You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by rm...@apache.org on 2017/02/10 06:28:27 UTC
ranger git commit: RANGER-1361:RangerHDFSPlugin audits for Ancestor,
Sub level and parent access doesn't have the correct accessType
Repository: ranger
Updated Branches:
refs/heads/master 4a1e4928a -> 254ebf156
RANGER-1361:RangerHDFSPlugin audits for Ancestor, Sub level and parent access doesn't have the correct accessType
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/254ebf15
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/254ebf15
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/254ebf15
Branch: refs/heads/master
Commit: 254ebf1569de4ef4792033d21c321e93592ebd14
Parents: 4a1e492
Author: rmani <rm...@hortonworks.com>
Authored: Thu Feb 9 22:28:06 2017 -0800
Committer: rmani <rm...@hortonworks.com>
Committed: Thu Feb 9 22:28:06 2017 -0800
----------------------------------------------------------------------
.../ranger/authorization/hadoop/RangerHdfsAuthorizer.java | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/254ebf15/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
----------------------------------------------------------------------
diff --git a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
index d92bf12..324551d 100644
--- a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
+++ b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
@@ -386,7 +386,6 @@ public class RangerHdfsAuthorizer extends INodeAttributeProvider {
if(auditHandler != null) {
INode nodeChecked = inode;
FsAction action = access;
-
if(isTraverseOnlyCheck) {
if(nodeChecked == null || nodeChecked.isFile()) {
if(parent != null) {
@@ -397,14 +396,14 @@ public class RangerHdfsAuthorizer extends INodeAttributeProvider {
}
action = FsAction.EXECUTE;
- } else if(action == null) {
- if(parentAccess != null) {
+ } else if(action == null || action == FsAction.NONE) {
+ if(parentAccess != null && parentAccess != FsAction.NONE ) {
nodeChecked = parent;
action = parentAccess;
- } else if(ancestorAccess != null) {
+ } else if(ancestorAccess != null && ancestorAccess != FsAction.NONE ) {
nodeChecked = ancestor;
action = ancestorAccess;
- } else if(subAccess != null) {
+ } else if(subAccess != null && subAccess != FsAction.NONE ) {
action = subAccess;
}
}