예제 #1
0
        public virtual void TestIsUserAllowed()
        {
            AccessControlList    acl;
            UserGroupInformation drwho = UserGroupInformation.CreateUserForTesting("*****@*****.**"
                                                                                   , new string[] { "aliens", "humanoids", "timelord" });
            UserGroupInformation susan = UserGroupInformation.CreateUserForTesting("*****@*****.**"
                                                                                   , new string[] { "aliens", "humanoids", "timelord" });
            UserGroupInformation barbara = UserGroupInformation.CreateUserForTesting("*****@*****.**"
                                                                                     , new string[] { "humans", "teachers" });
            UserGroupInformation ian = UserGroupInformation.CreateUserForTesting("*****@*****.**"
                                                                                 , new string[] { "humans", "teachers" });

            acl = new AccessControlList("drwho humanoids");
            AssertUserAllowed(drwho, acl);
            AssertUserAllowed(susan, acl);
            AssertUserNotAllowed(barbara, acl);
            AssertUserNotAllowed(ian, acl);
            acl = new AccessControlList("drwho");
            AssertUserAllowed(drwho, acl);
            AssertUserNotAllowed(susan, acl);
            AssertUserNotAllowed(barbara, acl);
            AssertUserNotAllowed(ian, acl);
            acl = new AccessControlList("drwho ");
            AssertUserAllowed(drwho, acl);
            AssertUserNotAllowed(susan, acl);
            AssertUserNotAllowed(barbara, acl);
            AssertUserNotAllowed(ian, acl);
            acl = new AccessControlList(" humanoids");
            AssertUserAllowed(drwho, acl);
            AssertUserAllowed(susan, acl);
            AssertUserNotAllowed(barbara, acl);
            AssertUserNotAllowed(ian, acl);
            acl = new AccessControlList("drwho,ian aliens,teachers");
            AssertUserAllowed(drwho, acl);
            AssertUserAllowed(susan, acl);
            AssertUserAllowed(barbara, acl);
            AssertUserAllowed(ian, acl);
            acl = new AccessControlList(string.Empty);
            UserGroupInformation spyUser = Org.Mockito.Mockito.Spy(drwho);

            acl.IsUserAllowed(spyUser);
            Org.Mockito.Mockito.Verify(spyUser, Org.Mockito.Mockito.Never()).GetGroupNames();
        }
        /// <exception cref="Org.Apache.Hadoop.Security.Authorize.AuthorizationException"/>
        public virtual void Authorize(UserGroupInformation user, string remoteAddress)
        {
            UserGroupInformation realUser = user.GetRealUser();

            if (realUser == null)
            {
                return;
            }
            AccessControlList acl = proxyUserAcl[configPrefix + realUser.GetShortUserName()];

            if (acl == null || !acl.IsUserAllowed(user))
            {
                throw new AuthorizationException("User: "******" is not allowed to impersonate "
                                                 + user.GetUserName());
            }
            MachineList MachineList = proxyHosts[GetProxySuperuserIpConfKey(realUser.GetShortUserName
                                                                                ())];

            if (MachineList == null || !MachineList.Includes(remoteAddress))
            {
                throw new AuthorizationException("Unauthorized connection for super-user: "******" from IP " + remoteAddress);
            }
        }
예제 #3
0
 private void AssertUserNotAllowed(UserGroupInformation ugi, AccessControlList acl
                                   )
 {
     NUnit.Framework.Assert.IsFalse("User " + ugi + " is incorrectly granted the access-control!!"
                                    , acl.IsUserAllowed(ugi));
 }
예제 #4
0
 private void AssertUserAllowed(UserGroupInformation ugi, AccessControlList acl)
 {
     Assert.True("User " + ugi + " is not granted the access-control!!"
                 , acl.IsUserAllowed(ugi));
 }