Ejemplo n.º 1
0
 public static AccessControl parseAccessControl(String str) {
   String[] parts = str.split(":");
   String type = "other";
   String name = "";
   String access = "-";
   if (parts.length > 3) {
     throw new IllegalArgumentException("Don't know how to parse " + str + " into an ACL value");
   } else if (parts.length == 1) {
     type = "other";
     name = "";
     access = parts[0];
   } else if (parts.length == 2) {
     type = "user";
     name = parts[0];
     access = parts[1];
   } else if (parts.length == 3) {
     type = parts[0];
     name = parts[1];
     access = parts[2];
   }
   AccessControl ret = new AccessControl();
   ret.set_type(parseACLType(type));
   ret.set_name(name);
   ret.set_access(parseAccess(access));
   return ret;
 }
Ejemplo n.º 2
0
 private boolean worldEverything(List<AccessControl> acls) {
   boolean isWorldEverything = false;
   for (AccessControl acl : acls) {
     if (acl.get_type() == AccessControlType.OTHER && acl.get_access() == (READ | WRITE | ADMIN)) {
       isWorldEverything = true;
       break;
     }
   }
   return isWorldEverything;
 }
Ejemplo n.º 3
0
 private List<AccessControl> removeBadACLs(List<AccessControl> accessControls) {
   List<AccessControl> resultAcl = new ArrayList<AccessControl>();
   for (AccessControl control : accessControls) {
     if (control.get_type().equals(AccessControlType.OTHER) && (control.get_access() == 0)) {
       LOG.debug(
           "Removing invalid blobstore world ACL "
               + BlobStoreAclHandler.accessControlToString(control));
       continue;
     }
     resultAcl.add(control);
   }
   return resultAcl;
 }
Ejemplo n.º 4
0
 private int getAllowed(AccessControl ac, Set<String> users) {
   switch (ac.get_type()) {
     case OTHER:
       return ac.get_access();
     case USER:
       if (users.contains(ac.get_name())) {
         return ac.get_access();
       }
       return 0;
     default:
       return 0;
   }
 }
Ejemplo n.º 5
0
 public static void validateSettableACLs(String key, List<AccessControl> acls)
     throws AuthorizationException {
   Set<String> aclUsers = new HashSet<>();
   List<String> duplicateUsers = new ArrayList<>();
   for (AccessControl acl : acls) {
     String aclUser = acl.get_name();
     if (!StringUtils.isEmpty(aclUser) && !aclUsers.add(aclUser)) {
       LOG.error("'{}' user can't appear more than once in the ACLs", aclUser);
       duplicateUsers.add(aclUser);
     }
   }
   if (duplicateUsers.size() > 0) {
     String errorMessage =
         "user "
             + Arrays.toString(duplicateUsers.toArray())
             + " can't appear more than once in the ACLs for key ["
             + key
             + "].";
     throw new AuthorizationException(errorMessage);
   }
 }
Ejemplo n.º 6
0
 public static String accessControlToString(AccessControl ac) {
   StringBuilder ret = new StringBuilder();
   switch (ac.get_type()) {
     case OTHER:
       ret.append("o");
       break;
     case USER:
       ret.append("u");
       break;
     default:
       throw new IllegalArgumentException(
           "Don't know what a type of " + ac.get_type() + " means ");
   }
   ret.append(":");
   if (ac.is_set_name()) {
     ret.append(ac.get_name());
   }
   ret.append(":");
   ret.append(accessToString(ac.get_access()));
   return ret.toString();
 }
Ejemplo n.º 7
0
 private void fixACLsForUser(List<AccessControl> acls, String user, int mask) {
   boolean foundUserACL = false;
   for (AccessControl control : acls) {
     if (control.get_type() == AccessControlType.USER && control.get_name().equals(user)) {
       int currentAccess = control.get_access();
       if ((currentAccess & mask) != mask) {
         control.set_access(currentAccess | mask);
       }
       foundUserACL = true;
       break;
     }
   }
   if (!foundUserACL) {
     AccessControl userACL = new AccessControl();
     userACL.set_type(AccessControlType.USER);
     userACL.set_name(user);
     userACL.set_access(mask);
     acls.add(userACL);
   }
 }