You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ignite.apache.org by vo...@apache.org on 2015/08/04 11:17:08 UTC
[13/34] incubator-ignite git commit: #ignite-gg-10610: Security hole
if DataStreamer is used for populating the cache (cherry picked from commit
5288b2d)
#ignite-gg-10610: Security hole if DataStreamer is used for populating the cache
(cherry picked from commit 5288b2d)
Project: http://git-wip-us.apache.org/repos/asf/incubator-ignite/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ignite/commit/9afd0f0f
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ignite/tree/9afd0f0f
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ignite/diff/9afd0f0f
Branch: refs/heads/ignite-gg-9615
Commit: 9afd0f0ff7af477fb4689961a13ceea8b3e3eee6
Parents: a889abd
Author: ivasilinets <iv...@gridgain.com>
Authored: Wed Jul 29 15:27:31 2015 +0300
Committer: ivasilinets <iv...@gridgain.com>
Committed: Wed Jul 29 15:34:31 2015 +0300
----------------------------------------------------------------------
.../datastreamer/DataStreamerImpl.java | 22 ++++++++++++++++++++
.../datastreamer/DataStreamerUpdateJob.java | 20 +++++++++++++++++-
2 files changed, 41 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/9afd0f0f/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java
index 26b0568..cc349cc 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java
@@ -39,6 +39,7 @@ import org.apache.ignite.internal.util.tostring.*;
import org.apache.ignite.internal.util.typedef.*;
import org.apache.ignite.internal.util.typedef.internal.*;
import org.apache.ignite.lang.*;
+import org.apache.ignite.plugin.security.*;
import org.apache.ignite.stream.*;
import org.jetbrains.annotations.*;
import org.jsr166.*;
@@ -406,6 +407,8 @@ public class DataStreamerImpl<K, V> implements IgniteDataStreamer<K, V>, Delayed
@Override public IgniteFuture<?> addData(Collection<? extends Map.Entry<K, V>> entries) {
A.notEmpty(entries, "entries");
+ checkSecurityPermission(SecurityPermission.CACHE_PUT);
+
enterBusy();
try {
@@ -513,6 +516,11 @@ public class DataStreamerImpl<K, V> implements IgniteDataStreamer<K, V>, Delayed
@Override public IgniteFuture<?> addData(K key, V val) {
A.notNull(key, "key");
+ if (val == null)
+ checkSecurityPermission(SecurityPermission.CACHE_REMOVE);
+ else
+ checkSecurityPermission(SecurityPermission.CACHE_PUT);
+
KeyCacheObject key0 = cacheObjProc.toCacheKeyObject(cacheObjCtx, key, true);
CacheObject val0 = cacheObjProc.toCacheObject(cacheObjCtx, val, true);
@@ -936,6 +944,20 @@ public class DataStreamerImpl<K, V> implements IgniteDataStreamer<K, V>, Delayed
}
/**
+ * Check permissions for streaming.
+ *
+ * @param perm Security permission.
+ * @throws org.apache.ignite.plugin.security.SecurityException If permissions are not enough for streaming.
+ */
+ private void checkSecurityPermission(SecurityPermission perm)
+ throws org.apache.ignite.plugin.security.SecurityException{
+ if (!ctx.security().enabled())
+ return;
+
+ ctx.security().authorize(cacheName, perm, null);
+ }
+
+ /**
*
*/
private class Buffer {
http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/9afd0f0f/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerUpdateJob.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerUpdateJob.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerUpdateJob.java
index 21ba3ac..9e0703a 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerUpdateJob.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerUpdateJob.java
@@ -22,6 +22,7 @@ import org.apache.ignite.internal.*;
import org.apache.ignite.internal.processors.cache.*;
import org.apache.ignite.internal.util.lang.*;
import org.apache.ignite.internal.util.typedef.*;
+import org.apache.ignite.plugin.security.*;
import org.apache.ignite.stream.*;
import org.jetbrains.annotations.*;
@@ -106,8 +107,13 @@ class DataStreamerUpdateJob implements GridPlainCallable<Object> {
CacheObject val = e.getValue();
- if (val != null)
+ if (val != null) {
+ checkSecurityPermission(SecurityPermission.CACHE_PUT);
+
val.finishUnmarshal(cctx.cacheObjectContext(), cctx.deploy().globalLoader());
+ }
+ else
+ checkSecurityPermission(SecurityPermission.CACHE_REMOVE);
}
if (unwrapEntries()) {
@@ -139,4 +145,16 @@ class DataStreamerUpdateJob implements GridPlainCallable<Object> {
private boolean unwrapEntries() {
return !(rcvr instanceof DataStreamerCacheUpdaters.InternalUpdater);
}
+
+ /**
+ * @param perm Security permission.
+ * @throws org.apache.ignite.plugin.security.SecurityException If permission is not enough.
+ */
+ private void checkSecurityPermission(SecurityPermission perm)
+ throws org.apache.ignite.plugin.security.SecurityException {
+ if (!ctx.security().enabled())
+ return;
+
+ ctx.security().authorize(cacheName, perm, null);
+ }
}