incubator-accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vi...@apache.org
Subject svn commit: r1229646 - /incubator/accumulo/trunk/src/server/src/main/java/org/apache/accumulo/server/security/ZKAuthenticator.java
Date Tue, 10 Jan 2012 17:23:13 GMT
Author: vines
Date: Tue Jan 10 17:23:13 2012
New Revision: 1229646

URL: http://svn.apache.org/viewvc?rev=1229646&view=rev
Log:
ACCUMULO-264 - merging to trunk


Modified:
    incubator/accumulo/trunk/src/server/src/main/java/org/apache/accumulo/server/security/ZKAuthenticator.java

Modified: incubator/accumulo/trunk/src/server/src/main/java/org/apache/accumulo/server/security/ZKAuthenticator.java
URL: http://svn.apache.org/viewvc/incubator/accumulo/trunk/src/server/src/main/java/org/apache/accumulo/server/security/ZKAuthenticator.java?rev=1229646&r1=1229645&r2=1229646&view=diff
==============================================================================
--- incubator/accumulo/trunk/src/server/src/main/java/org/apache/accumulo/server/security/ZKAuthenticator.java
(original)
+++ incubator/accumulo/trunk/src/server/src/main/java/org/apache/accumulo/server/security/ZKAuthenticator.java
Tue Jan 10 17:23:13 2012
@@ -208,6 +208,15 @@ public final class ZKAuthenticator imple
     if (!hasSystemPermission(credentials, credentials.user, SystemPermission.CREATE_USER))
       throw new AccumuloSecurityException(credentials.user, SecurityErrorCode.PERMISSION_DENIED);
     
+    if (!hasSystemPermission(credentials, credentials.user, SystemPermission.ALTER_USER))
{
+      Authorizations creatorAuths = getUserAuthorizations(credentials, credentials.user);
+      for (byte[] auth : authorizations.getAuthorizations())
+        if (!creatorAuths.contains(auth)) {
+          log.info("User " + credentials.user + " attempted to create a user " + user + "
with authorization " + new String(auth) + " they did not have");
+          throw new AccumuloSecurityException(credentials.user, SecurityErrorCode.BAD_AUTHORIZATIONS);
+        }
+    }
+    
     // don't allow creating a user with the same name as system user
     if (user.equals(SecurityConstants.SYSTEM_USERNAME))
       throw new AccumuloSecurityException(user, SecurityErrorCode.PERMISSION_DENIED);



Mime
View raw message