/// <exception cref="Org.Apache.Hadoop.Security.AccessControlException"/> internal static void CheckPermissionForApi(FSPermissionChecker pc, XAttr xAttr, bool isRawPath) { bool isSuperUser = pc.IsSuperUser(); if (xAttr.GetNameSpace() == XAttr.NameSpace.User || (xAttr.GetNameSpace() == XAttr.NameSpace .Trusted && isSuperUser)) { return; } if (xAttr.GetNameSpace() == XAttr.NameSpace.Raw && isRawPath && isSuperUser) { return; } if (XAttrHelper.GetPrefixName(xAttr).Equals(HdfsServerConstants.SecurityXattrUnreadableBySuperuser )) { if (xAttr.GetValue() != null) { throw new AccessControlException("Attempt to set a value for '" + HdfsServerConstants .SecurityXattrUnreadableBySuperuser + "'. Values are not allowed for this xattr." ); } return; } throw new AccessControlException("User doesn't have permission for xattr: " + XAttrHelper .GetPrefixName(xAttr)); }
/// <summary>Create a new encryption zone.</summary> /// <remarks> /// Create a new encryption zone. /// <p/> /// Called while holding the FSDirectory lock. /// </remarks> /// <exception cref="System.IO.IOException"/> internal virtual XAttr CreateEncryptionZone(string src, CipherSuite suite, CryptoProtocolVersion version, string keyName) { System.Diagnostics.Debug.Assert(dir.HasWriteLock()); INodesInPath srcIIP = dir.GetINodesInPath4Write(src, false); if (dir.IsNonEmptyDirectory(srcIIP)) { throw new IOException("Attempt to create an encryption zone for a non-empty directory." ); } if (srcIIP != null && srcIIP.GetLastINode() != null && !srcIIP.GetLastINode().IsDirectory ()) { throw new IOException("Attempt to create an encryption zone for a file."); } EncryptionZoneManager.EncryptionZoneInt ezi = GetEncryptionZoneForPath(srcIIP); if (ezi != null) { throw new IOException("Directory " + src + " is already in an " + "encryption zone. (" + GetFullPathName(ezi) + ")"); } HdfsProtos.ZoneEncryptionInfoProto proto = PBHelper.Convert(suite, version, keyName ); XAttr ezXAttr = XAttrHelper.BuildXAttr(HdfsServerConstants.CryptoXattrEncryptionZone , proto.ToByteArray()); IList <XAttr> xattrs = Lists.NewArrayListWithCapacity(1); xattrs.AddItem(ezXAttr); // updating the xattr will call addEncryptionZone, // done this way to handle edit log loading FSDirXAttrOp.UnprotectedSetXAttrs(dir, src, xattrs, EnumSet.Of(XAttrSetFlag.Create )); return(ezXAttr); }
public virtual void TestToXAttrMap() { string jsonString = "{\"XAttrs\":[{\"name\":\"user.a1\",\"value\":\"0x313233\"}," + "{\"name\":\"user.a2\",\"value\":\"0x313131\"}]}"; ObjectReader reader = new ObjectMapper().Reader(typeof(IDictionary)); IDictionary <object, object> json = reader.ReadValue(jsonString); XAttr xAttr1 = (new XAttr.Builder()).SetNameSpace(XAttr.NameSpace.User).SetName("a1" ).SetValue(XAttrCodec.DecodeValue("0x313233")).Build(); XAttr xAttr2 = (new XAttr.Builder()).SetNameSpace(XAttr.NameSpace.User).SetName("a2" ).SetValue(XAttrCodec.DecodeValue("0x313131")).Build(); IList <XAttr> xAttrs = Lists.NewArrayList(); xAttrs.AddItem(xAttr1); xAttrs.AddItem(xAttr2); IDictionary <string, byte[]> xAttrMap = XAttrHelper.BuildXAttrMap(xAttrs); IDictionary <string, byte[]> parsedXAttrMap = JsonUtil.ToXAttrs(json); NUnit.Framework.Assert.AreEqual(xAttrMap.Count, parsedXAttrMap.Count); IEnumerator <KeyValuePair <string, byte[]> > iter = xAttrMap.GetEnumerator(); while (iter.HasNext()) { KeyValuePair <string, byte[]> entry = iter.Next(); Assert.AssertArrayEquals(entry.Value, parsedXAttrMap[entry.Key]); } }
/// <exception cref="System.IO.IOException"/> public static string ToJsonString(IList <XAttr> xAttrs) { IList <string> names = Lists.NewArrayListWithCapacity(xAttrs.Count); foreach (XAttr xAttr in xAttrs) { names.AddItem(XAttrHelper.GetPrefixName(xAttr)); } ObjectMapper mapper = new ObjectMapper(); string ret = mapper.WriteValueAsString(names); IDictionary <string, object> finalMap = new SortedDictionary <string, object>(); finalMap["XAttrNames"] = ret; return(mapper.WriteValueAsString(finalMap)); }
/// <exception cref="System.IO.IOException"/> private static IDictionary <string, object> ToJsonMap(XAttr xAttr, XAttrCodec encoding ) { if (xAttr == null) { return(null); } IDictionary <string, object> m = new SortedDictionary <string, object>(); m["name"] = XAttrHelper.GetPrefixName(xAttr); m["value"] = xAttr.GetValue() != null?XAttrCodec.EncodeValue(xAttr.GetValue(), encoding) : null; return(m); }
/// <exception cref="System.IO.IOException"/> internal static XAttr UnprotectedGetXAttrByName(INode inode, int snapshotId, string xAttrName) { IList <XAttr> xAttrs = XAttrStorage.ReadINodeXAttrs(inode, snapshotId); if (xAttrs == null) { return(null); } foreach (XAttr x in xAttrs) { if (XAttrHelper.GetPrefixName(x).Equals(xAttrName)) { return(x); } } return(null); }
internal static IList <XAttr> FilterXAttrsForApi(FSPermissionChecker pc, IList <XAttr > xAttrs, bool isRawPath) { System.Diagnostics.Debug.Assert(xAttrs != null, "xAttrs can not be null"); if (xAttrs.IsEmpty()) { return(xAttrs); } IList <XAttr> filteredXAttrs = Lists.NewArrayListWithCapacity(xAttrs.Count); bool isSuperUser = pc.IsSuperUser(); foreach (XAttr xAttr in xAttrs) { if (xAttr.GetNameSpace() == XAttr.NameSpace.User) { filteredXAttrs.AddItem(xAttr); } else { if (xAttr.GetNameSpace() == XAttr.NameSpace.Trusted && isSuperUser) { filteredXAttrs.AddItem(xAttr); } else { if (xAttr.GetNameSpace() == XAttr.NameSpace.Raw && isSuperUser && isRawPath) { filteredXAttrs.AddItem(xAttr); } else { if (XAttrHelper.GetPrefixName(xAttr).Equals(HdfsServerConstants.SecurityXattrUnreadableBySuperuser )) { filteredXAttrs.AddItem(xAttr); } } } } } return(filteredXAttrs); }
/// <exception cref="System.IO.IOException"/> internal static INode UnprotectedSetXAttrs(FSDirectory fsd, string src, IList <XAttr > xAttrs, EnumSet <XAttrSetFlag> flag) { System.Diagnostics.Debug.Assert(fsd.HasWriteLock()); INodesInPath iip = fsd.GetINodesInPath4Write(FSDirectory.NormalizePath(src), true ); INode inode = FSDirectory.ResolveLastINode(iip); int snapshotId = iip.GetLatestSnapshotId(); IList <XAttr> existingXAttrs = XAttrStorage.ReadINodeXAttrs(inode); IList <XAttr> newXAttrs = SetINodeXAttrs(fsd, existingXAttrs, xAttrs, flag); bool isFile = inode.IsFile(); foreach (XAttr xattr in newXAttrs) { string xaName = XAttrHelper.GetPrefixName(xattr); /* * If we're adding the encryption zone xattr, then add src to the list * of encryption zones. */ if (HdfsServerConstants.CryptoXattrEncryptionZone.Equals(xaName)) { HdfsProtos.ZoneEncryptionInfoProto ezProto = HdfsProtos.ZoneEncryptionInfoProto.ParseFrom (xattr.GetValue()); fsd.ezManager.AddEncryptionZone(inode.GetId(), PBHelper.Convert(ezProto.GetSuite( )), PBHelper.Convert(ezProto.GetCryptoProtocolVersion()), ezProto.GetKeyName()); } if (!isFile && HdfsServerConstants.SecurityXattrUnreadableBySuperuser.Equals(xaName )) { throw new IOException("Can only set '" + HdfsServerConstants.SecurityXattrUnreadableBySuperuser + "' on a file."); } } XAttrStorage.UpdateINodeXAttrs(inode, newXAttrs, snapshotId); return(inode); }
public static XAttr BuildXAttr(byte policyId) { string name = BuildXAttrName(); return(XAttrHelper.BuildXAttr(name, new byte[] { policyId })); }