incubator-accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vi...@apache.org
Subject svn commit: r1229621 - /incubator/accumulo/branches/1.4/src/server/src/main/java/org/apache/accumulo/server/security/ZKAuthenticator.java
Date Tue, 10 Jan 2012 16:11:48 GMT
Author: vines
Date: Tue Jan 10 16:11:48 2012
New Revision: 1229621

URL: http://svn.apache.org/viewvc?rev=1229621&view=rev
Log:
ACCUMULO-264 - will now error if the creator does not have any one authorization the created
user has.

Modified:
    incubator/accumulo/branches/1.4/src/server/src/main/java/org/apache/accumulo/server/security/ZKAuthenticator.java

Modified: incubator/accumulo/branches/1.4/src/server/src/main/java/org/apache/accumulo/server/security/ZKAuthenticator.java
URL: http://svn.apache.org/viewvc/incubator/accumulo/branches/1.4/src/server/src/main/java/org/apache/accumulo/server/security/ZKAuthenticator.java?rev=1229621&r1=1229620&r2=1229621&view=diff
==============================================================================
--- incubator/accumulo/branches/1.4/src/server/src/main/java/org/apache/accumulo/server/security/ZKAuthenticator.java
(original)
+++ incubator/accumulo/branches/1.4/src/server/src/main/java/org/apache/accumulo/server/security/ZKAuthenticator.java
Tue Jan 10 16:11:48 2012
@@ -208,6 +208,15 @@ public final class ZKAuthenticator imple
     if (!hasSystemPermission(credentials, credentials.user, SystemPermission.CREATE_USER))
       throw new AccumuloSecurityException(credentials.user, SecurityErrorCode.PERMISSION_DENIED);
     
+    if (!hasSystemPermission(credentials, credentials.user, SystemPermission.ALTER_USER))
{
+      Authorizations creatorAuths = getUserAuthorizations(credentials, credentials.user);
+      for (byte[] auth : authorizations.getAuthorizations())
+        if (!creatorAuths.contains(auth)) {
+          log.info("User " + credentials.user + " attempted to create a user " + user + "
with authorization " + new String(auth) + " they did not have");
+          throw new AccumuloSecurityException(credentials.user, SecurityErrorCode.BAD_AUTHORIZATIONS);
+        }
+    }
+    
     // don't allow creating a user with the same name as system user
     if (user.equals(SecurityConstants.SYSTEM_USERNAME))
       throw new AccumuloSecurityException(user, SecurityErrorCode.PERMISSION_DENIED);



Mime
View raw message