HDFS-10276. HDFS should not expose path info that user has no permission to see. (Yuanbo Liu via Yongjun Zhang)

(cherry picked from commit 5ea6fd85c7aff6df28b87789f607bb57ee920639) (cherry picked from commit 3e4c7906c2cf5c3e4c708fc56b670fa788e8cec7)
2016-05-27 10:02:02 -07:00 · 2016-05-27 10:02:02 -07:00 · e6c162a394
commit e6c162a394
parent 97e4b13038
2 changed files with 26 additions and 11 deletions
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java
@ -196,9 +196,9 @@ void checkPermission(INodesInPath inodesInPath, boolean doCheckOwner,
   * Check whether exception e is due to an ancestor inode's not being
   * directory.
   */
-  private void checkAncestorType(INode[] inodes, int ancestorIndex,
+  private void checkAncestorType(INode[] inodes, int checkedAncestorIndex,
      AccessControlException e) throws AccessControlException {
-    for (int i = 0; i <= ancestorIndex; i++) {
+    for (int i = 0; i <= checkedAncestorIndex; i++) {
      if (inodes[i] == null) {
        break;
      }
@ -221,11 +221,8 @@ public void checkPermission(String fsOwner, String supergroup,
      throws AccessControlException {
    for(; ancestorIndex >= 0 && inodes[ancestorIndex] == null;
        ancestorIndex--);
-    try {
-      checkTraverse(inodeAttrs, path, ancestorIndex);
-    } catch (AccessControlException e) {
-      checkAncestorType(inodes, ancestorIndex, e);
-    }
+
+    checkTraverse(inodeAttrs, inodes, path, ancestorIndex);

    final INodeAttributes last = inodeAttrs[inodeAttrs.length - 1];
    if (parentAccess != null && parentAccess.implies(FsAction.WRITE)
@ -276,10 +273,15 @@ private void checkOwner(INodeAttributes inode
  }

  /** Guarded by {@link FSNamesystem#readLock()} */
-  private void checkTraverse(INodeAttributes[] inodes, String path, int last
-      ) throws AccessControlException {
-    for(int j = 0; j <= last; j++) {
-      check(inodes[j], path, FsAction.EXECUTE);
+  private void checkTraverse(INodeAttributes[] inodeAttrs, INode[] inodes,
+      String path, int last) throws AccessControlException {
+    int j = 0;
+    try {
+      for (; j <= last; j++) {
+        check(inodeAttrs[j], path, FsAction.EXECUTE);
+      }
+    } catch (AccessControlException e) {
+      checkAncestorType(inodes, j, e);
    }
  }

--- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDFSPermission.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDFSPermission.java
@ -546,6 +546,19 @@ public FileSystem run() throws Exception {
              + "a directory, when checked on /existing_file/non_existing_name",
          e.getMessage().contains("is not a directory"));
    }
+
+    rootFs.setPermission(p4, new FsPermission("600"));
+    try {
+      fs.exists(nfpath);
+      fail("The exists call should have failed.");
+    } catch (AccessControlException e) {
+      assertTrue("Permission denied messages must carry file path",
+          e.getMessage().contains(fpath.getName()));
+      assertFalse("Permission denied messages should not specify existing_file"
+              + " is not a directory, since the user does not have permission"
+              + " on /p4",
+          e.getMessage().contains("is not a directory"));
+    }
  }

  /* Check if namenode performs permission checking correctly