xattr api cleanup

(cherry picked from commit da59acd8ca)
This commit is contained in:
Kihwal Lee 2018-02-15 11:28:45 -06:00
parent 07c7df4b26
commit b725fd6924
2 changed files with 51 additions and 15 deletions

View File

@ -136,8 +136,7 @@ class FSDirXAttrOp {
final boolean isRawPath = FSDirectory.isReservedRawName(src);
final INodesInPath iip = fsd.resolvePath(pc, src, DirOp.READ);
if (fsd.isPermissionEnabled()) {
/* To access xattr names, you need EXECUTE in the owning directory. */
fsd.checkParentAccess(pc, iip, FsAction.EXECUTE);
fsd.checkPathAccess(pc, iip, FsAction.READ);
}
final List<XAttr> all = FSDirXAttrOp.getXAttrs(fsd, iip);
return XAttrPermissionFilter.

View File

@ -842,28 +842,37 @@ public class FSXAttrBaseTest {
}
/*
* Check that execute/scan access to the parent dir is sufficient to get
* xattr names.
* Check that execute/scan access to the parent dir is not
* sufficient to get xattr names.
*/
fs.setPermission(path, new FsPermission((short) 0701));
user.doAs(new PrivilegedExceptionAction<Object>() {
@Override
public Object run() throws Exception {
try {
final FileSystem userFs = dfsCluster.getFileSystem();
userFs.listXAttrs(childDir);
return null;
fail("expected AccessControlException");
} catch (AccessControlException ace) {
GenericTestUtils.assertExceptionContains("Permission denied", ace);
}
return null;
}
});
/*
* Test that xattrs in the "trusted" namespace are filtered correctly.
*/
// Allow the user to read child path.
fs.setPermission(childDir, new FsPermission((short) 0704));
fs.setXAttr(childDir, "trusted.myxattr", "1234".getBytes());
user.doAs(new PrivilegedExceptionAction<Object>() {
@Override
public Object run() throws Exception {
final FileSystem userFs = dfsCluster.getFileSystem();
assertTrue(userFs.listXAttrs(childDir).size() == 1);
List<String> xattrs = userFs.listXAttrs(childDir);
assertTrue(xattrs.size() == 1);
assertEquals(name1, xattrs.get(0));
return null;
}
});
@ -1108,20 +1117,48 @@ public class FSXAttrBaseTest {
}
/*
* Test that only user who have parent directory execute access
* can see raw.* xattrs returned from listXAttr
* Test that user who have parent directory execute access
* can also not see raw.* xattrs returned from listXAttr
*/
// non-raw path
final List<String> xattrNames = userFs.listXAttrs(path);
assertTrue(xattrNames.size() == 0);
try {
// non-raw path
userFs.listXAttrs(path);
fail("listXAttr should have thrown AccessControlException");
} catch (AccessControlException ace) {
// expected
}
// raw path
List<String> rawXattrs = userFs.listXAttrs(rawPath);
assertTrue(rawXattrs.size() == 1);
assertTrue(rawXattrs.get(0).equals(raw1));
try {
// raw path
userFs.listXAttrs(rawPath);
fail("listXAttr should have thrown AccessControlException");
} catch (AccessControlException ace) {
// expected
}
return null;
}
});
/*
Test user who have read access can list xattrs in "raw.*" namespace
*/
fs.setPermission(path, new FsPermission((short) 0751));
final Path childDir = new Path(path, "child" + pathCount);
FileSystem.mkdirs(fs, childDir, FsPermission.createImmutable((short)
0704));
final Path rawChildDir =
new Path("/.reserved/raw" + childDir.toString());
fs.setXAttr(rawChildDir, raw1, value1);
user.doAs(new PrivilegedExceptionAction<Object>() {
@Override
public Object run() throws Exception {
final FileSystem userFs = dfsCluster.getFileSystem();
// raw path
List<String> xattrs = userFs.listXAttrs(rawChildDir);
assertEquals(1, xattrs.size());
assertEquals(raw1, xattrs.get(0));
return null;
}
});
fs.removeXAttr(rawPath, raw1);
}