Repository: hadoop Updated Branches: refs/heads/branch-2 07c7df4b2 -> b725fd692
xattr api cleanup (cherry picked from commit da59acd8ca9ab5b49b988ffca64e8cce91c5f741) Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/b725fd69 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/b725fd69 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/b725fd69 Branch: refs/heads/branch-2 Commit: b725fd6924b08a42c896a0406fc77553c8bfe062 Parents: 07c7df4 Author: Kihwal Lee <kih...@apache.org> Authored: Thu Feb 15 11:28:45 2018 -0600 Committer: Kihwal Lee <kih...@apache.org> Committed: Thu Feb 15 11:28:45 2018 -0600 ---------------------------------------------------------------------- .../hdfs/server/namenode/FSDirXAttrOp.java | 3 +- .../hdfs/server/namenode/FSXAttrBaseTest.java | 63 ++++++++++++++++---- 2 files changed, 51 insertions(+), 15 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/b725fd69/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirXAttrOp.java ---------------------------------------------------------------------- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirXAttrOp.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirXAttrOp.java index ddc088c..1bd6670 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirXAttrOp.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirXAttrOp.java @@ -136,8 +136,7 @@ class FSDirXAttrOp { final boolean isRawPath = FSDirectory.isReservedRawName(src); final INodesInPath iip = fsd.resolvePath(pc, src, DirOp.READ); if (fsd.isPermissionEnabled()) { - /* To access xattr names, you need EXECUTE in the owning directory. */ - fsd.checkParentAccess(pc, iip, FsAction.EXECUTE); + fsd.checkPathAccess(pc, iip, FsAction.READ); } final List<XAttr> all = FSDirXAttrOp.getXAttrs(fsd, iip); return XAttrPermissionFilter. http://git-wip-us.apache.org/repos/asf/hadoop/blob/b725fd69/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/FSXAttrBaseTest.java ---------------------------------------------------------------------- diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/FSXAttrBaseTest.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/FSXAttrBaseTest.java index 87a975d..99e0698 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/FSXAttrBaseTest.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/FSXAttrBaseTest.java @@ -842,28 +842,37 @@ public class FSXAttrBaseTest { } /* - * Check that execute/scan access to the parent dir is sufficient to get - * xattr names. + * Check that execute/scan access to the parent dir is not + * sufficient to get xattr names. */ fs.setPermission(path, new FsPermission((short) 0701)); user.doAs(new PrivilegedExceptionAction<Object>() { @Override public Object run() throws Exception { + try { final FileSystem userFs = dfsCluster.getFileSystem(); userFs.listXAttrs(childDir); - return null; + fail("expected AccessControlException"); + } catch (AccessControlException ace) { + GenericTestUtils.assertExceptionContains("Permission denied", ace); } + return null; + } }); /* * Test that xattrs in the "trusted" namespace are filtered correctly. */ + // Allow the user to read child path. + fs.setPermission(childDir, new FsPermission((short) 0704)); fs.setXAttr(childDir, "trusted.myxattr", "1234".getBytes()); user.doAs(new PrivilegedExceptionAction<Object>() { @Override public Object run() throws Exception { final FileSystem userFs = dfsCluster.getFileSystem(); - assertTrue(userFs.listXAttrs(childDir).size() == 1); + List<String> xattrs = userFs.listXAttrs(childDir); + assertTrue(xattrs.size() == 1); + assertEquals(name1, xattrs.get(0)); return null; } }); @@ -1108,20 +1117,48 @@ public class FSXAttrBaseTest { } /* - * Test that only user who have parent directory execute access - * can see raw.* xattrs returned from listXAttr + * Test that user who have parent directory execute access + * can also not see raw.* xattrs returned from listXAttr */ - // non-raw path - final List<String> xattrNames = userFs.listXAttrs(path); - assertTrue(xattrNames.size() == 0); + try { + // non-raw path + userFs.listXAttrs(path); + fail("listXAttr should have thrown AccessControlException"); + } catch (AccessControlException ace) { + // expected + } - // raw path - List<String> rawXattrs = userFs.listXAttrs(rawPath); - assertTrue(rawXattrs.size() == 1); - assertTrue(rawXattrs.get(0).equals(raw1)); + try { + // raw path + userFs.listXAttrs(rawPath); + fail("listXAttr should have thrown AccessControlException"); + } catch (AccessControlException ace) { + // expected + } return null; } }); + /* + Test user who have read access can list xattrs in "raw.*" namespace + */ + fs.setPermission(path, new FsPermission((short) 0751)); + final Path childDir = new Path(path, "child" + pathCount); + FileSystem.mkdirs(fs, childDir, FsPermission.createImmutable((short) + 0704)); + final Path rawChildDir = + new Path("/.reserved/raw" + childDir.toString()); + fs.setXAttr(rawChildDir, raw1, value1); + user.doAs(new PrivilegedExceptionAction<Object>() { + @Override + public Object run() throws Exception { + final FileSystem userFs = dfsCluster.getFileSystem(); + // raw path + List<String> xattrs = userFs.listXAttrs(rawChildDir); + assertEquals(1, xattrs.size()); + assertEquals(raw1, xattrs.get(0)); + return null; + } + }); fs.removeXAttr(rawPath, raw1); } --------------------------------------------------------------------- To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-commits-h...@hadoop.apache.org
