zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Edward Ribeiro <edward.ribe...@gmail.com>
Subject Re: Acl block detete not working
Date Sat, 13 May 2017 05:53:50 GMT
Hey, Joe and Martin,

A quick explanation: the code Martin posted on the mailing list is the
client side one. In those snippets the setACL is setting/changing the ACL
so it needs to pass this in the call to the server: zk.setACL(path, acl,
version). OTOH, the delete command doesn't need to pass the ACL credentials
because those are already stored in the corresponding znode (or its parent)
so it only needs to pass the path and version: zk.delete(path, version).

What you really want to look at is here:
https://github.com/apache/zookeeper/blob/branch-3.4/src/java/main/org/apache/zookeeper/server/PrepRequestProcessor.java#L392

See? The delete is checking the ACL of the parent znode, but not the znode
that we are trying to delete.

Well, I opened a PR https://github.com/apache/zookeeper/pull/252 to see if
we can fix this.

Best regards,
Edward






On Tue, May 2, 2017 at 6:24 PM, joe smith <water4u99@yahoo.com.invalid>
wrote:

> Hi Martin,
> Thanks for the reply.  I've create a bug report:
> https://issues.apache.org/jira/browse/ZOOKEEPER-2772
> Regards,-j
>
>
>     On Tuesday, May 2, 2017 2:16 PM, Martin Gainty <mgainty@hotmail.com>
> wrote:
>
>
>  #yiv6303704777 #yiv6303704777 -- P {margin-top:0;margin-bottom:0;
> }#yiv6303704777
> From: joe smith <water4u99@yahoo.com.INVALID>
> Sent: Tuesday, May 2, 2017 8:40 AM
> To: user@zookeeper.apache.org
> Subject: Acl block detete not working Hi,
> I'm using 3.4.10 and setting custom aol to block deletion of a znode.
> However, I'm able to delete the node even after I've set acl from cdrwa to
> crwa.
> Can anyone point out if I missed some step.
> Thanks for the help
>
> Here is the trace:
> [zk: localhost:2181(CONNECTED) 0] ls /
> [zookeeper]
>
> [zk: localhost:2181(CONNECTED) 1] create /test "data"Created /test
>
> [zk: localhost:2181(CONNECTED) 2] ls /[zookeeper, test]
>
> [zk: localhost:2181(CONNECTED) 3] addauth myfqdn localhost
> [zk: localhost:2181(CONNECTED) 4] setAcl /test myfqdn:localhost:cracZxid =
> 0x2
> ctime = Tue May 02 08:28:42 EDT 2017
> mZxid = 0x2
> mtime = Tue May 02 08:28:42 EDT 2017
> pZxid = 0x2
> cversion = 0
> dataVersion = 0
> aclVersion = 1
> ephemeralOwner = 0x0
> dataLength = 4
> numChildren = 0
>
> MG>in SetAclCommand you can see the acl being parsed and acl being set by
> setAcl into zk object
>     List<ACL> acl = AclParser.parse(aclStr);        int version;        if
> (cl.hasOption("v")) {            version = Integer.parseInt(cl.getOptionValue("v"));
>       } else {            version = -1;        }        try {
> Stat stat = zk.setACL(path, acl, version);
> MG>later on in DeleteCommand there is no check for aforementioned acl
> parameter   public boolean exec() throws KeeperException,
> InterruptedException {        String path = args[1];        int version;
>     if (cl.hasOption("v")) {            version = Integer.parseInt(cl.getOptionValue("v"));
>       } else {            version = -1;        }                try {
>   zk.delete(path, version);        } catch(KeeperException.BadVersionException
> ex) {            err.println(ex.getMessage());        }        return false;
> MG>as seen here the testCase works properly saving the Zookeeper object
>  LsCommand entity = new LsCommand();        entity.setZk(zk);
>
> MG>but setACL does not save the zookeeper object anywhere but instead
> seems to discard zookeeper object with accompanying ACLsMG>can you report
> this bug to Zookeeper?
> https://issues.apache.org/jira/browse/ZOOKEEPER/?
> selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel
>
> | ZooKeeper - ASF JIRA - issues.apache.orgissues.apache.orgApache
> ZooKeeper is a service for coordinating processes of distributed
> applications. Versions: Unreleased. Name Release date; Unreleased 3.2.3 :
> Unreleased 3.3.7 |
>
> MG>Thanks Joe!
>
> [zk: localhost:2181(CONNECTED) 5] getAcl /test'myfqdn,'localhost
> : cra
>
> [zk: localhost:2181(CONNECTED) 6] get /testdata
> cZxid = 0x2
> ctime = Tue May 02 08:28:42 EDT 2017
> mZxid = 0x2
> mtime = Tue May 02 08:28:42 EDT 2017
> pZxid = 0x2
> cversion = 0
> dataVersion = 0
> aclVersion = 1
> ephemeralOwner = 0x0
> dataLength = 4
> numChildren = 0
>
> [zk: localhost:2181(CONNECTED) 7] set /test "testwrite"Authentication is
> not valid : /test
>
> [zk: localhost:2181(CONNECTED) 8] delete /test
> [zk: localhost:2181(CONNECTED) 9] ls /[zookeeper]
>
> [zk: localhost:2181(CONNECTED) 10]
> The auth provider imple is here: http://s000.tinyupload.com/?
> file_id=42827186839577179157
> | TinyUpload.com - best file hosting solution, with no limits, totaly
> frees000.tinyupload.comTinyUpload.com - solution for tiny file hosting.
> No download limits, no upload limit. Totaly free. |
>
>
>
>
>
>
>
> |   |
>
>
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message