public virtual void TestIsUserAllowed() { AccessControlList acl; UserGroupInformation drwho = UserGroupInformation.CreateUserForTesting("*****@*****.**" , new string[] { "aliens", "humanoids", "timelord" }); UserGroupInformation susan = UserGroupInformation.CreateUserForTesting("*****@*****.**" , new string[] { "aliens", "humanoids", "timelord" }); UserGroupInformation barbara = UserGroupInformation.CreateUserForTesting("*****@*****.**" , new string[] { "humans", "teachers" }); UserGroupInformation ian = UserGroupInformation.CreateUserForTesting("*****@*****.**" , new string[] { "humans", "teachers" }); acl = new AccessControlList("drwho humanoids"); AssertUserAllowed(drwho, acl); AssertUserAllowed(susan, acl); AssertUserNotAllowed(barbara, acl); AssertUserNotAllowed(ian, acl); acl = new AccessControlList("drwho"); AssertUserAllowed(drwho, acl); AssertUserNotAllowed(susan, acl); AssertUserNotAllowed(barbara, acl); AssertUserNotAllowed(ian, acl); acl = new AccessControlList("drwho "); AssertUserAllowed(drwho, acl); AssertUserNotAllowed(susan, acl); AssertUserNotAllowed(barbara, acl); AssertUserNotAllowed(ian, acl); acl = new AccessControlList(" humanoids"); AssertUserAllowed(drwho, acl); AssertUserAllowed(susan, acl); AssertUserNotAllowed(barbara, acl); AssertUserNotAllowed(ian, acl); acl = new AccessControlList("drwho,ian aliens,teachers"); AssertUserAllowed(drwho, acl); AssertUserAllowed(susan, acl); AssertUserAllowed(barbara, acl); AssertUserAllowed(ian, acl); acl = new AccessControlList(string.Empty); UserGroupInformation spyUser = Org.Mockito.Mockito.Spy(drwho); acl.IsUserAllowed(spyUser); Org.Mockito.Mockito.Verify(spyUser, Org.Mockito.Mockito.Never()).GetGroupNames(); }
/// <exception cref="Org.Apache.Hadoop.Security.Authorize.AuthorizationException"/> public virtual void Authorize(UserGroupInformation user, string remoteAddress) { UserGroupInformation realUser = user.GetRealUser(); if (realUser == null) { return; } AccessControlList acl = proxyUserAcl[configPrefix + realUser.GetShortUserName()]; if (acl == null || !acl.IsUserAllowed(user)) { throw new AuthorizationException("User: "******" is not allowed to impersonate " + user.GetUserName()); } MachineList MachineList = proxyHosts[GetProxySuperuserIpConfKey(realUser.GetShortUserName ())]; if (MachineList == null || !MachineList.Includes(remoteAddress)) { throw new AuthorizationException("Unauthorized connection for super-user: "******" from IP " + remoteAddress); } }
private void AssertUserNotAllowed(UserGroupInformation ugi, AccessControlList acl ) { NUnit.Framework.Assert.IsFalse("User " + ugi + " is incorrectly granted the access-control!!" , acl.IsUserAllowed(ugi)); }
private void AssertUserAllowed(UserGroupInformation ugi, AccessControlList acl) { Assert.True("User " + ugi + " is not granted the access-control!!" , acl.IsUserAllowed(ugi)); }