You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by rm...@apache.org on 2016/12/14 17:08:02 UTC
[1/2] incubator-ranger git commit: RANGER-1254 : HiveAuthorizer
should deny access to URI operations if there are any exceptions
Repository: incubator-ranger
Updated Branches:
refs/heads/ranger-0.6 2fcd7f7cc -> 043daf31b
RANGER-1254 : HiveAuthorizer should deny access to URI operations if there are any exceptions
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/200dd5a7
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/200dd5a7
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/200dd5a7
Branch: refs/heads/ranger-0.6
Commit: 200dd5a7336fe84443e7e4a9079cb93fd7393735
Parents: 2fcd7f7
Author: rmani <rm...@hortonworks.com>
Authored: Tue Dec 13 13:12:26 2016 -0800
Committer: rmani <rm...@hortonworks.com>
Committed: Wed Dec 14 09:07:23 2016 -0800
----------------------------------------------------------------------
.../hive/authorizer/RangerHiveAuthorizer.java | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/200dd5a7/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index ae4c237..92e8c87 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -1009,16 +1009,17 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
FileStatus[] filestat = fs.globStatus(filePath);
if(filestat != null && filestat.length > 0) {
- ret = true;
+ boolean isDenied = false;
for(FileStatus file : filestat) {
- ret = FileUtils.isOwnerOfFileHierarchy(fs, file, userName) ||
- FileUtils.isActionPermittedForFileHierarchy(fs, file, userName, action);
-
- if(! ret) {
- break;
- }
+ if (FileUtils.isOwnerOfFileHierarchy(fs, file, userName) ||
+ FileUtils.isActionPermittedForFileHierarchy(fs, file, userName, action)) {
+ continue;
+ }
+ isDenied = true;
+ break;
}
+ ret = !isDenied;
} else { // if given path does not exist then check for parent
FileStatus file = FileUtils.getPathOrParentThatExists(fs, filePath);
@@ -1026,6 +1027,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
ret = true;
}
} catch(Exception excp) {
+ ret = false;
LOG.error("Error getting permissions for " + uri, excp);
}
}
[2/2] incubator-ranger git commit: RANGER-1254 : HiveAuthorizer
should deny access to URI operations if there are any exceptions - fix PMD
error with previous commit
Posted by rm...@apache.org.
RANGER-1254 : HiveAuthorizer should deny access to URI operations if there are any exceptions - fix PMD error with previous commit
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/043daf31
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/043daf31
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/043daf31
Branch: refs/heads/ranger-0.6
Commit: 043daf31b3310d7a2f7bab1f81cfbeb99232bb35
Parents: 200dd5a
Author: rmani <rm...@hortonworks.com>
Authored: Tue Dec 13 15:18:59 2016 -0800
Committer: rmani <rm...@hortonworks.com>
Committed: Wed Dec 14 09:07:41 2016 -0800
----------------------------------------------------------------------
.../authorization/hive/authorizer/RangerHiveAuthorizer.java | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/043daf31/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index 92e8c87..7dd4c90 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -1015,9 +1015,10 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
if (FileUtils.isOwnerOfFileHierarchy(fs, file, userName) ||
FileUtils.isActionPermittedForFileHierarchy(fs, file, userName, action)) {
continue;
+ } else {
+ isDenied = true;
+ break;
}
- isDenied = true;
- break;
}
ret = !isDenied;
} else { // if given path does not exist then check for parent