Return-Path: Delivered-To: apmail-hadoop-zookeeper-commits-archive@minotaur.apache.org Received: (qmail 87300 invoked from network); 18 Jun 2009 01:09:10 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 18 Jun 2009 01:09:10 -0000 Received: (qmail 94248 invoked by uid 500); 18 Jun 2009 01:09:21 -0000 Delivered-To: apmail-hadoop-zookeeper-commits-archive@hadoop.apache.org Received: (qmail 94221 invoked by uid 500); 18 Jun 2009 01:09:21 -0000 Mailing-List: contact zookeeper-commits-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: zookeeper-dev@ Delivered-To: mailing list zookeeper-commits@hadoop.apache.org Received: (qmail 94211 invoked by uid 99); 18 Jun 2009 01:09:21 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 18 Jun 2009 01:09:21 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 18 Jun 2009 01:09:13 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 25B1E2388878; Thu, 18 Jun 2009 01:08:53 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r785871 - in /hadoop/zookeeper/trunk: ./ src/c/include/ src/c/tests/ src/java/main/org/apache/zookeeper/server/ src/java/test/org/apache/zookeeper/test/ Date: Thu, 18 Jun 2009 01:08:52 -0000 To: zookeeper-commits@hadoop.apache.org From: mahadev@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20090618010853.25B1E2388878@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: mahadev Date: Thu Jun 18 01:08:52 2009 New Revision: 785871 URL: http://svn.apache.org/viewvc?rev=785871&view=rev Log: ZOOKEEPER-433. getacl on root znode (/) fails. (phunt via mahadev) Added: hadoop/zookeeper/trunk/src/java/test/org/apache/zookeeper/test/ACLRootTest.java Modified: hadoop/zookeeper/trunk/CHANGES.txt hadoop/zookeeper/trunk/src/c/include/zookeeper.h hadoop/zookeeper/trunk/src/c/tests/TestClient.cc hadoop/zookeeper/trunk/src/java/main/org/apache/zookeeper/server/DataTree.java hadoop/zookeeper/trunk/src/java/main/org/apache/zookeeper/server/PrepRequestProcessor.java Modified: hadoop/zookeeper/trunk/CHANGES.txt URL: http://svn.apache.org/viewvc/hadoop/zookeeper/trunk/CHANGES.txt?rev=785871&r1=785870&r2=785871&view=diff ============================================================================== --- hadoop/zookeeper/trunk/CHANGES.txt (original) +++ hadoop/zookeeper/trunk/CHANGES.txt Thu Jun 18 01:08:52 2009 @@ -119,6 +119,8 @@ ZOOKEEPER-375. zoo_add_auth only retains most recent auth on re-sync. (mahadev) + ZOOKEEPER-433. getacl on root znode (/) fails. (phunt via mahadev) + IMPROVEMENTS: ZOOKEEPER-308. improve the atomic broadcast performance 3x. (breed via mahadev) Modified: hadoop/zookeeper/trunk/src/c/include/zookeeper.h URL: http://svn.apache.org/viewvc/hadoop/zookeeper/trunk/src/c/include/zookeeper.h?rev=785871&r1=785870&r2=785871&view=diff ============================================================================== --- hadoop/zookeeper/trunk/src/c/include/zookeeper.h (original) +++ hadoop/zookeeper/trunk/src/c/include/zookeeper.h Thu Jun 18 01:08:52 2009 @@ -128,11 +128,18 @@ extern ZOOAPI const int ZOO_PERM_ADMIN; extern ZOOAPI const int ZOO_PERM_ALL; +/** This Id represents anyone. */ extern ZOOAPI struct Id ZOO_ANYONE_ID_UNSAFE; +/** This Id is only usable to set ACLs. It will get substituted with the + * Id's the client authenticated with. + */ extern ZOOAPI struct Id ZOO_AUTH_IDS; +/** This is a completely open ACL*/ extern ZOOAPI struct ACL_vector ZOO_OPEN_ACL_UNSAFE; +/** This ACL gives the world the ability to read. */ extern ZOOAPI struct ACL_vector ZOO_READ_ACL_UNSAFE; +/** This ACL gives the creators authentication id's all permissions. */ extern ZOOAPI struct ACL_vector ZOO_CREATOR_ALL_ACL; /** Modified: hadoop/zookeeper/trunk/src/c/tests/TestClient.cc URL: http://svn.apache.org/viewvc/hadoop/zookeeper/trunk/src/c/tests/TestClient.cc?rev=785871&r1=785870&r2=785871&view=diff ============================================================================== --- hadoop/zookeeper/trunk/src/c/tests/TestClient.cc (original) +++ hadoop/zookeeper/trunk/src/c/tests/TestClient.cc Thu Jun 18 01:08:52 2009 @@ -378,7 +378,8 @@ count = 0; watchctx_t ctx1, ctx2, ctx3; zhandle_t *zk = createClient(&ctx1); - + struct ACL_vector nodeAcl; + struct ACL acl_val; rc = zoo_add_auth(0, "", 0, 0, voidCompletion, (void*)-1); CPPUNIT_ASSERT_EQUAL((int) ZBADARGUMENTS, rc); @@ -435,6 +436,19 @@ // now try getting the data rc = zoo_get(zk, "/tauth1", 0, buf, &blen, &stat); CPPUNIT_ASSERT_EQUAL((int)ZOK, rc); + // also check for get + rc = zoo_get_acl(zk, "/", &nodeAcl, &stat); + CPPUNIT_ASSERT_EQUAL((int)ZOK, rc); + // check if the acl has all the perms + CPPUNIT_ASSERT_EQUAL((int)1, nodeAcl.count); + acl_val = *(nodeAcl.data); + CPPUNIT_ASSERT_EQUAL((int) acl_val.perms, ZOO_PERM_ALL); + // verify on root node + rc = zoo_set_acl(zk, "/", -1, &ZOO_CREATOR_ALL_ACL); + CPPUNIT_ASSERT_EQUAL((int) ZOK, rc); + + rc = zoo_set_acl(zk, "/", -1, &ZOO_OPEN_ACL_UNSAFE); + CPPUNIT_ASSERT_EQUAL((int) ZOK, rc); } void testNullData() { Modified: hadoop/zookeeper/trunk/src/java/main/org/apache/zookeeper/server/DataTree.java URL: http://svn.apache.org/viewvc/hadoop/zookeeper/trunk/src/java/main/org/apache/zookeeper/server/DataTree.java?rev=785871&r1=785870&r2=785871&view=diff ============================================================================== --- hadoop/zookeeper/trunk/src/java/main/org/apache/zookeeper/server/DataTree.java (original) +++ hadoop/zookeeper/trunk/src/java/main/org/apache/zookeeper/server/DataTree.java Thu Jun 18 01:08:52 2009 @@ -21,6 +21,7 @@ import java.io.IOException; import java.util.ArrayList; import java.util.Collection; +import java.util.Collections; import java.util.HashMap; import java.util.HashSet; import java.util.List; @@ -43,7 +44,9 @@ import org.apache.zookeeper.Watcher.Event; import org.apache.zookeeper.Watcher.Event.EventType; import org.apache.zookeeper.Watcher.Event.KeeperState; +import org.apache.zookeeper.ZooDefs.Ids; import org.apache.zookeeper.ZooDefs.OpCode; +import org.apache.zookeeper.ZooDefs.Perms; import org.apache.zookeeper.common.PathTrie; import org.apache.zookeeper.data.ACL; import org.apache.zookeeper.data.Stat; @@ -193,15 +196,17 @@ aclKeyMap.put(acls, val); return val; } - + /** * converts a list of longs to a list of acls. * @param longs the list of longs * @return a list of ACLs that map to longs */ public synchronized List convertLong(Long longVal) { - if (longVal == null || longVal == -1L) + if (longVal == null) return null; + if (longVal == -1L) + return Ids.OPEN_ACL_UNSAFE; List acls = longKeyMap.get(longVal); if (acls == null) { LOG.error("ERROR: ACL not available for long " + longVal); Modified: hadoop/zookeeper/trunk/src/java/main/org/apache/zookeeper/server/PrepRequestProcessor.java URL: http://svn.apache.org/viewvc/hadoop/zookeeper/trunk/src/java/main/org/apache/zookeeper/server/PrepRequestProcessor.java?rev=785871&r1=785870&r2=785871&view=diff ============================================================================== --- hadoop/zookeeper/trunk/src/java/main/org/apache/zookeeper/server/PrepRequestProcessor.java (original) +++ hadoop/zookeeper/trunk/src/java/main/org/apache/zookeeper/server/PrepRequestProcessor.java Thu Jun 18 01:08:52 2009 @@ -439,7 +439,8 @@ } boolean authIdValid = false; for (Id cid : authInfo) { - AuthenticationProvider ap = ProviderRegistry.getProvider(cid.getScheme()); + AuthenticationProvider ap = + ProviderRegistry.getProvider(cid.getScheme()); if (ap == null) { LOG.error("Missing AuthenticationProvider for " + cid.getScheme()); Added: hadoop/zookeeper/trunk/src/java/test/org/apache/zookeeper/test/ACLRootTest.java URL: http://svn.apache.org/viewvc/hadoop/zookeeper/trunk/src/java/test/org/apache/zookeeper/test/ACLRootTest.java?rev=785871&view=auto ============================================================================== --- hadoop/zookeeper/trunk/src/java/test/org/apache/zookeeper/test/ACLRootTest.java (added) +++ hadoop/zookeeper/trunk/src/java/test/org/apache/zookeeper/test/ACLRootTest.java Thu Jun 18 01:08:52 2009 @@ -0,0 +1,120 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.zookeeper.test; + +import org.apache.log4j.Logger; +import org.apache.zookeeper.CreateMode; +import org.apache.zookeeper.KeeperException; +import org.apache.zookeeper.ZooKeeper; +import org.apache.zookeeper.ZooDefs.Ids; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; + +/** + * Functional testing of asynchronous operations, both positive and negative + * testing. + * + * This just scratches the surface, but exercises the basic async functionality. + */ +public class ACLRootTest extends ClientBase { + private static final Logger LOG = Logger.getLogger(ACLRootTest.class); + + @Before + @Override + protected void setUp() throws Exception { + super.setUp(); + + LOG.info("STARTING " + getName()); + } + + @After + @Override + protected void tearDown() throws Exception { + super.tearDown(); + + LOG.info("FINISHED " + getName()); + } + + @Test + public void testRootAcl() throws Exception { + ZooKeeper zk = createClient(); + try { + // set auth using digest + zk.addAuthInfo("digest", "pat:test".getBytes()); + zk.setACL("/", Ids.CREATOR_ALL_ACL, -1); + zk.getData("/", false, null); + zk.close(); + // verify no access + zk = createClient(); + try { + zk.getData("/", false, null); + fail("validate auth"); + } catch (KeeperException.NoAuthException e) { + // expected + } + try { + zk.create("/apps", null, Ids.CREATOR_ALL_ACL, + CreateMode.PERSISTENT); + fail("validate auth"); + } catch (KeeperException.InvalidACLException e) { + // expected + } + zk.addAuthInfo("digest", "world:anyone".getBytes()); + try { + zk.create("/apps", null, Ids.CREATOR_ALL_ACL, + CreateMode.PERSISTENT); + fail("validate auth"); + } catch (KeeperException.NoAuthException e) { + // expected + } + zk.close(); + // verify access using original auth + zk = createClient(); + zk.addAuthInfo("digest", "pat:test".getBytes()); + zk.getData("/", false, null); + zk.create("/apps", null, Ids.CREATOR_ALL_ACL, + CreateMode.PERSISTENT); + zk.delete("/apps", -1); + // reset acl (back to open) and verify accessible again + zk.setACL("/", Ids.OPEN_ACL_UNSAFE, -1); + zk.close(); + zk = createClient(); + zk.getData("/", false, null); + zk.create("/apps", null, Ids.OPEN_ACL_UNSAFE, + CreateMode.PERSISTENT); + try { + zk.create("/apps", null, Ids.CREATOR_ALL_ACL, + CreateMode.PERSISTENT); + fail("validate auth"); + } catch (KeeperException.InvalidACLException e) { + // expected + } + zk.delete("/apps", -1); + zk.addAuthInfo("digest", "world:anyone".getBytes()); + zk.create("/apps", null, Ids.CREATOR_ALL_ACL, + CreateMode.PERSISTENT); + zk.close(); + zk = createClient(); + zk.delete("/apps", -1); + } finally { + zk.close(); + } + } +}