Search in sources :

Example 1 with ACCESS3Request

use of org.apache.hadoop.nfs.nfs3.request.ACCESS3Request in project hadoop by apache.

the class TestRpcProgramNfs3 method testAccess.

@Test(timeout = 60000)
public void testAccess() throws Exception {
    HdfsFileStatus status = nn.getRpcServer().getFileInfo("/tmp/bar");
    long dirId = status.getFileId();
    FileHandle handle = new FileHandle(dirId);
    XDR xdr_req = new XDR();
    ACCESS3Request req = new ACCESS3Request(handle);
    req.serialize(xdr_req);
    // Attempt by an unpriviledged user should fail.
    ACCESS3Response response1 = nfsd.access(xdr_req.asReadOnlyWrap(), securityHandlerUnpriviledged, new InetSocketAddress("localhost", 1234));
    assertEquals("Incorrect return code", Nfs3Status.NFS3ERR_ACCES, response1.getStatus());
    // Attempt by a priviledged user should pass.
    ACCESS3Response response2 = nfsd.access(xdr_req.asReadOnlyWrap(), securityHandler, new InetSocketAddress("localhost", 1234));
    assertEquals("Incorrect return code", Nfs3Status.NFS3_OK, response2.getStatus());
}
Also used : ACCESS3Request(org.apache.hadoop.nfs.nfs3.request.ACCESS3Request) FileHandle(org.apache.hadoop.nfs.nfs3.FileHandle) InetSocketAddress(java.net.InetSocketAddress) HdfsFileStatus(org.apache.hadoop.hdfs.protocol.HdfsFileStatus) XDR(org.apache.hadoop.oncrpc.XDR) ACCESS3Response(org.apache.hadoop.nfs.nfs3.response.ACCESS3Response) Test(org.junit.Test)

Example 2 with ACCESS3Request

use of org.apache.hadoop.nfs.nfs3.request.ACCESS3Request in project hadoop by apache.

the class RpcProgramNfs3 method access.

@VisibleForTesting
ACCESS3Response access(XDR xdr, SecurityHandler securityHandler, SocketAddress remoteAddress) {
    ACCESS3Response response = new ACCESS3Response(Nfs3Status.NFS3_OK);
    if (!checkAccessPrivilege(remoteAddress, AccessPrivilege.READ_ONLY)) {
        response.setStatus(Nfs3Status.NFS3ERR_ACCES);
        return response;
    }
    DFSClient dfsClient = clientCache.getDfsClient(securityHandler.getUser());
    if (dfsClient == null) {
        response.setStatus(Nfs3Status.NFS3ERR_SERVERFAULT);
        return response;
    }
    ACCESS3Request request;
    try {
        request = ACCESS3Request.deserialize(xdr);
    } catch (IOException e) {
        LOG.error("Invalid ACCESS request");
        return new ACCESS3Response(Nfs3Status.NFS3ERR_INVAL);
    }
    FileHandle handle = request.getHandle();
    Nfs3FileAttributes attrs;
    if (LOG.isDebugEnabled()) {
        LOG.debug("NFS ACCESS fileId: " + handle.getFileId() + " client: " + remoteAddress);
    }
    try {
        attrs = writeManager.getFileAttr(dfsClient, handle, iug);
        if (attrs == null) {
            LOG.error("Can't get path for fileId: " + handle.getFileId());
            return new ACCESS3Response(Nfs3Status.NFS3ERR_STALE);
        }
        if (iug.getUserName(securityHandler.getUid(), "unknown").equals(superuser)) {
            int access = Nfs3Constant.ACCESS3_LOOKUP | Nfs3Constant.ACCESS3_DELETE | Nfs3Constant.ACCESS3_EXECUTE | Nfs3Constant.ACCESS3_EXTEND | Nfs3Constant.ACCESS3_MODIFY | Nfs3Constant.ACCESS3_READ;
            return new ACCESS3Response(Nfs3Status.NFS3_OK, attrs, access);
        }
        int access = Nfs3Utils.getAccessRightsForUserGroup(securityHandler.getUid(), securityHandler.getGid(), securityHandler.getAuxGids(), attrs);
        return new ACCESS3Response(Nfs3Status.NFS3_OK, attrs, access);
    } catch (RemoteException r) {
        LOG.warn("Exception ", r);
        IOException io = r.unwrapRemoteException();
        /**
       * AuthorizationException can be thrown if the user can't be proxy'ed.
       */
        if (io instanceof AuthorizationException) {
            return new ACCESS3Response(Nfs3Status.NFS3ERR_ACCES);
        } else {
            return new ACCESS3Response(Nfs3Status.NFS3ERR_IO);
        }
    } catch (IOException e) {
        LOG.warn("Exception ", e);
        int status = mapErrorStatus(e);
        return new ACCESS3Response(status);
    }
}
Also used : DFSClient(org.apache.hadoop.hdfs.DFSClient) ACCESS3Request(org.apache.hadoop.nfs.nfs3.request.ACCESS3Request) AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException) FileHandle(org.apache.hadoop.nfs.nfs3.FileHandle) ACCESS3Response(org.apache.hadoop.nfs.nfs3.response.ACCESS3Response) Nfs3FileAttributes(org.apache.hadoop.nfs.nfs3.Nfs3FileAttributes) IOException(java.io.IOException) RemoteException(org.apache.hadoop.ipc.RemoteException) VisibleForTesting(com.google.common.annotations.VisibleForTesting)

Aggregations

FileHandle (org.apache.hadoop.nfs.nfs3.FileHandle)2 ACCESS3Request (org.apache.hadoop.nfs.nfs3.request.ACCESS3Request)2 ACCESS3Response (org.apache.hadoop.nfs.nfs3.response.ACCESS3Response)2 VisibleForTesting (com.google.common.annotations.VisibleForTesting)1 IOException (java.io.IOException)1 InetSocketAddress (java.net.InetSocketAddress)1 DFSClient (org.apache.hadoop.hdfs.DFSClient)1 HdfsFileStatus (org.apache.hadoop.hdfs.protocol.HdfsFileStatus)1 RemoteException (org.apache.hadoop.ipc.RemoteException)1 Nfs3FileAttributes (org.apache.hadoop.nfs.nfs3.Nfs3FileAttributes)1 XDR (org.apache.hadoop.oncrpc.XDR)1 AuthorizationException (org.apache.hadoop.security.authorize.AuthorizationException)1 Test (org.junit.Test)1