundMatch && mode.GetOtherAction().Implies(access)) { return; } throw new AccessControlException(ToAccessControlString(inode, path, access, mode) ); }