From common-commits-return-78843-archive-asf-public=cust-asf.ponee.io@hadoop.apache.org Fri Feb 16 23:00:32 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id A1896180718 for ; Fri, 16 Feb 2018 23:00:31 +0100 (CET) Received: (qmail 25396 invoked by uid 500); 16 Feb 2018 22:00:26 -0000 Mailing-List: contact common-commits-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list common-commits@hadoop.apache.org Received: (qmail 25213 invoked by uid 99); 16 Feb 2018 22:00:26 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 16 Feb 2018 22:00:26 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id E58ACF3250; Fri, 16 Feb 2018 22:00:24 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: hanishakoneru@apache.org To: common-commits@hadoop.apache.org Date: Fri, 16 Feb 2018 22:00:30 -0000 Message-Id: In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [08/21] hadoop git commit: xattr api cleanup xattr api cleanup Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/da59acd8 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/da59acd8 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/da59acd8 Branch: refs/heads/HDFS-12996 Commit: da59acd8ca9ab5b49b988ffca64e8cce91c5f741 Parents: 481d79f Author: Kihwal Lee Authored: Thu Feb 15 11:11:55 2018 -0600 Committer: Kihwal Lee Committed: Thu Feb 15 11:11:55 2018 -0600 ---------------------------------------------------------------------- .../hdfs/server/namenode/FSDirXAttrOp.java | 3 +- .../hdfs/server/namenode/FSXAttrBaseTest.java | 63 ++++++++++++++++---- 2 files changed, 51 insertions(+), 15 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/da59acd8/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirXAttrOp.java ---------------------------------------------------------------------- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirXAttrOp.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirXAttrOp.java index 3223467..be3092c 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirXAttrOp.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirXAttrOp.java @@ -137,8 +137,7 @@ class FSDirXAttrOp { final boolean isRawPath = FSDirectory.isReservedRawName(src); final INodesInPath iip = fsd.resolvePath(pc, src, DirOp.READ); if (fsd.isPermissionEnabled()) { - /* To access xattr names, you need EXECUTE in the owning directory. */ - fsd.checkParentAccess(pc, iip, FsAction.EXECUTE); + fsd.checkPathAccess(pc, iip, FsAction.READ); } final List all = FSDirXAttrOp.getXAttrs(fsd, iip); return XAttrPermissionFilter. http://git-wip-us.apache.org/repos/asf/hadoop/blob/da59acd8/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/FSXAttrBaseTest.java ---------------------------------------------------------------------- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/FSXAttrBaseTest.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/FSXAttrBaseTest.java index 43eeadf..b5f7573 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/FSXAttrBaseTest.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/FSXAttrBaseTest.java @@ -843,28 +843,37 @@ public class FSXAttrBaseTest { } /* - * Check that execute/scan access to the parent dir is sufficient to get - * xattr names. + * Check that execute/scan access to the parent dir is not + * sufficient to get xattr names. */ fs.setPermission(path, new FsPermission((short) 0701)); user.doAs(new PrivilegedExceptionAction() { @Override public Object run() throws Exception { + try { final FileSystem userFs = dfsCluster.getFileSystem(); userFs.listXAttrs(childDir); - return null; + fail("expected AccessControlException"); + } catch (AccessControlException ace) { + GenericTestUtils.assertExceptionContains("Permission denied", ace); } + return null; + } }); /* * Test that xattrs in the "trusted" namespace are filtered correctly. */ + // Allow the user to read child path. + fs.setPermission(childDir, new FsPermission((short) 0704)); fs.setXAttr(childDir, "trusted.myxattr", "1234".getBytes()); user.doAs(new PrivilegedExceptionAction() { @Override public Object run() throws Exception { final FileSystem userFs = dfsCluster.getFileSystem(); - assertTrue(userFs.listXAttrs(childDir).size() == 1); + List xattrs = userFs.listXAttrs(childDir); + assertTrue(xattrs.size() == 1); + assertEquals(name1, xattrs.get(0)); return null; } }); @@ -1109,20 +1118,48 @@ public class FSXAttrBaseTest { } /* - * Test that only user who have parent directory execute access - * can see raw.* xattrs returned from listXAttr + * Test that user who have parent directory execute access + * can also not see raw.* xattrs returned from listXAttr */ - // non-raw path - final List xattrNames = userFs.listXAttrs(path); - assertTrue(xattrNames.size() == 0); + try { + // non-raw path + userFs.listXAttrs(path); + fail("listXAttr should have thrown AccessControlException"); + } catch (AccessControlException ace) { + // expected + } - // raw path - List rawXattrs = userFs.listXAttrs(rawPath); - assertTrue(rawXattrs.size() == 1); - assertTrue(rawXattrs.get(0).equals(raw1)); + try { + // raw path + userFs.listXAttrs(rawPath); + fail("listXAttr should have thrown AccessControlException"); + } catch (AccessControlException ace) { + // expected + } return null; } }); + /* + Test user who have read access can list xattrs in "raw.*" namespace + */ + fs.setPermission(path, new FsPermission((short) 0751)); + final Path childDir = new Path(path, "child" + pathCount); + FileSystem.mkdirs(fs, childDir, FsPermission.createImmutable((short) + 0704)); + final Path rawChildDir = + new Path("/.reserved/raw" + childDir.toString()); + fs.setXAttr(rawChildDir, raw1, value1); + user.doAs(new PrivilegedExceptionAction() { + @Override + public Object run() throws Exception { + final FileSystem userFs = dfsCluster.getFileSystem(); + // raw path + List xattrs = userFs.listXAttrs(rawChildDir); + assertEquals(1, xattrs.size()); + assertEquals(raw1, xattrs.get(0)); + return null; + } + }); fs.removeXAttr(rawPath, raw1); } --------------------------------------------------------------------- To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org For additional commands, e-mail: common-commits-help@hadoop.apache.org