You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by ar...@apache.org on 2018/08/20 22:07:41 UTC

[08/14] hadoop git commit: HDFS-13668. FSPermissionChecker may throws AIOOE when check inode permission. Contributed by He Xiaoqiao.

HDFS-13668. FSPermissionChecker may throws AIOOE when check inode permission. Contributed by He Xiaoqiao.


Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/975d6068
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/975d6068
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/975d6068

Branch: refs/heads/branch-3.1
Commit: 975d60685eaf9961bdbd3547600b3e38bb088835
Parents: c0ac0a5
Author: drankye <zh...@alibaba-inc.com>
Authored: Mon Aug 13 17:32:56 2018 +0800
Committer: Arpit Agarwal <ar...@apache.org>
Committed: Mon Aug 20 14:53:32 2018 -0700

----------------------------------------------------------------------
 .../server/namenode/FSPermissionChecker.java    |  2 +-
 .../namenode/TestINodeAttributeProvider.java    | 43 ++++++++++++++++++--
 2 files changed, 41 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hadoop/blob/975d6068/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java
index 354b4e3..f70963c 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java
@@ -409,7 +409,7 @@ public class FSPermissionChecker implements AccessControlEnforcer {
     }
     final FsPermission mode = inode.getFsPermission();
     final AclFeature aclFeature = inode.getAclFeature();
-    if (aclFeature != null) {
+    if (aclFeature != null && aclFeature.getEntriesSize() > 0) {
       // It's possible that the inode has a default ACL but no access ACL.
       int firstEntry = aclFeature.getEntryAt(0);
       if (AclEntryStatusFormat.getScope(firstEntry) == AclEntryScope.ACCESS) {

http://git-wip-us.apache.org/repos/asf/hadoop/blob/975d6068/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestINodeAttributeProvider.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestINodeAttributeProvider.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestINodeAttributeProvider.java
index 9c7dcd3..b3bab06 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestINodeAttributeProvider.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestINodeAttributeProvider.java
@@ -57,6 +57,11 @@ public class TestINodeAttributeProvider {
   public static class MyAuthorizationProvider extends INodeAttributeProvider {
 
     public static class MyAccessControlEnforcer implements AccessControlEnforcer {
+      AccessControlEnforcer ace;
+
+      public MyAccessControlEnforcer(AccessControlEnforcer defaultEnforcer) {
+        this.ace = defaultEnforcer;
+      }
 
       @Override
       public void checkPermission(String fsOwner, String supergroup,
@@ -65,6 +70,13 @@ public class TestINodeAttributeProvider {
           int ancestorIndex, boolean doCheckOwner, FsAction ancestorAccess,
           FsAction parentAccess, FsAction access, FsAction subAccess,
           boolean ignoreEmptyDir) throws AccessControlException {
+        if (ancestorIndex > 1
+            && inodes[1].getLocalName().equals("user")
+            && inodes[2].getLocalName().equals("acl")) {
+          this.ace.checkPermission(fsOwner, supergroup, ugi, inodeAttrs, inodes,
+              pathByNameArr, snapshotId, path, ancestorIndex, doCheckOwner,
+              ancestorAccess, parentAccess, access, subAccess, ignoreEmptyDir);
+        }
         CALLED.add("checkPermission|" + ancestorAccess + "|" + parentAccess + "|" + access);
       }
     }
@@ -84,6 +96,7 @@ public class TestINodeAttributeProvider {
         final INodeAttributes inode) {
       CALLED.add("getAttributes");
       final boolean useDefault = useDefault(pathElements);
+      final boolean useNullAcl = useNullAclFeature(pathElements);
       return new INodeAttributes() {
         @Override
         public boolean isDirectory() {
@@ -126,7 +139,10 @@ public class TestINodeAttributeProvider {
         @Override
         public AclFeature getAclFeature() {
           AclFeature f;
-          if (useDefault) {
+          if (useNullAcl) {
+            int[] entries = new int[0];
+            f = new AclFeature(entries);
+          } else if (useDefault) {
             f = inode.getAclFeature();
           } else {
             AclEntry acl = new AclEntry.Builder().setType(AclEntryType.GROUP).
@@ -167,8 +183,8 @@ public class TestINodeAttributeProvider {
 
     @Override
     public AccessControlEnforcer getExternalAccessControlEnforcer(
-        AccessControlEnforcer deafultEnforcer) {
-      return new MyAccessControlEnforcer();
+        AccessControlEnforcer defaultEnforcer) {
+      return new MyAccessControlEnforcer(defaultEnforcer);
     }
 
     private boolean useDefault(String[] pathElements) {
@@ -176,6 +192,11 @@ public class TestINodeAttributeProvider {
           !(pathElements[0].equals("user") && pathElements[1].equals("authz"));
     }
 
+    private boolean useNullAclFeature(String[] pathElements) {
+      return (pathElements.length > 2)
+          && pathElements[1].equals("user")
+          && pathElements[2].equals("acl");
+    }
   }
 
   @Before
@@ -368,4 +389,20 @@ public class TestINodeAttributeProvider {
       });
     }
   }
+
+  @Test
+  public void testAclFeature() throws Exception {
+    UserGroupInformation ugi = UserGroupInformation.createUserForTesting(
+            "testuser", new String[]{"testgroup"});
+    ugi.doAs((PrivilegedExceptionAction<Object>) () -> {
+      FileSystem fs = miniDFS.getFileSystem();
+      Path aclDir = new Path("/user/acl");
+      fs.mkdirs(aclDir);
+      Path aclChildDir = new Path(aclDir, "subdir");
+      fs.mkdirs(aclChildDir);
+      AclStatus aclStatus = fs.getAclStatus(aclDir);
+      Assert.assertEquals(0, aclStatus.getEntries().size());
+      return null;
+    });
+  }
 }


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org