public virtual void CreateRootRegistryPaths() { IList <ACL> systemACLs = GetRegistrySecurity().GetSystemACLs(); Log.Info("System ACLs {}", RegistrySecurity.AclsToString(systemACLs)); MaybeCreate(string.Empty, CreateMode.Persistent, systemACLs, false); MaybeCreate(PathUsers, CreateMode.Persistent, systemACLs, false); MaybeCreate(PathSystemServices, CreateMode.Persistent, systemACLs, false); }
/// <summary>Init operation sets up the system ACLs.</summary> /// <param name="conf">configuration of the service</param> /// <exception cref="System.Exception"/> protected override void ServiceInit(Configuration conf) { base.ServiceInit(conf); RegistrySecurity registrySecurity = GetRegistrySecurity(); if (registrySecurity.IsSecureRegistry()) { ACL sasl = registrySecurity.CreateSaslACLFromCurrentUser(ZooDefs.Perms.All); registrySecurity.AddSystemACL(sasl); Log.Info("Registry System ACLs:", RegistrySecurity.AclsToString(registrySecurity. GetSystemACLs())); } }
public virtual void TestDigestAccess() { RMRegistryOperationsService registryAdmin = StartRMRegistryOperations(); string id = "username"; string pass = "******"; registryAdmin.AddWriteAccessor(id, pass); IList <ACL> clientAcls = registryAdmin.GetClientAcls(); Log.Info("Client ACLS=\n{}", RegistrySecurity.AclsToString(clientAcls)); string @base = "/digested"; registryAdmin.Mknode(@base, false); IList <ACL> baseACLs = registryAdmin.ZkGetACLS(@base); string aclset = RegistrySecurity.AclsToString(baseACLs); Log.Info("Base ACLs=\n{}", aclset); ACL found = null; foreach (ACL acl in baseACLs) { if (ZookeeperConfigOptions.SchemeDigest.Equals(acl.GetId().GetScheme())) { found = acl; break; } } NUnit.Framework.Assert.IsNotNull("Did not find digest entry in ACLs " + aclset, found ); zkClientConf.Set(KeyRegistryUserAccounts, "sasl:[email protected], sasl:other" ); RegistryOperations operations = RegistryOperationsFactory.CreateAuthenticatedInstance (zkClientConf, id, pass); AddToTeardown(operations); operations.Start(); RegistryOperationsClient operationsClient = (RegistryOperationsClient)operations; IList <ACL> digestClientACLs = operationsClient.GetClientAcls(); Log.Info("digest client ACLs=\n{}", RegistrySecurity.AclsToString(digestClientACLs )); operations.Stat(@base); operations.Mknode(@base + "/subdir", false); ZKPathDumper pathDumper = registryAdmin.DumpPath(true); Log.Info(pathDumper.ToString()); }