Wei-Chiu Chuang created HDDS-7750:
-------------------------------------
Summary: Incorrect WRITE ACL check
Key: HDDS-7750
URL: https://issues.apache.org/jira/browse/HDDS-7750
Project: Apache Ozone
Issue Type: Sub-task
Components: Ozone Manager
Reporter: Wei-Chiu Chuang
[https://github.com/apache/ozone/blob/2ba8bb71f128ec619c5bed9b6303394e8677bf53/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/KeyManagerImpl.java#L1056]
{code:java}
if (context.getAclRights() == IAccessAuthorizer.ACLType.WRITE) {
keyInfo =
metadataManager.getOpenKeyTable(bucketLayout).get(objectKey);
...
if (keyInfo == null) {
// the key does not exist, but it is a parent "dir" of some key
// let access be determined based on volume/bucket/prefix ACL
LOG.debug("key:{} is non-existent parent, permit access to user:{}",
keyName, context.getClientUgi());
return true;
} {code}
Using key name, instead of the open key name (which has client id as the
suffix), the key is guaranteed to not be found, and thus keyInfo is always true
for WRITE ACL type. Therefore, this ACL check will always pass. This looks
undesirable.
cc: [~smeng]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
