[jira] [Commented] (HDDS-7750) Incorrect WRITE ACL check

Tue, 21 Feb 2023 06:51:24 -0800 


    [ 
https://issues.apache.org/jira/browse/HDDS-7750?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17691647#comment-17691647
 ] 

Siyao Meng commented on HDDS-7750:
----------------------------------

Hmm I don't have much context around this. But judging from the 
[comment|https://github.com/apache/ozone/blame/2ba8bb71f128ec619c5bed9b6303394e8677bf53/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/KeyManagerImpl.java#L1052-L1054]
 it looks intentional? Or is the comment incorrect in some way

Any thoughts on 
[this|https://github.com/apache/ozone/blame/2ba8bb71f128ec619c5bed9b6303394e8677bf53/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/KeyManagerImpl.java#L1056]?
 [~aryangupta1998]

> Incorrect WRITE ACL check
> -------------------------
>
>                 Key: HDDS-7750
>                 URL: https://issues.apache.org/jira/browse/HDDS-7750
>             Project: Apache Ozone
>          Issue Type: Sub-task
>          Components: Ozone Manager
>            Reporter: Wei-Chiu Chuang
>            Assignee: Nandakumar
>            Priority: Major
>
> [https://github.com/apache/ozone/blob/2ba8bb71f128ec619c5bed9b6303394e8677bf53/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/KeyManagerImpl.java#L1056]
>  
> {code:java}
> if (context.getAclRights() == IAccessAuthorizer.ACLType.WRITE) {
>   keyInfo =
>       metadataManager.getOpenKeyTable(bucketLayout).get(objectKey);
> ...
> if (keyInfo == null) {
>   // the key does not exist, but it is a parent "dir" of some key
>   // let access be determined based on volume/bucket/prefix ACL
>   LOG.debug("key:{} is non-existent parent, permit access to user:{}",
>       keyName, context.getClientUgi());
>   return true;
> } {code}
> Using key name, instead of the open key name (which has client id as the 
> suffix), the key is guaranteed to not be found, and thus keyInfo is always 
> true for WRITE ACL type. Therefore, this ACL check will always pass. This 
> looks undesirable.
>  
> cc: [~smeng] 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to