HDFS-5799. Make audit logging consistent across ACL APIs. Contributed by Chris Nauroth.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/HDFS-4685@1560766 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Chris Nauroth 2014-01-23 17:41:53 +00:00
parent 21a5bc7f2c
commit cd7cd94e3f
2 changed files with 18 additions and 4 deletions

View File

@ -56,3 +56,5 @@ HDFS-4685 (Unreleased)
HADOOP-10213. Fix bugs parsing ACL spec in FsShell setfacl.
(Vinay via cnauroth)
HDFS-5799. Make audit logging consistent across ACL APIs. (cnauroth)

View File

@ -7327,6 +7327,7 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
}
void modifyAclEntries(String src, List<AclEntry> aclSpec) throws IOException {
HdfsFileStatus resultingStat = null;
FSPermissionChecker pc = getPermissionChecker();
checkOperation(OperationCategory.WRITE);
byte[][] pathComponents = FSDirectory.getPathComponentsForReservedPath(src);
@ -7337,14 +7338,16 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
src = FSDirectory.resolvePath(src, pathComponents, dir);
checkOwner(pc, src);
dir.modifyAclEntries(src, aclSpec);
resultingStat = getAuditFileInfo(src, false);
} finally {
writeUnlock();
}
getEditLog().logSync();
logAuditEvent(true, "modifyAclEntries", src);
logAuditEvent(true, "modifyAclEntries", src, null, resultingStat);
}
void removeAclEntries(String src, List<AclEntry> aclSpec) throws IOException {
HdfsFileStatus resultingStat = null;
FSPermissionChecker pc = getPermissionChecker();
checkOperation(OperationCategory.WRITE);
byte[][] pathComponents = FSDirectory.getPathComponentsForReservedPath(src);
@ -7355,14 +7358,16 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
src = FSDirectory.resolvePath(src, pathComponents, dir);
checkOwner(pc, src);
dir.removeAclEntries(src, aclSpec);
resultingStat = getAuditFileInfo(src, false);
} finally {
writeUnlock();
}
getEditLog().logSync();
logAuditEvent(true, "removeAclEntries", src);
logAuditEvent(true, "removeAclEntries", src, null, resultingStat);
}
void removeDefaultAcl(String src) throws IOException {
HdfsFileStatus resultingStat = null;
FSPermissionChecker pc = getPermissionChecker();
checkOperation(OperationCategory.WRITE);
byte[][] pathComponents = FSDirectory.getPathComponentsForReservedPath(src);
@ -7373,14 +7378,16 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
src = FSDirectory.resolvePath(src, pathComponents, dir);
checkOwner(pc, src);
dir.removeDefaultAcl(src);
resultingStat = getAuditFileInfo(src, false);
} finally {
writeUnlock();
}
getEditLog().logSync();
logAuditEvent(true, "removeDefaultAcl", src);
logAuditEvent(true, "removeDefaultAcl", src, null, resultingStat);
}
void removeAcl(String src) throws IOException {
HdfsFileStatus resultingStat = null;
FSPermissionChecker pc = getPermissionChecker();
checkOperation(OperationCategory.WRITE);
byte[][] pathComponents = FSDirectory.getPathComponentsForReservedPath(src);
@ -7391,14 +7398,16 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
src = FSDirectory.resolvePath(src, pathComponents, dir);
checkOwner(pc, src);
dir.removeAcl(src);
resultingStat = getAuditFileInfo(src, false);
} finally {
writeUnlock();
}
getEditLog().logSync();
logAuditEvent(true, "removeAcl", src);
logAuditEvent(true, "removeAcl", src, null, resultingStat);
}
void setAcl(String src, List<AclEntry> aclSpec) throws IOException {
HdfsFileStatus resultingStat = null;
FSPermissionChecker pc = getPermissionChecker();
checkOperation(OperationCategory.WRITE);
byte[][] pathComponents = FSDirectory.getPathComponentsForReservedPath(src);
@ -7409,9 +7418,12 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
src = FSDirectory.resolvePath(src, pathComponents, dir);
checkOwner(pc, src);
dir.setAcl(src, aclSpec);
resultingStat = getAuditFileInfo(src, false);
} finally {
writeUnlock();
}
getEditLog().logSync();
logAuditEvent(true, "setAcl", src, null, resultingStat);
}
AclStatus getAclStatus(String src) throws IOException {