Return-Path: X-Original-To: apmail-hadoop-hdfs-commits-archive@minotaur.apache.org Delivered-To: apmail-hadoop-hdfs-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id EB47E11AC2 for ; Tue, 22 Jul 2014 21:52:30 +0000 (UTC) Received: (qmail 32729 invoked by uid 500); 22 Jul 2014 21:52:25 -0000 Delivered-To: apmail-hadoop-hdfs-commits-archive@hadoop.apache.org Received: (qmail 32678 invoked by uid 500); 22 Jul 2014 21:52:25 -0000 Mailing-List: contact hdfs-commits-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: hdfs-dev@hadoop.apache.org Delivered-To: mailing list hdfs-commits@hadoop.apache.org Received: (qmail 32667 invoked by uid 99); 22 Jul 2014 21:52:25 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 Jul 2014 21:52:25 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 Jul 2014 21:52:26 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id B54F12388868; Tue, 22 Jul 2014 21:52:00 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1612709 - in /hadoop/common/branches/branch-2.5/hadoop-hdfs-project: hadoop-hdfs-nfs/src/main/java/org/apache/hadoop/hdfs/nfs/nfs3/ hadoop-hdfs-nfs/src/test/java/org/apache/hadoop/hdfs/nfs/nfs3/ hadoop-hdfs/ Date: Tue, 22 Jul 2014 21:52:00 -0000 To: hdfs-commits@hadoop.apache.org From: brandonli@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20140722215200.B54F12388868@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: brandonli Date: Tue Jul 22 21:52:00 2014 New Revision: 1612709 URL: http://svn.apache.org/r1612709 Log: HDFS-6703. Merging change r1612705 from branch-2 Added: hadoop/common/branches/branch-2.5/hadoop-hdfs-project/hadoop-hdfs-nfs/src/test/java/org/apache/hadoop/hdfs/nfs/nfs3/TestClientAccessPrivilege.java - copied, changed from r1612705, hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs-nfs/src/test/java/org/apache/hadoop/hdfs/nfs/nfs3/TestClientAccessPrivilege.java Modified: hadoop/common/branches/branch-2.5/hadoop-hdfs-project/hadoop-hdfs-nfs/src/main/java/org/apache/hadoop/hdfs/nfs/nfs3/RpcProgramNfs3.java hadoop/common/branches/branch-2.5/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt Modified: hadoop/common/branches/branch-2.5/hadoop-hdfs-project/hadoop-hdfs-nfs/src/main/java/org/apache/hadoop/hdfs/nfs/nfs3/RpcProgramNfs3.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2.5/hadoop-hdfs-project/hadoop-hdfs-nfs/src/main/java/org/apache/hadoop/hdfs/nfs/nfs3/RpcProgramNfs3.java?rev=1612709&r1=1612708&r2=1612709&view=diff ============================================================================== --- hadoop/common/branches/branch-2.5/hadoop-hdfs-project/hadoop-hdfs-nfs/src/main/java/org/apache/hadoop/hdfs/nfs/nfs3/RpcProgramNfs3.java (original) +++ hadoop/common/branches/branch-2.5/hadoop-hdfs-project/hadoop-hdfs-nfs/src/main/java/org/apache/hadoop/hdfs/nfs/nfs3/RpcProgramNfs3.java Tue Jul 22 21:52:00 2014 @@ -1051,8 +1051,12 @@ public class RpcProgramNfs3 extends RpcP @Override public REMOVE3Response remove(XDR xdr, RpcInfo info) { + return remove(xdr, getSecurityHandler(info), info.remoteAddress()); + } + + @VisibleForTesting + REMOVE3Response remove(XDR xdr, SecurityHandler securityHandler, SocketAddress remoteAddress) { REMOVE3Response response = new REMOVE3Response(Nfs3Status.NFS3_OK); - SecurityHandler securityHandler = getSecurityHandler(info); DFSClient dfsClient = clientCache.getDfsClient(securityHandler.getUser()); if (dfsClient == null) { response.setStatus(Nfs3Status.NFS3ERR_SERVERFAULT); @@ -1083,17 +1087,19 @@ public class RpcProgramNfs3 extends RpcP return new REMOVE3Response(Nfs3Status.NFS3ERR_STALE); } + WccData errWcc = new WccData(Nfs3Utils.getWccAttr(preOpDirAttr), + preOpDirAttr); + if (!checkAccessPrivilege(remoteAddress, AccessPrivilege.READ_WRITE)) { + return new REMOVE3Response(Nfs3Status.NFS3ERR_ACCES, errWcc); + } + String fileIdPath = dirFileIdPath + "/" + fileName; HdfsFileStatus fstat = Nfs3Utils.getFileStatus(dfsClient, fileIdPath); if (fstat == null) { - WccData dirWcc = new WccData(Nfs3Utils.getWccAttr(preOpDirAttr), - preOpDirAttr); - return new REMOVE3Response(Nfs3Status.NFS3ERR_NOENT, dirWcc); + return new REMOVE3Response(Nfs3Status.NFS3ERR_NOENT, errWcc); } if (fstat.isDir()) { - WccData dirWcc = new WccData(Nfs3Utils.getWccAttr(preOpDirAttr), - preOpDirAttr); - return new REMOVE3Response(Nfs3Status.NFS3ERR_ISDIR, dirWcc); + return new REMOVE3Response(Nfs3Status.NFS3ERR_ISDIR, errWcc); } boolean result = dfsClient.delete(fileIdPath, false); Copied: hadoop/common/branches/branch-2.5/hadoop-hdfs-project/hadoop-hdfs-nfs/src/test/java/org/apache/hadoop/hdfs/nfs/nfs3/TestClientAccessPrivilege.java (from r1612705, hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs-nfs/src/test/java/org/apache/hadoop/hdfs/nfs/nfs3/TestClientAccessPrivilege.java) URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2.5/hadoop-hdfs-project/hadoop-hdfs-nfs/src/test/java/org/apache/hadoop/hdfs/nfs/nfs3/TestClientAccessPrivilege.java?p2=hadoop/common/branches/branch-2.5/hadoop-hdfs-project/hadoop-hdfs-nfs/src/test/java/org/apache/hadoop/hdfs/nfs/nfs3/TestClientAccessPrivilege.java&p1=hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs-nfs/src/test/java/org/apache/hadoop/hdfs/nfs/nfs3/TestClientAccessPrivilege.java&r1=1612705&r2=1612709&rev=1612709&view=diff ============================================================================== --- hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs-nfs/src/test/java/org/apache/hadoop/hdfs/nfs/nfs3/TestClientAccessPrivilege.java (original) +++ hadoop/common/branches/branch-2.5/hadoop-hdfs-project/hadoop-hdfs-nfs/src/test/java/org/apache/hadoop/hdfs/nfs/nfs3/TestClientAccessPrivilege.java Tue Jul 22 21:52:00 2014 @@ -34,8 +34,6 @@ import org.apache.hadoop.nfs.nfs3.Nfs3St import org.apache.hadoop.nfs.nfs3.response.REMOVE3Response; import org.apache.hadoop.oncrpc.XDR; import org.apache.hadoop.oncrpc.security.SecurityHandler; -import org.apache.hadoop.security.authorize.DefaultImpersonationProvider; -import org.apache.hadoop.security.authorize.ProxyUsers; import org.junit.AfterClass; import org.junit.Before; import org.junit.BeforeClass; @@ -54,11 +52,8 @@ public class TestClientAccessPrivilege { public static void setup() throws Exception { String currentUser = System.getProperty("user.name"); - config.set(DefaultImpersonationProvider.getTestProvider() - .getProxySuperuserGroupConfKey(currentUser), "*"); - config.set(DefaultImpersonationProvider.getTestProvider() - .getProxySuperuserIpConfKey(currentUser), "*"); - ProxyUsers.refreshSuperUserGroupsConfiguration(config); + config.set("hadoop.proxyuser."+currentUser+".groups", "*"); + config.set("hadoop.proxyuser."+currentUser+".hosts", "*"); cluster = new MiniDFSCluster.Builder(config).numDataNodes(1).build(); cluster.waitActive(); hdfs = cluster.getFileSystem(); Modified: hadoop/common/branches/branch-2.5/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2.5/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt?rev=1612709&r1=1612708&r2=1612709&view=diff ============================================================================== --- hadoop/common/branches/branch-2.5/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt (original) +++ hadoop/common/branches/branch-2.5/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt Tue Jul 22 21:52:00 2014 @@ -537,6 +537,9 @@ Release 2.5.0 - UNRELEASED HDFS-6632. Reintroduce dfs.http.port / dfs.https.port in branch-2. (Yongjun Zhang via wheat9) + HDFS-6703. NFS: Files can be deleted from a read-only mount + (Srikanth Upputuri via brandonli) + BREAKDOWN OF HDFS-2006 SUBTASKS AND RELATED JIRAS HDFS-6299. Protobuf for XAttr and client-side implementation. (Yi Liu via umamahesh)