Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HDDS-1885. Fix bug in checkAcls in OzoneManager. (#1199)

This commit is contained in:
Bharat Viswanadham 2019-07-31 19:00:37 -07:00 committed by GitHub
parent b008072044
commit c1f74405d7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
View File

@ -1801,17 +1801,16 @@ public final class OzoneManager extends ServiceRuntimeInfoImpl
.setVolumeName(vol) .setVolumeName(vol)
.setBucketName(bucket) .setBucketName(bucket)
.setKeyName(key).build(); .setKeyName(key).build();
UserGroupInformation user = ProtobufRpcEngine.Server.getRemoteUser();
RequestContext context = RequestContext.newBuilder() RequestContext context = RequestContext.newBuilder()
.setClientUgi(user) .setClientUgi(ugi)
.setIp(ProtobufRpcEngine.Server.getRemoteIp()) .setIp(remoteAddress)
.setAclType(ACLIdentityType.USER) .setAclType(ACLIdentityType.USER)
.setAclRights(aclType) .setAclRights(aclType)
.build(); .build();
if (!accessAuthorizer.checkAccess(obj, context)) { if (!accessAuthorizer.checkAccess(obj, context)) {
LOG.warn("User {} doesn't have {} permission to access {}", LOG.warn("User {} doesn't have {} permission to access {}",
user.getUserName(), aclType, resType); ugi.getUserName(), aclType, resType);
throw new OMException("User " + user.getUserName() + " doesn't " + throw new OMException("User " + ugi.getUserName() + " doesn't " +
"have " + aclType + " permission to access " + resType, "have " + aclType + " permission to access " + resType,
ResultCodes.PERMISSION_DENIED); ResultCodes.PERMISSION_DENIED);
} }