Author: mahadev
Date: Tue Oct 26 22:05:58 2010
New Revision: 1027758
URL: http://svn.apache.org/viewvc?rev=1027758&view=rev
Log:
ZOOKEEPER-904. super digest is not actually acting as a full superuser (Camille
Fournier via mahadev)
Modified:
hadoop/zookeeper/branches/branch-3.3/CHANGES.txt
hadoop/zookeeper/branches/branch-3.3/src/java/main/org/apache/zookeeper/server/PrepRequestProcessor.java
hadoop/zookeeper/branches/branch-3.3/src/java/test/org/apache/zookeeper/test/AuthTest.java
Modified: hadoop/zookeeper/branches/branch-3.3/CHANGES.txt
URL:
http://svn.apache.org/viewvc/hadoop/zookeeper/branches/branch-3.3/CHANGES.txt?rev=1027758&r1=1027757&r2=1027758&view=diff
==============================================================================
--- hadoop/zookeeper/branches/branch-3.3/CHANGES.txt (original)
+++ hadoop/zookeeper/branches/branch-3.3/CHANGES.txt Tue Oct 26 22:05:58 2010
@@ -56,6 +56,9 @@ BUGFIXES:
ZOOKEEPER-800. zoo_add_auth returns ZOK if zookeeper handle is in
ZOO_CLOSED_STATE (Michi Mutsuzaki via mahadev konar)
+ ZOOKEEPER-904. super digest is not actually acting as a full superuser
+ (Camille Fournier via mahadev)
+
IMPROVEMENTS:
ZOOKEEPER-789. Improve FLE log messages (flavio via phunt)
Modified:
hadoop/zookeeper/branches/branch-3.3/src/java/main/org/apache/zookeeper/server/PrepRequestProcessor.java
URL:
http://svn.apache.org/viewvc/hadoop/zookeeper/branches/branch-3.3/src/java/main/org/apache/zookeeper/server/PrepRequestProcessor.java?rev=1027758&r1=1027757&r2=1027758&view=diff
==============================================================================
---
hadoop/zookeeper/branches/branch-3.3/src/java/main/org/apache/zookeeper/server/PrepRequestProcessor.java
(original)
+++
hadoop/zookeeper/branches/branch-3.3/src/java/main/org/apache/zookeeper/server/PrepRequestProcessor.java
Tue Oct 26 22:05:58 2010
@@ -167,6 +167,11 @@ public class PrepRequestProcessor extend
if (acl == null || acl.size() == 0) {
return;
}
+ for (Id authId : ids) {
+ if (authId.getScheme().equals("super")) {
+ return;
+ }
+ }
for (ACL a : acl) {
Id id = a.getId();
if ((a.getPerms() & perm) != 0) {
@@ -177,10 +182,7 @@ public class PrepRequestProcessor extend
AuthenticationProvider ap = ProviderRegistry.getProvider(id
.getScheme());
if (ap != null) {
- for (Id authId : ids) {
- if (authId.getScheme().equals("super")) {
- return;
- }
+ for (Id authId : ids) {
if (authId.getScheme().equals(id.getScheme())
&& ap.matches(authId.getId(), id.getId())) {
return;
Modified:
hadoop/zookeeper/branches/branch-3.3/src/java/test/org/apache/zookeeper/test/AuthTest.java
URL:
http://svn.apache.org/viewvc/hadoop/zookeeper/branches/branch-3.3/src/java/test/org/apache/zookeeper/test/AuthTest.java?rev=1027758&r1=1027757&r2=1027758&view=diff
==============================================================================
---
hadoop/zookeeper/branches/branch-3.3/src/java/test/org/apache/zookeeper/test/AuthTest.java
(original)
+++
hadoop/zookeeper/branches/branch-3.3/src/java/test/org/apache/zookeeper/test/AuthTest.java
Tue Oct 26 22:05:58 2010
@@ -122,4 +122,28 @@ public class AuthTest extends ClientBase
zk.close();
}
}
+
+ @Test
+ public void testSuperACL() throws Exception {
+ ZooKeeper zk = createClient();
+ try {
+ zk.addAuthInfo("digest", "pat:pass".getBytes());
+ zk.create("/path1", null, Ids.CREATOR_ALL_ACL,
+ CreateMode.PERSISTENT);
+ zk.close();
+ // verify super can do anything and ignores ACLs
+ zk = createClient();
+ zk.addAuthInfo("digest", "super:test".getBytes());
+ zk.getData("/path1", false, null);
+
+ zk.setACL("/path1", Ids.READ_ACL_UNSAFE, -1);
+
+ zk.create("/path1/foo", null, Ids.CREATOR_ALL_ACL,
CreateMode.PERSISTENT);
+
+ zk.setACL("/path1", Ids.OPEN_ACL_UNSAFE, -1);
+
+ } finally {
+ zk.close();
+ }
+ }
}
\ No newline at end of file
