You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ranger.apache.org by rm...@apache.org on 2016/12/14 17:08:02 UTC

[1/2] incubator-ranger git commit: RANGER-1254 : HiveAuthorizer should deny access to URI operations if there are any exceptions

Repository: incubator-ranger
Updated Branches:
  refs/heads/ranger-0.6 2fcd7f7cc -> 043daf31b


RANGER-1254 : HiveAuthorizer should deny access to URI operations if there are any exceptions


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/200dd5a7
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/200dd5a7
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/200dd5a7

Branch: refs/heads/ranger-0.6
Commit: 200dd5a7336fe84443e7e4a9079cb93fd7393735
Parents: 2fcd7f7
Author: rmani <rm...@hortonworks.com>
Authored: Tue Dec 13 13:12:26 2016 -0800
Committer: rmani <rm...@hortonworks.com>
Committed: Wed Dec 14 09:07:23 2016 -0800

----------------------------------------------------------------------
 .../hive/authorizer/RangerHiveAuthorizer.java       | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/200dd5a7/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index ae4c237..92e8c87 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -1009,16 +1009,17 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
                 FileStatus[] filestat = fs.globStatus(filePath);
 
                 if(filestat != null && filestat.length > 0) {
-                    ret = true;
+                    boolean isDenied = false;
 
                     for(FileStatus file : filestat) {
-                        ret = FileUtils.isOwnerOfFileHierarchy(fs, file, userName) ||
-                              FileUtils.isActionPermittedForFileHierarchy(fs, file, userName, action);
-
-                        if(! ret) {
-                            break;
-                        }
+                        if (FileUtils.isOwnerOfFileHierarchy(fs, file, userName) ||
+							FileUtils.isActionPermittedForFileHierarchy(fs, file, userName, action)) {
+								continue;
+						}
+						isDenied = true;
+						break;
                      }
+                     ret = !isDenied;
                 } else { // if given path does not exist then check for parent
                     FileStatus file = FileUtils.getPathOrParentThatExists(fs, filePath);
 
@@ -1026,6 +1027,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
                     ret = true;
                 }
             } catch(Exception excp) {
+				ret = false;
                 LOG.error("Error getting permissions for " + uri, excp);
             }
         }

[2/2] incubator-ranger git commit: RANGER-1254 : HiveAuthorizer should deny access to URI operations if there are any exceptions - fix PMD error with previous commit

Posted by rm...@apache.org.

RANGER-1254 : HiveAuthorizer should deny access to URI operations if there are any exceptions - fix PMD error with previous commit


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/043daf31
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/043daf31
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/043daf31

Branch: refs/heads/ranger-0.6
Commit: 043daf31b3310d7a2f7bab1f81cfbeb99232bb35
Parents: 200dd5a
Author: rmani <rm...@hortonworks.com>
Authored: Tue Dec 13 15:18:59 2016 -0800
Committer: rmani <rm...@hortonworks.com>
Committed: Wed Dec 14 09:07:41 2016 -0800

----------------------------------------------------------------------
 .../authorization/hive/authorizer/RangerHiveAuthorizer.java     | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/043daf31/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index 92e8c87..7dd4c90 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -1015,9 +1015,10 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
                         if (FileUtils.isOwnerOfFileHierarchy(fs, file, userName) ||
 							FileUtils.isActionPermittedForFileHierarchy(fs, file, userName, action)) {
 								continue;
+						} else {
+							isDenied = true;
+							break;
 						}
-						isDenied = true;
-						break;
                      }
                      ret = !isDenied;
                 } else { // if given path does not exist then check for parent