hadoop git commit: HDFS-12614. FSPermissionChecker#getINodeAttrs() throws NPE when INodeAttributesProvider configured. Contributed by Manoj Govindassamy.

kihwal Thu, 08 Mar 2018 12:27:14 -0800

Repository: hadoop
Updated Branches:
  refs/heads/branch-2.9 44abf77d9 -> 6fafaa7b7



HDFS-12614. FSPermissionChecker#getINodeAttrs() throws NPE when 
INodeAttributesProvider configured. Contributed by Manoj Govindassamy.

(cherry picked from commit 0aa52d4085f8c77dbfd9d913011c347882573ad9)


Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/6fafaa7b
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/6fafaa7b
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/6fafaa7b

Branch: refs/heads/branch-2.9
Commit: 6fafaa7b7fafa2005386779fb4c92750f256c336
Parents: 44abf77
Author: Kihwal Lee <kih...@apache.org>
Authored: Thu Mar 8 14:26:42 2018 -0600
Committer: Kihwal Lee <kih...@apache.org>
Committed: Thu Mar 8 14:26:42 2018 -0600

----------------------------------------------------------------------
 .../server/namenode/FSPermissionChecker.java    | 12 +++-
 .../namenode/TestINodeAttributeProvider.java    | 63 +++++++++++++++-----
 2 files changed, 57 insertions(+), 18 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hadoop/blob/6fafaa7b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java
----------------------------------------------------------------------
diff --git 
a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java
 
b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java
index 388e91f..ec82ab7 100644
--- 
a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java
+++ 
b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java
@@ -271,8 +271,16 @@ public class FSPermissionChecker implements 
AccessControlEnforcer {
     INodeAttributes inodeAttrs = inode.getSnapshotINode(snapshotId);
     if (getAttributesProvider() != null) {
       String[] elements = new String[pathIdx + 1];
-      for (int i = 0; i < elements.length; i++) {
-        elements[i] = DFSUtil.bytes2String(pathByNameArr[i]);
+      /**
+       * {@link INode#getPathComponents(String)} returns a null component
+       * for the root only path "/". Assign an empty string if so.
+       */
+      if (pathByNameArr.length == 1 && pathByNameArr[0] == null) {
+        elements[0] = "";
+      } else {
+        for (int i = 0; i < elements.length; i++) {
+          elements[i] = DFSUtil.bytes2String(pathByNameArr[i]);
+        }
       }
       inodeAttrs = getAttributesProvider().getAttributes(elements, inodeAttrs);
     }

http://git-wip-us.apache.org/repos/asf/hadoop/blob/6fafaa7b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestINodeAttributeProvider.java
----------------------------------------------------------------------
diff --git 
a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestINodeAttributeProvider.java
 
b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestINodeAttributeProvider.java
index bbc5fa0..5495692 100644
--- 
a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestINodeAttributeProvider.java
+++ 
b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestINodeAttributeProvider.java
@@ -313,31 +313,62 @@ public class TestINodeAttributeProvider {
     testBypassProviderHelper(users, HDFS_PERMISSION, true);
   }
 
-  @Test
-  public void testCustomProvider() throws Exception {
+  private void verifyFileStatus(UserGroupInformation ugi) throws IOException {
     FileSystem fs = FileSystem.get(miniDFS.getConfiguration(0));
-    fs.mkdirs(new Path("/user/xxx"));
-    FileStatus status = fs.getFileStatus(new Path("/user/xxx"));
-    Assert.assertEquals(System.getProperty("user.name"), status.getOwner());
+
+    FileStatus status = fs.getFileStatus(new Path("/"));
+    LOG.info("Path '/' is owned by: "
+        + status.getOwner() + ":" + status.getGroup());
+
+    Path userDir = new Path("/user/" + ugi.getShortUserName());
+    fs.mkdirs(userDir);
+    status = fs.getFileStatus(userDir);
+    Assert.assertEquals(ugi.getShortUserName(), status.getOwner());
     Assert.assertEquals("supergroup", status.getGroup());
     Assert.assertEquals(new FsPermission((short) 0755), 
status.getPermission());
-    fs.mkdirs(new Path("/user/authz"));
-    Path p = new Path("/user/authz");
-    status = fs.getFileStatus(p);
+
+    Path authzDir = new Path("/user/authz");
+    fs.mkdirs(authzDir);
+    status = fs.getFileStatus(authzDir);
     Assert.assertEquals("foo", status.getOwner());
     Assert.assertEquals("bar", status.getGroup());
     Assert.assertEquals(new FsPermission((short) 0770), 
status.getPermission());
-    AclStatus aclStatus = fs.getAclStatus(p);
+
+    AclStatus aclStatus = fs.getAclStatus(authzDir);
     Assert.assertEquals(1, aclStatus.getEntries().size());
-    Assert.assertEquals(AclEntryType.GROUP, aclStatus.getEntries().get(0)
-            .getType());
-    Assert.assertEquals("xxx", aclStatus.getEntries().get(0)
-            .getName());
-    Assert.assertEquals(FsAction.ALL, aclStatus.getEntries().get(0)
-            .getPermission());
-    Map<String, byte[]> xAttrs = fs.getXAttrs(p);
+    Assert.assertEquals(AclEntryType.GROUP,
+        aclStatus.getEntries().get(0).getType());
+    Assert.assertEquals("xxx",
+        aclStatus.getEntries().get(0).getName());
+    Assert.assertEquals(FsAction.ALL,
+        aclStatus.getEntries().get(0).getPermission());
+    Map<String, byte[]> xAttrs = fs.getXAttrs(authzDir);
     Assert.assertTrue(xAttrs.containsKey("user.test"));
     Assert.assertEquals(2, xAttrs.get("user.test").length);
   }
 
+  /**
+   * With the custom provider configured, verify file status attributes.
+   * A superuser can bypass permission check while resolving paths. So,
+   * verify file status for both superuser and non-superuser.
+   */
+  @Test
+  public void testCustomProvider() throws Exception {
+    final UserGroupInformation[] users = new UserGroupInformation[]{
+        UserGroupInformation.createUserForTesting(
+            System.getProperty("user.name"), new String[]{"supergroup"}),
+        UserGroupInformation.createUserForTesting(
+            "normaluser", new String[]{"normalusergroup"}),
+    };
+
+    for (final UserGroupInformation user : users) {
+      user.doAs(new PrivilegedExceptionAction<Void>() {
+        @Override
+        public Void run() throws Exception {
+          verifyFileStatus(user);
+          return null;
+        }
+      });
+    }
+  }
 }


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-commits-h...@hadoop.apache.org

hadoop git commit: HDFS-12614. FSPermissionChecker#getINodeAttrs() throws NPE when INodeAttributesProvider configured. Contributed by Manoj Govindassamy.

Reply via email to