static void checkACL(ZooKeeperServer zks, List<ACL> acl, int perm, List<Id> ids)
     throws KeeperException.NoAuthException {
   if (skipACL) {
     return;
   }
   if (acl == null || acl.size() == 0) {
     return;
   }
   for (Id authId : ids) {
     if (authId.getScheme().equals("super")) {
       return;
     }
   }
   for (ACL a : acl) {
     Id id = a.getId();
     if ((a.getPerms() & perm) != 0) {
       if (id.getScheme().equals("world") && id.getId().equals("anyone")) {
         return;
       }
       AuthenticationProvider ap = ProviderRegistry.getProvider(id.getScheme());
       if (ap != null) {
         for (Id authId : ids) {
           if (authId.getScheme().equals(id.getScheme())
               && ap.matches(authId.getId(), id.getId())) {
             return;
           }
         }
       }
     }
   }
   throw new KeeperException.NoAuthException();
 }
Пример #2
0
 /**
  * compare two list of acls. if there elements are in the same order and the same size then return
  * true else return false
  *
  * @param lista the list to be compared
  * @param listb the list to be compared
  * @return true if and only if the lists are of the same size and the elements are in the same
  *     order in lista and listb
  */
 private boolean listACLEquals(List<ACL> lista, List<ACL> listb) {
   if (lista.size() != listb.size()) {
     return false;
   }
   for (int i = 0; i < lista.size(); i++) {
     ACL a = lista.get(i);
     ACL b = listb.get(i);
     if (!a.equals(b)) {
       return false;
     }
   }
   return true;
 }
 /**
  * This method checks out the acl making sure it isn't null or empty, it has valid schemes and
  * ids, and expanding any relative ids that depend on the requestor's authentication information.
  *
  * @param authInfo list of ACL IDs associated with the client connection
  * @param acl list of ACLs being assigned to the node (create or setACL operation)
  * @return
  */
 private boolean fixupACL(List<Id> authInfo, List<ACL> acl) {
   if (skipACL) {
     return true;
   }
   if (acl == null || acl.size() == 0) {
     return false;
   }
   Iterator<ACL> it = acl.iterator();
   LinkedList<ACL> toAdd = null;
   while (it.hasNext()) {
     ACL a = it.next();
     Id id = a.getId();
     if (id.getScheme().equals("world") && id.getId().equals("anyone")) {
       // wide open
     } else if (id.getScheme().equals("auth")) {
       // This is the "auth" id, so we have to expand it to the
       // authenticated ids of the requestor
       it.remove();
       if (toAdd == null) {
         toAdd = new LinkedList<ACL>();
       }
       boolean authIdValid = false;
       for (Id cid : authInfo) {
         AuthenticationProvider ap = ProviderRegistry.getProvider(cid.getScheme());
         if (ap == null) {
           LOG.error("Missing AuthenticationProvider for " + cid.getScheme());
         } else if (ap.isAuthenticated()) {
           authIdValid = true;
           toAdd.add(new ACL(a.getPerms(), cid));
         }
       }
       if (!authIdValid) {
         return false;
       }
     } else {
       AuthenticationProvider ap = ProviderRegistry.getProvider(id.getScheme());
       if (ap == null) {
         return false;
       }
       if (!ap.isValid(id.getId())) {
         return false;
       }
     }
   }
   if (toAdd != null) {
     for (ACL a : toAdd) {
       acl.add(a);
     }
   }
   return acl.size() > 0;
 }
Пример #4
0
 private synchronized void serializeList(Map<Long, List<ACL>> longKeyMap, OutputArchive oa)
     throws IOException {
   oa.writeInt(longKeyMap.size(), "map");
   Set<Map.Entry<Long, List<ACL>>> set = longKeyMap.entrySet();
   for (Map.Entry<Long, List<ACL>> val : set) {
     oa.writeLong(val.getKey(), "long");
     List<ACL> aclList = val.getValue();
     oa.startVector(aclList, "acls");
     for (ACL acl : aclList) {
       acl.serialize(oa, "acl");
     }
     oa.endVector(aclList, "acls");
   }
 }
Пример #5
0
 /**
  * Parses a {@link String} representation of the {@link ACL} list.
  *
  * @param aclString
  * @return
  */
 private List<ACL> parseACLs(String aclString) {
   List<ACL> acl;
   String acls[] = aclString.split(",");
   acl = new ArrayList<ACL>();
   for (String a : acls) {
     int firstColon = a.indexOf(':');
     int lastColon = a.lastIndexOf(':');
     if (firstColon == -1 || lastColon == -1 || firstColon == lastColon) {
       LOGGER.warn(a + " does not have the form scheme:id:perm");
       continue;
     }
     ACL newAcl = new ACL();
     newAcl.setId(new Id(a.substring(0, firstColon), a.substring(firstColon + 1, lastColon)));
     newAcl.setPerms(getPermFromString(a.substring(lastColon + 1)));
     acl.add(newAcl);
   }
   return acl;
 }
Пример #6
0
 private void deserializeList(Map<Long, List<ACL>> longKeyMap, InputArchive ia)
     throws IOException {
   int i = ia.readInt("map");
   while (i > 0) {
     Long val = ia.readLong("long");
     if (aclIndex < val) {
       aclIndex = val;
     }
     List<ACL> aclList = new ArrayList<ACL>();
     Index j = ia.startVector("acls");
     while (!j.done()) {
       ACL acl = new ACL();
       acl.deserialize(ia, "acl");
       aclList.add(acl);
       j.incr();
     }
     longKeyMap.put(val, aclList);
     aclKeyMap.put(aclList, val);
     i--;
   }
 }