/// <exception cref="Org.Apache.Hadoop.Security.AccessControlException"/>
internal static void CheckPermissionForApi(FSPermissionChecker pc, XAttr xAttr, bool
isRawPath)
{
bool isSuperUser = pc.IsSuperUser();
if (xAttr.GetNameSpace() == XAttr.NameSpace.User || (xAttr.GetNameSpace() == XAttr.NameSpace
.Trusted && isSuperUser))
{
return;
}
if (xAttr.GetNameSpace() == XAttr.NameSpace.Raw && isRawPath && isSuperUser)
{
return;
}
if (XAttrHelper.GetPrefixName(xAttr).Equals(HdfsServerConstants.SecurityXattrUnreadableBySuperuser
))
{
if (xAttr.GetValue() != null)
{
throw new AccessControlException("Attempt to set a value for '" + HdfsServerConstants
.SecurityXattrUnreadableBySuperuser + "'. Values are not allowed for this xattr."
);
}
return;
}
throw new AccessControlException("User doesn't have permission for xattr: " + XAttrHelper
.GetPrefixName(xAttr));
}
/// <exception cref="System.IO.IOException"/>
internal static HdfsFileStatus SetOwner(FSDirectory fsd, string src, string username
, string group)
{
FSPermissionChecker pc = fsd.GetPermissionChecker();
byte[][] pathComponents = FSDirectory.GetPathComponentsForReservedPath(src);
INodesInPath iip;
fsd.WriteLock();
try
{
src = fsd.ResolvePath(pc, src, pathComponents);
iip = fsd.GetINodesInPath4Write(src);
fsd.CheckOwner(pc, iip);
if (!pc.IsSuperUser())
{
if (username != null && !pc.GetUser().Equals(username))
{
throw new AccessControlException("Non-super user cannot change owner");
}
if (group != null && !pc.ContainsGroup(group))
{
throw new AccessControlException("User does not belong to " + group);
}
}
UnprotectedSetOwner(fsd, src, username, group);
}
finally
{
fsd.WriteUnlock();
}
fsd.GetEditLog().LogSetOwner(src, username, group);
return(fsd.GetAuditFileInfo(iip));
}
/// <exception cref="System.IO.IOException"/>
internal static SnapshottableDirectoryStatus[] GetSnapshottableDirListing(FSDirectory
fsd, SnapshotManager snapshotManager)
{
FSPermissionChecker pc = fsd.GetPermissionChecker();
fsd.ReadLock();
try
{
string user = pc.IsSuperUser() ? null : pc.GetUser();
return(snapshotManager.GetSnapshottableDirListing(user));
}
finally
{
fsd.ReadUnlock();
}
}
/// <exception cref="System.IO.IOException"/>
internal static DirectoryListing GetListingInt(FSDirectory fsd, string srcArg, byte
[] startAfter, bool needLocation)
{
FSPermissionChecker pc = fsd.GetPermissionChecker();
byte[][] pathComponents = FSDirectory.GetPathComponentsForReservedPath(srcArg);
string startAfterString = new string(startAfter, Charsets.Utf8);
string src = fsd.ResolvePath(pc, srcArg, pathComponents);
INodesInPath iip = fsd.GetINodesInPath(src, true);
// Get file name when startAfter is an INodePath
if (FSDirectory.IsReservedName(startAfterString))
{
byte[][] startAfterComponents = FSDirectory.GetPathComponentsForReservedPath(startAfterString
);
try
{
string tmp = FSDirectory.ResolvePath(src, startAfterComponents, fsd);
byte[][] regularPath = INode.GetPathComponents(tmp);
startAfter = regularPath[regularPath.Length - 1];
}
catch (IOException)
{
// Possibly the inode is deleted
throw new DirectoryListingStartAfterNotFoundException("Can't find startAfter " +
startAfterString);
}
}
bool isSuperUser = true;
if (fsd.IsPermissionEnabled())
{
if (iip.GetLastINode() != null && iip.GetLastINode().IsDirectory())
{
fsd.CheckPathAccess(pc, iip, FsAction.ReadExecute);
}
else
{
fsd.CheckTraverse(pc, iip);
}
isSuperUser = pc.IsSuperUser();
}
return(GetListing(fsd, iip, src, startAfter, needLocation, isSuperUser));
}
internal static IList <XAttr> FilterXAttrsForApi(FSPermissionChecker pc, IList <XAttr
> xAttrs, bool isRawPath)
{
System.Diagnostics.Debug.Assert(xAttrs != null, "xAttrs can not be null");
if (xAttrs.IsEmpty())
{
return(xAttrs);
}
IList <XAttr> filteredXAttrs = Lists.NewArrayListWithCapacity(xAttrs.Count);
bool isSuperUser = pc.IsSuperUser();
foreach (XAttr xAttr in xAttrs)
{
if (xAttr.GetNameSpace() == XAttr.NameSpace.User)
{
filteredXAttrs.AddItem(xAttr);
}
else
{
if (xAttr.GetNameSpace() == XAttr.NameSpace.Trusted && isSuperUser)
{
filteredXAttrs.AddItem(xAttr);
}
else
{
if (xAttr.GetNameSpace() == XAttr.NameSpace.Raw && isSuperUser && isRawPath)
{
filteredXAttrs.AddItem(xAttr);
}
else
{
if (XAttrHelper.GetPrefixName(xAttr).Equals(HdfsServerConstants.SecurityXattrUnreadableBySuperuser
))
{
filteredXAttrs.AddItem(xAttr);
}
}
}
}
}
return(filteredXAttrs);
}
/// <exception cref="Org.Apache.Hadoop.Security.AccessControlException"/>
private static void CheckXAttrChangeAccess(FSDirectory fsd, INodesInPath iip, XAttr
xAttr, FSPermissionChecker pc)
{
if (fsd.IsPermissionEnabled() && xAttr.GetNameSpace() == XAttr.NameSpace.User)
{
INode inode = iip.GetLastINode();
if (inode != null && inode.IsDirectory() && inode.GetFsPermission().GetStickyBit(
))
{
if (!pc.IsSuperUser())
{
fsd.CheckOwner(pc, iip);
}
}
else
{
fsd.CheckPathAccess(pc, iip, FsAction.Write);
}
}
}
/// <summary>Get the file info for a specific file.</summary>
/// <param name="srcArg">The string representation of the path to the file</param>
/// <param name="resolveLink">
/// whether to throw UnresolvedLinkException
/// if src refers to a symlink
/// </param>
/// <returns>
/// object containing information regarding the file
/// or null if file not found
/// </returns>
/// <exception cref="System.IO.IOException"/>
internal static HdfsFileStatus GetFileInfo(FSDirectory fsd, string srcArg, bool resolveLink
)
{
string src = srcArg;
if (!DFSUtil.IsValidName(src))
{
throw new InvalidPathException("Invalid file name: " + src);
}
FSPermissionChecker pc = fsd.GetPermissionChecker();
byte[][] pathComponents = FSDirectory.GetPathComponentsForReservedPath(src);
src = fsd.ResolvePath(pc, src, pathComponents);
INodesInPath iip = fsd.GetINodesInPath(src, resolveLink);
bool isSuperUser = true;
if (fsd.IsPermissionEnabled())
{
fsd.CheckPermission(pc, iip, false, null, null, null, null, false);
isSuperUser = pc.IsSuperUser();
}
return(GetFileInfo(fsd, src, resolveLink, FSDirectory.IsReservedRawName(srcArg),
isSuperUser));
}