Author: mahadev
Date: Tue Oct 26 22:30:06 2010
New Revision: 1027763

URL: http://svn.apache.org/viewvc?rev=1027763&view=rev
Log:
ZOOKEEPER-904. super digest is not actually acting as a full superuser (Camille 
Fournier via mahadev)

Modified:
    hadoop/zookeeper/trunk/CHANGES.txt
    
hadoop/zookeeper/trunk/src/java/main/org/apache/zookeeper/server/PrepRequestProcessor.java
    hadoop/zookeeper/trunk/src/java/test/org/apache/zookeeper/test/AuthTest.java

Modified: hadoop/zookeeper/trunk/CHANGES.txt
URL: 
http://svn.apache.org/viewvc/hadoop/zookeeper/trunk/CHANGES.txt?rev=1027763&r1=1027762&r2=1027763&view=diff
==============================================================================
--- hadoop/zookeeper/trunk/CHANGES.txt (original)
+++ hadoop/zookeeper/trunk/CHANGES.txt Tue Oct 26 22:30:06 2010
@@ -137,6 +137,9 @@ BUGFIXES: 
   ZOOKEEPER-800. zoo_add_auth returns ZOK if zookeeper handle is in
   ZOO_CLOSED_STATE (michi mutsuzaki via mahadev konar)
 
+  ZOOKEEPER-904. super digest is not actually acting as a full superuser
+  (Camille Fournier via mahadev)
+
 IMPROVEMENTS:
   ZOOKEEPER-724. Improve junit test integration - log harness information 
   (phunt via mahadev)

Modified: 
hadoop/zookeeper/trunk/src/java/main/org/apache/zookeeper/server/PrepRequestProcessor.java
URL: 
http://svn.apache.org/viewvc/hadoop/zookeeper/trunk/src/java/main/org/apache/zookeeper/server/PrepRequestProcessor.java?rev=1027763&r1=1027762&r2=1027763&view=diff
==============================================================================
--- 
hadoop/zookeeper/trunk/src/java/main/org/apache/zookeeper/server/PrepRequestProcessor.java
 (original)
+++ 
hadoop/zookeeper/trunk/src/java/main/org/apache/zookeeper/server/PrepRequestProcessor.java
 Tue Oct 26 22:30:06 2010
@@ -168,6 +168,11 @@ public class PrepRequestProcessor extend
         if (acl == null || acl.size() == 0) {
             return;
         }
+        for (Id authId : ids) {
+            if (authId.getScheme().equals("super")) {
+                return;
+            }
+        }
         for (ACL a : acl) {
             Id id = a.getId();
             if ((a.getPerms() & perm) != 0) {
@@ -178,10 +183,7 @@ public class PrepRequestProcessor extend
                 AuthenticationProvider ap = ProviderRegistry.getProvider(id
                         .getScheme());
                 if (ap != null) {
-                    for (Id authId : ids) {
-                        if (authId.getScheme().equals("super")) {
-                            return;
-                        }
+                    for (Id authId : ids) {                        
                         if (authId.getScheme().equals(id.getScheme())
                                 && ap.matches(authId.getId(), id.getId())) {
                             return;

Modified: 
hadoop/zookeeper/trunk/src/java/test/org/apache/zookeeper/test/AuthTest.java
URL: 
http://svn.apache.org/viewvc/hadoop/zookeeper/trunk/src/java/test/org/apache/zookeeper/test/AuthTest.java?rev=1027763&r1=1027762&r2=1027763&view=diff
==============================================================================
--- 
hadoop/zookeeper/trunk/src/java/test/org/apache/zookeeper/test/AuthTest.java 
(original)
+++ 
hadoop/zookeeper/trunk/src/java/test/org/apache/zookeeper/test/AuthTest.java 
Tue Oct 26 22:30:06 2010
@@ -122,4 +122,28 @@ public class AuthTest extends ClientBase
             zk.close();
         }
     }
+    
+    @Test
+    public void testSuperACL() throws Exception {
+        ZooKeeper zk = createClient();
+         try {
+             zk.addAuthInfo("digest", "pat:pass".getBytes());
+             zk.create("/path1", null, Ids.CREATOR_ALL_ACL,
+                     CreateMode.PERSISTENT);
+             zk.close();
+             // verify super can do anything and ignores ACLs
+             zk = createClient();
+             zk.addAuthInfo("digest", "super:test".getBytes());
+             zk.getData("/path1", false, null);
+             
+             zk.setACL("/path1", Ids.READ_ACL_UNSAFE, -1);
+             zk.create("/path1/foo", null, Ids.CREATOR_ALL_ACL, 
CreateMode.PERSISTENT);
+           
+             
+             zk.setACL("/path1", Ids.OPEN_ACL_UNSAFE, -1);
+                
+         } finally {
+             zk.close();
+         }
+    }
 }
\ No newline at end of file


Reply via email to