You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@accumulo.apache.org by ct...@apache.org on 2015/04/07 23:55:26 UTC
accumulo git commit: ACCUMULO-3637 View auths with ALTER_USER
Repository: accumulo
Updated Branches:
refs/heads/master 76ef574f4 -> 8b03718a7
ACCUMULO-3637 View auths with ALTER_USER
Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/8b03718a
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/8b03718a
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/8b03718a
Branch: refs/heads/master
Commit: 8b03718a72ebee6574cf1fc52e38aa86cdc541d4
Parents: 76ef574
Author: Christopher Tubbs <ct...@apache.org>
Authored: Tue Apr 7 17:44:43 2015 -0400
Committer: Christopher Tubbs <ct...@apache.org>
Committed: Tue Apr 7 17:44:43 2015 -0400
----------------------------------------------------------------------
.../server/security/SecurityOperation.java | 5 ++-
.../org/apache/accumulo/test/ShellServerIT.java | 44 ++++++++++++++++++++
2 files changed, 47 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/accumulo/blob/8b03718a/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
----------------------------------------------------------------------
diff --git a/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java b/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
index 19f2219..f08742d 100644
--- a/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
+++ b/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
@@ -202,7 +202,7 @@ public class SecurityOperation {
throw new ThriftSecurityException(creds.getPrincipal(), SecurityErrorCode.BAD_CREDENTIALS);
}
} catch (AccumuloSecurityException e) {
- log.debug("AccumuloSecurityException",e);
+ log.debug("AccumuloSecurityException", e);
throw e.asThriftException();
}
}
@@ -244,7 +244,8 @@ public class SecurityOperation {
targetUserExists(user);
- if (!credentials.getPrincipal().equals(user) && !hasSystemPermission(credentials, SystemPermission.SYSTEM, false))
+ if (!credentials.getPrincipal().equals(user) && !hasSystemPermission(credentials, SystemPermission.SYSTEM, false)
+ && !hasSystemPermission(credentials, SystemPermission.ALTER_USER, false))
throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
try {
http://git-wip-us.apache.org/repos/asf/accumulo/blob/8b03718a/test/src/test/java/org/apache/accumulo/test/ShellServerIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/ShellServerIT.java b/test/src/test/java/org/apache/accumulo/test/ShellServerIT.java
index 56a6a70..7388af8 100644
--- a/test/src/test/java/org/apache/accumulo/test/ShellServerIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/ShellServerIT.java
@@ -715,6 +715,50 @@ public class ShellServerIT extends SharedMiniClusterIT {
}
@Test
+ public void getAuths() throws Exception {
+ Assume.assumeFalse("test skipped for kerberos", getToken() instanceof KerberosToken);
+
+ // create two users with different auths
+ for (int i = 1; i <= 2; i++) {
+ String userName = name.getMethodName() + "user" + i;
+ String password = "password" + i;
+ String auths = "auth" + i + "A,auth" + i + "B";
+ ts.exec("createuser " + userName, true);
+ ts.exec(password, true);
+ ts.exec("addauths -u " + userName + " -s " + auths, true);
+ }
+
+ // get auths using root user, which has System.SYSTEM
+ ts.exec("getauths -u getAuthsuser1", true, "auth1A", true);
+ ts.exec("getauths -u getAuthsuser1", true, "auth1B", true);
+ ts.exec("getauths -u getAuthsuser2", true, "auth2A", true);
+ ts.exec("getauths -u getAuthsuser2", true, "auth2B", true);
+
+ // grant the first user the ability to see other users auths
+ ts.exec("grant -u getAuthsuser1 -s System.ALTER_USER", true);
+
+ // switch to first user (the one with the ALTER_USER perm)
+ ts.exec("user getAuthsuser1", true);
+ ts.exec("password1", true);
+
+ // get auths for self and other user
+ ts.exec("getauths -u getAuthsuser1", true, "auth1A", true);
+ ts.exec("getauths -u getAuthsuser1", true, "auth1B", true);
+ ts.exec("getauths -u getAuthsuser2", true, "auth2A", true);
+ ts.exec("getauths -u getAuthsuser2", true, "auth2B", true);
+
+ // switch to second user (the one without the ALTER_USER perm)
+ ts.exec("user getAuthsuser2", true);
+ ts.exec("password2", true);
+
+ // get auths for self, but not other user
+ ts.exec("getauths -u getAuthsuser2", true, "auth2A", true);
+ ts.exec("getauths -u getAuthsuser2", true, "auth2B", true);
+ ts.exec("getauths -u getAuthsuser1", false, "PERMISSION_DENIED", true);
+ ts.exec("getauths -u getAuthsuser1", false, "PERMISSION_DENIED", true);
+ }
+
+ @Test
public void byeQuitExit() throws Exception {
// bye, quit, exit
for (String cmd : "bye quit exit".split(" ")) {