Skip to content

Commit

Permalink
Fix merge error.
Browse files Browse the repository at this point in the history
  • Loading branch information
kihwal committed May 31, 2014
1 parent 5c182ca commit 957c56d
Showing 1 changed file with 43 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -398,6 +398,10 @@ void refreshNamenodes(Configuration conf)
private Configuration conf;

private final String userWithLocalPathAccess;
private String supergroup;
private boolean isPermissionEnabled;
private String dnUserName = null;


/**
* Create the DataNode given a configuration and an array of dataDirs.
Expand All @@ -419,6 +423,11 @@ void refreshNamenodes(Configuration conf)

this.userWithLocalPathAccess = conf
.get(DFSConfigKeys.DFS_BLOCK_LOCAL_PATH_ACCESS_USER_KEY);
this.supergroup = conf.get(DFSConfigKeys.DFS_PERMISSIONS_SUPERUSERGROUP_KEY,
DFSConfigKeys.DFS_PERMISSIONS_SUPERUSERGROUP_DEFAULT);
this.isPermissionEnabled = conf.getBoolean(
DFSConfigKeys.DFS_PERMISSIONS_ENABLED_KEY,
DFSConfigKeys.DFS_PERMISSIONS_ENABLED_DEFAULT);
try {
confHostName = getHostName(conf);
hostName = confHostName;
Expand Down Expand Up @@ -525,6 +534,33 @@ private void initIpcServer(Configuration conf) throws IOException {
ipcServer.refreshServiceAcl(conf, new HDFSPolicyProvider());
}
}

/** Check whether the current user is in the superuser group. */
private void checkSuperuserPrivilege() throws IOException, AccessControlException {
if (!isPermissionEnabled) {
return;
}
// Try to get the ugi in the RPC call.
UserGroupInformation callerUgi = ipcServer.getRemoteUser();
if (callerUgi == null) {
// This is not from RPC.
callerUgi = UserGroupInformation.getCurrentUser();
}

// Is this by the DN user itself?
assert dnUserName != null;
if (callerUgi.getShortUserName().equals(dnUserName)) {
return;
}

// Is the user a member of the super group?
List<String> groups = Arrays.asList(callerUgi.getGroupNames());
if (groups.contains(supergroup)) {
return;
}
// Not a superuser.
throw new AccessControlException();
}

/**
* Initialize the datanode's periodic scanners:
Expand Down Expand Up @@ -704,6 +740,11 @@ void startDataNode(Configuration conf,

// BlockPoolTokenSecretManager is required to create ipc server.
this.blockPoolTokenSecretManager = new BlockPoolTokenSecretManager();
// Login is done by now. Set the DN user name.
dnUserName = UserGroupInformation.getCurrentUser().getShortUserName();
LOG.info("dnUserName = " + dnUserName);
LOG.info("supergroup = " + supergroup);

initIpcServer(conf);

metrics = DataNodeMetrics.create(conf, getMachineName());
Expand Down Expand Up @@ -2230,13 +2271,15 @@ public void refreshNamenodes(Configuration conf) throws IOException {

@Override //ClientDatanodeProtocol
public void refreshNamenodes() throws IOException {
checkSuperuserPrivilege();
conf = new Configuration();
refreshNamenodes(conf);
}

@Override // ClientDatanodeProtocol
public void deleteBlockPool(String blockPoolId, boolean force)
throws IOException {
checkSuperuserPrivilege();
LOG.info("deleteBlockPool command received for block pool " + blockPoolId
+ ", force=" + force);
if (blockPoolManager.get(blockPoolId) != null) {
Expand Down

0 comments on commit 957c56d

Please sign in to comment.