1 | /** |
---|
2 | * Licensed to the Apache Software Foundation (ASF) under one |
---|
3 | * or more contributor license agreements. See the NOTICE file |
---|
4 | * distributed with this work for additional information |
---|
5 | * regarding copyright ownership. The ASF licenses this file |
---|
6 | * to you under the Apache License, Version 2.0 (the |
---|
7 | * "License"); you may not use this file except in compliance |
---|
8 | * with the License. You may obtain a copy of the License at |
---|
9 | * |
---|
10 | * http://www.apache.org/licenses/LICENSE-2.0 |
---|
11 | * |
---|
12 | * Unless required by applicable law or agreed to in writing, software |
---|
13 | * distributed under the License is distributed on an "AS IS" BASIS, |
---|
14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
---|
15 | * See the License for the specific language governing permissions and |
---|
16 | * limitations under the License. |
---|
17 | */ |
---|
18 | package org.apache.hadoop.hdfs; |
---|
19 | |
---|
20 | import java.io.IOException; |
---|
21 | import java.util.Random; |
---|
22 | |
---|
23 | import javax.security.auth.login.LoginException; |
---|
24 | |
---|
25 | import org.apache.commons.logging.*; |
---|
26 | import org.apache.hadoop.conf.Configuration; |
---|
27 | import org.apache.hadoop.hdfs.MiniDFSCluster; |
---|
28 | import org.apache.hadoop.hdfs.server.common.Util; |
---|
29 | import org.apache.hadoop.fs.*; |
---|
30 | import org.apache.hadoop.fs.permission.*; |
---|
31 | import org.apache.hadoop.security.AccessControlException; |
---|
32 | import org.apache.hadoop.security.UnixUserGroupInformation; |
---|
33 | |
---|
34 | import junit.framework.AssertionFailedError; |
---|
35 | import junit.framework.TestCase; |
---|
36 | |
---|
37 | /** Unit tests for permission */ |
---|
38 | public class TestDFSPermission extends TestCase { |
---|
39 | public static final Log LOG = LogFactory.getLog(TestDFSPermission.class); |
---|
40 | final private static Configuration conf = new Configuration(); |
---|
41 | |
---|
42 | final private static String GROUP1_NAME = "group1"; |
---|
43 | final private static String GROUP2_NAME = "group2"; |
---|
44 | final private static String GROUP3_NAME = "group3"; |
---|
45 | final private static String GROUP4_NAME = "group4"; |
---|
46 | final private static String USER1_NAME = "user1"; |
---|
47 | final private static String USER2_NAME = "user2"; |
---|
48 | final private static String USER3_NAME = "user3"; |
---|
49 | |
---|
50 | private static UnixUserGroupInformation SUPERUSER; |
---|
51 | private static UnixUserGroupInformation USER1; |
---|
52 | private static UnixUserGroupInformation USER2; |
---|
53 | private static UnixUserGroupInformation USER3; |
---|
54 | |
---|
55 | final private static short MAX_PERMISSION = 511; |
---|
56 | final private static short DEFAULT_UMASK = 022; |
---|
57 | final private static short FILE_MASK = 0666; |
---|
58 | final private static FsPermission DEFAULT_PERMISSION = |
---|
59 | FsPermission.createImmutable((short) 0777); |
---|
60 | final static private int NUM_TEST_PERMISSIONS = |
---|
61 | conf.getInt("test.dfs.permission.num", 10) * (MAX_PERMISSION + 1) / 100; |
---|
62 | |
---|
63 | |
---|
64 | final private static String PATH_NAME = "xx"; |
---|
65 | final private static Path FILE_DIR_PATH = new Path("/", PATH_NAME); |
---|
66 | final private static Path NON_EXISTENT_PATH = new Path("/parent", PATH_NAME); |
---|
67 | final private static Path NON_EXISTENT_FILE = new Path("/NonExistentFile"); |
---|
68 | |
---|
69 | private FileSystem fs; |
---|
70 | private static Random r; |
---|
71 | |
---|
72 | static { |
---|
73 | try { |
---|
74 | // Initiate the random number generator and logging the seed |
---|
75 | long seed = Util.now(); |
---|
76 | r = new Random(seed); |
---|
77 | LOG.info("Random number generator uses seed " + seed); |
---|
78 | LOG.info("NUM_TEST_PERMISSIONS=" + NUM_TEST_PERMISSIONS); |
---|
79 | |
---|
80 | // explicitly turn on permission checking |
---|
81 | conf.setBoolean("dfs.permissions", true); |
---|
82 | |
---|
83 | // Initiate all four users |
---|
84 | SUPERUSER = UnixUserGroupInformation.login(conf); |
---|
85 | USER1 = new UnixUserGroupInformation(USER1_NAME, new String[] { |
---|
86 | GROUP1_NAME, GROUP2_NAME }); |
---|
87 | USER2 = new UnixUserGroupInformation(USER2_NAME, new String[] { |
---|
88 | GROUP2_NAME, GROUP3_NAME }); |
---|
89 | USER3 = new UnixUserGroupInformation(USER3_NAME, new String[] { |
---|
90 | GROUP3_NAME, GROUP4_NAME }); |
---|
91 | } catch (LoginException e) { |
---|
92 | throw new RuntimeException(e); |
---|
93 | } |
---|
94 | } |
---|
95 | |
---|
96 | /** This tests if permission setting in create, mkdir, and |
---|
97 | * setPermission works correctly |
---|
98 | */ |
---|
99 | public void testPermissionSetting() throws Exception { |
---|
100 | MiniDFSCluster cluster = new MiniDFSCluster(conf, 3, true, null); |
---|
101 | try { |
---|
102 | cluster.waitActive(); |
---|
103 | fs = FileSystem.get(conf); |
---|
104 | LOG.info("ROOT=" + fs.getFileStatus(new Path("/"))); |
---|
105 | testPermissionSetting(OpType.CREATE); // test file creation |
---|
106 | testPermissionSetting(OpType.MKDIRS); // test directory creation |
---|
107 | } finally { |
---|
108 | fs.close(); |
---|
109 | cluster.shutdown(); |
---|
110 | } |
---|
111 | } |
---|
112 | |
---|
113 | /* check permission setting works correctly for file or directory */ |
---|
114 | private void testPermissionSetting(OpType op) throws Exception { |
---|
115 | // case 1: use default permission but all possible umasks |
---|
116 | PermissionGenerator generator = new PermissionGenerator(r); |
---|
117 | for (short i = 0; i < NUM_TEST_PERMISSIONS; i++) { |
---|
118 | createAndCheckPermission(op, FILE_DIR_PATH, generator.next(), |
---|
119 | new FsPermission(DEFAULT_PERMISSION), true); |
---|
120 | } |
---|
121 | |
---|
122 | // case 2: use permission 0643 and the default umask |
---|
123 | createAndCheckPermission(op, FILE_DIR_PATH, DEFAULT_UMASK, |
---|
124 | new FsPermission((short) 0643), true); |
---|
125 | |
---|
126 | // case 3: use permission 0643 and umask 0222 |
---|
127 | createAndCheckPermission(op, FILE_DIR_PATH, (short) 0222, |
---|
128 | new FsPermission((short) 0643), false); |
---|
129 | |
---|
130 | // case 4: set permission |
---|
131 | fs.setPermission(FILE_DIR_PATH, new FsPermission((short) 0111)); |
---|
132 | short expectedPermission = (short) ((op == OpType.CREATE) ? 0 : 0111); |
---|
133 | checkPermission(FILE_DIR_PATH, expectedPermission, true); |
---|
134 | |
---|
135 | // case 5: test non-existent parent directory |
---|
136 | assertFalse(fs.exists(NON_EXISTENT_PATH)); |
---|
137 | createAndCheckPermission(op, NON_EXISTENT_PATH, DEFAULT_UMASK, |
---|
138 | new FsPermission(DEFAULT_PERMISSION), false); |
---|
139 | Path parent = NON_EXISTENT_PATH.getParent(); |
---|
140 | checkPermission(parent, getPermission(parent.getParent()), true); |
---|
141 | } |
---|
142 | |
---|
143 | /* get the permission of a file/directory */ |
---|
144 | private short getPermission(Path path) throws IOException { |
---|
145 | return fs.getFileStatus(path).getPermission().toShort(); |
---|
146 | } |
---|
147 | |
---|
148 | /* create a file/directory with the default umask and permission */ |
---|
149 | private void create(OpType op, Path name) throws IOException { |
---|
150 | create(op, name, DEFAULT_UMASK, new FsPermission(DEFAULT_PERMISSION)); |
---|
151 | } |
---|
152 | |
---|
153 | /* create a file/directory with the given umask and permission */ |
---|
154 | private void create(OpType op, Path name, short umask, |
---|
155 | FsPermission permission) throws IOException { |
---|
156 | // set umask in configuration |
---|
157 | conf.setInt(FsPermission.UMASK_LABEL, umask); |
---|
158 | |
---|
159 | // create the file/directory |
---|
160 | switch (op) { |
---|
161 | case CREATE: |
---|
162 | FSDataOutputStream out = fs.create(name, permission, true, conf.getInt( |
---|
163 | "io.file.buffer.size", 4096), fs.getDefaultReplication(), fs |
---|
164 | .getDefaultBlockSize(), null); |
---|
165 | out.close(); |
---|
166 | break; |
---|
167 | case MKDIRS: |
---|
168 | fs.mkdirs(name, permission); |
---|
169 | break; |
---|
170 | default: |
---|
171 | throw new IOException("Unsupported operation: " + op); |
---|
172 | } |
---|
173 | } |
---|
174 | |
---|
175 | /* create file/directory with the provided umask and permission; then it |
---|
176 | * checks if the permission is set correctly; |
---|
177 | * If the delete flag is true, delete the file afterwards; otherwise leave |
---|
178 | * it in the file system. |
---|
179 | */ |
---|
180 | private void createAndCheckPermission(OpType op, Path name, short umask, |
---|
181 | FsPermission permission, boolean delete) throws Exception { |
---|
182 | // create the file/directory |
---|
183 | create(op, name, umask, permission); |
---|
184 | |
---|
185 | // get the short form of the permission |
---|
186 | short permissionNum = (DEFAULT_PERMISSION.equals(permission)) ? MAX_PERMISSION |
---|
187 | : permission.toShort(); |
---|
188 | |
---|
189 | // get the expected permission |
---|
190 | short expectedPermission = (op == OpType.CREATE) ? (short) (~umask |
---|
191 | & permissionNum & FILE_MASK) : (short) (~umask & permissionNum); |
---|
192 | |
---|
193 | // check if permission is correctly set |
---|
194 | checkPermission(name, expectedPermission, delete); |
---|
195 | } |
---|
196 | |
---|
197 | /* Check if the permission of a file/directory is the same as the |
---|
198 | * expected permission; If the delete flag is true, delete the |
---|
199 | * file/directory afterwards. |
---|
200 | */ |
---|
201 | private void checkPermission(Path name, short expectedPermission, |
---|
202 | boolean delete) throws IOException { |
---|
203 | try { |
---|
204 | // check its permission |
---|
205 | assertEquals(getPermission(name), expectedPermission); |
---|
206 | } finally { |
---|
207 | // delete the file |
---|
208 | if (delete) { |
---|
209 | fs.delete(name, true); |
---|
210 | } |
---|
211 | } |
---|
212 | } |
---|
213 | |
---|
214 | /* check if the ownership of a file/directory is set correctly */ |
---|
215 | public void testOwnership() throws Exception { |
---|
216 | MiniDFSCluster cluster = new MiniDFSCluster(conf, 3, true, null); |
---|
217 | try { |
---|
218 | cluster.waitActive(); |
---|
219 | testOwnership(OpType.CREATE); // test file creation |
---|
220 | testOwnership(OpType.MKDIRS); // test directory creation |
---|
221 | } finally { |
---|
222 | fs.close(); |
---|
223 | cluster.shutdown(); |
---|
224 | } |
---|
225 | } |
---|
226 | |
---|
227 | /* change a file/directory's owner and group. |
---|
228 | * if expectDeny is set, expect an AccessControlException. |
---|
229 | */ |
---|
230 | private void setOwner(Path path, String owner, String group, |
---|
231 | boolean expectDeny) throws IOException { |
---|
232 | try { |
---|
233 | String expectedOwner = (owner == null) ? getOwner(path) : owner; |
---|
234 | String expectedGroup = (group == null) ? getGroup(path) : group; |
---|
235 | fs.setOwner(path, owner, group); |
---|
236 | checkOwnership(path, expectedOwner, expectedGroup); |
---|
237 | assertFalse(expectDeny); |
---|
238 | } catch(AccessControlException e) { |
---|
239 | assertTrue(expectDeny); |
---|
240 | } |
---|
241 | } |
---|
242 | |
---|
243 | /* check ownership is set correctly for a file or directory */ |
---|
244 | private void testOwnership(OpType op) throws Exception { |
---|
245 | // case 1: superuser create a file/directory |
---|
246 | fs = FileSystem.get(conf); |
---|
247 | create(op, FILE_DIR_PATH, DEFAULT_UMASK, |
---|
248 | new FsPermission(DEFAULT_PERMISSION)); |
---|
249 | checkOwnership(FILE_DIR_PATH, SUPERUSER.getUserName(), |
---|
250 | getGroup(FILE_DIR_PATH.getParent())); |
---|
251 | |
---|
252 | // case 2: superuser changes FILE_DIR_PATH's owner to be <user1, group3> |
---|
253 | setOwner(FILE_DIR_PATH, USER1.getUserName(), GROUP3_NAME, false); |
---|
254 | |
---|
255 | // case 3: user1 changes FILE_DIR_PATH's owner to be user2 |
---|
256 | login(USER1); |
---|
257 | setOwner(FILE_DIR_PATH, USER2.getUserName(), null, true); |
---|
258 | |
---|
259 | // case 4: user1 changes FILE_DIR_PATH's group to be group1 which it belongs |
---|
260 | // to |
---|
261 | setOwner(FILE_DIR_PATH, null, GROUP1_NAME, false); |
---|
262 | |
---|
263 | // case 5: user1 changes FILE_DIR_PATH's group to be group3 |
---|
264 | // which it does not belong to |
---|
265 | setOwner(FILE_DIR_PATH, null, GROUP3_NAME, true); |
---|
266 | |
---|
267 | // case 6: user2 (non-owner) changes FILE_DIR_PATH's group to be group3 |
---|
268 | login(USER2); |
---|
269 | setOwner(FILE_DIR_PATH, null, GROUP3_NAME, true); |
---|
270 | |
---|
271 | // case 7: user2 (non-owner) changes FILE_DIR_PATH's user to be user2 |
---|
272 | setOwner(FILE_DIR_PATH, USER2.getUserName(), null, true); |
---|
273 | |
---|
274 | // delete the file/directory |
---|
275 | login(SUPERUSER); |
---|
276 | fs.delete(FILE_DIR_PATH, true); |
---|
277 | } |
---|
278 | |
---|
279 | /* Return the group owner of the file/directory */ |
---|
280 | private String getGroup(Path path) throws IOException { |
---|
281 | return fs.getFileStatus(path).getGroup(); |
---|
282 | } |
---|
283 | |
---|
284 | /* Return the file owner of the file/directory */ |
---|
285 | private String getOwner(Path path) throws IOException { |
---|
286 | return fs.getFileStatus(path).getOwner(); |
---|
287 | } |
---|
288 | |
---|
289 | /* check if ownership is set correctly */ |
---|
290 | private void checkOwnership(Path name, String expectedOwner, |
---|
291 | String expectedGroup) throws IOException { |
---|
292 | // check its owner and group |
---|
293 | FileStatus status = fs.getFileStatus(name); |
---|
294 | assertEquals(status.getOwner(), expectedOwner); |
---|
295 | assertEquals(status.getGroup(), expectedGroup); |
---|
296 | } |
---|
297 | |
---|
298 | final static private String ANCESTOR_NAME = "/ancestor"; |
---|
299 | final static private String PARENT_NAME = "parent"; |
---|
300 | final static private String FILE_NAME = "file"; |
---|
301 | final static private String DIR_NAME = "dir"; |
---|
302 | final static private String FILE_DIR_NAME = "filedir"; |
---|
303 | |
---|
304 | private enum OpType {CREATE, MKDIRS, OPEN, SET_REPLICATION, |
---|
305 | GET_FILEINFO, IS_DIR, EXISTS, GET_CONTENT_LENGTH, LIST, RENAME, DELETE |
---|
306 | }; |
---|
307 | |
---|
308 | /* Check if namenode performs permission checking correctly for |
---|
309 | * superuser, file owner, group owner, and other users */ |
---|
310 | public void testPermissionChecking() throws Exception { |
---|
311 | MiniDFSCluster cluster = new MiniDFSCluster(conf, 3, true, null); |
---|
312 | try { |
---|
313 | cluster.waitActive(); |
---|
314 | fs = FileSystem.get(conf); |
---|
315 | |
---|
316 | // set the permission of the root to be world-wide rwx |
---|
317 | fs.setPermission(new Path("/"), new FsPermission((short)0777)); |
---|
318 | |
---|
319 | // create a directory hierarchy and sets random permission for each inode |
---|
320 | PermissionGenerator ancestorPermissionGenerator = |
---|
321 | new PermissionGenerator(r); |
---|
322 | PermissionGenerator dirPermissionGenerator = new PermissionGenerator(r); |
---|
323 | PermissionGenerator filePermissionGenerator = new PermissionGenerator(r); |
---|
324 | short[] ancestorPermissions = new short[NUM_TEST_PERMISSIONS]; |
---|
325 | short[] parentPermissions = new short[NUM_TEST_PERMISSIONS]; |
---|
326 | short[] permissions = new short[NUM_TEST_PERMISSIONS]; |
---|
327 | Path[] ancestorPaths = new Path[NUM_TEST_PERMISSIONS]; |
---|
328 | Path[] parentPaths = new Path[NUM_TEST_PERMISSIONS]; |
---|
329 | Path[] filePaths = new Path[NUM_TEST_PERMISSIONS]; |
---|
330 | Path[] dirPaths = new Path[NUM_TEST_PERMISSIONS]; |
---|
331 | for (int i = 0; i < NUM_TEST_PERMISSIONS; i++) { |
---|
332 | // create ancestor directory |
---|
333 | ancestorPaths[i] = new Path(ANCESTOR_NAME + i); |
---|
334 | create(OpType.MKDIRS, ancestorPaths[i]); |
---|
335 | fs.setOwner(ancestorPaths[i], USER1_NAME, GROUP2_NAME); |
---|
336 | // create parent directory |
---|
337 | parentPaths[i] = new Path(ancestorPaths[i], PARENT_NAME + i); |
---|
338 | create(OpType.MKDIRS, parentPaths[i]); |
---|
339 | // change parent directory's ownership to be user1 |
---|
340 | fs.setOwner(parentPaths[i], USER1_NAME, GROUP2_NAME); |
---|
341 | |
---|
342 | filePaths[i] = new Path(parentPaths[i], FILE_NAME + i); |
---|
343 | dirPaths[i] = new Path(parentPaths[i], DIR_NAME + i); |
---|
344 | |
---|
345 | // makes sure that each inode at the same level |
---|
346 | // has a different permission |
---|
347 | ancestorPermissions[i] = ancestorPermissionGenerator.next(); |
---|
348 | parentPermissions[i] = dirPermissionGenerator.next(); |
---|
349 | permissions[i] = filePermissionGenerator.next(); |
---|
350 | fs.setPermission(ancestorPaths[i], new FsPermission( |
---|
351 | ancestorPermissions[i])); |
---|
352 | fs.setPermission(parentPaths[i], new FsPermission( |
---|
353 | parentPermissions[i])); |
---|
354 | } |
---|
355 | |
---|
356 | /* file owner */ |
---|
357 | testPermissionCheckingPerUser(USER1, ancestorPermissions, |
---|
358 | parentPermissions, permissions, parentPaths, filePaths, dirPaths); |
---|
359 | /* group owner */ |
---|
360 | testPermissionCheckingPerUser(USER2, ancestorPermissions, |
---|
361 | parentPermissions, permissions, parentPaths, filePaths, dirPaths); |
---|
362 | /* other owner */ |
---|
363 | testPermissionCheckingPerUser(USER3, ancestorPermissions, |
---|
364 | parentPermissions, permissions, parentPaths, filePaths, dirPaths); |
---|
365 | /* super owner */ |
---|
366 | testPermissionCheckingPerUser(SUPERUSER, ancestorPermissions, |
---|
367 | parentPermissions, permissions, parentPaths, filePaths, dirPaths); |
---|
368 | } finally { |
---|
369 | fs.close(); |
---|
370 | cluster.shutdown(); |
---|
371 | } |
---|
372 | } |
---|
373 | |
---|
374 | /* Check if namenode performs permission checking correctly |
---|
375 | * for the given user for operations mkdir, open, setReplication, |
---|
376 | * getFileInfo, isDirectory, exists, getContentLength, list, rename, |
---|
377 | * and delete */ |
---|
378 | private void testPermissionCheckingPerUser(UnixUserGroupInformation ugi, |
---|
379 | short[] ancestorPermission, short[] parentPermission, |
---|
380 | short[] filePermission, Path[] parentDirs, Path[] files, Path[] dirs) |
---|
381 | throws Exception { |
---|
382 | login(SUPERUSER); |
---|
383 | for (int i = 0; i < NUM_TEST_PERMISSIONS; i++) { |
---|
384 | create(OpType.CREATE, files[i]); |
---|
385 | create(OpType.MKDIRS, dirs[i]); |
---|
386 | fs.setOwner(files[i], USER1_NAME, GROUP2_NAME); |
---|
387 | fs.setOwner(dirs[i], USER1_NAME, GROUP2_NAME); |
---|
388 | checkOwnership(dirs[i], USER1_NAME, GROUP2_NAME); |
---|
389 | checkOwnership(files[i], USER1_NAME, GROUP2_NAME); |
---|
390 | |
---|
391 | FsPermission fsPermission = new FsPermission(filePermission[i]); |
---|
392 | fs.setPermission(files[i], fsPermission); |
---|
393 | fs.setPermission(dirs[i], fsPermission); |
---|
394 | } |
---|
395 | |
---|
396 | login(ugi); |
---|
397 | for (int i = 0; i < NUM_TEST_PERMISSIONS; i++) { |
---|
398 | testCreateMkdirs(ugi, new Path(parentDirs[i], FILE_DIR_NAME), |
---|
399 | ancestorPermission[i], parentPermission[i]); |
---|
400 | testOpen(ugi, files[i], ancestorPermission[i], parentPermission[i], |
---|
401 | filePermission[i]); |
---|
402 | testSetReplication(ugi, files[i], ancestorPermission[i], |
---|
403 | parentPermission[i], filePermission[i]); |
---|
404 | testSetTimes(ugi, files[i], ancestorPermission[i], |
---|
405 | parentPermission[i], filePermission[i]); |
---|
406 | testStats(ugi, files[i], ancestorPermission[i], parentPermission[i]); |
---|
407 | testList(ugi, files[i], dirs[i], ancestorPermission[i], |
---|
408 | parentPermission[i], filePermission[i]); |
---|
409 | int next = i == NUM_TEST_PERMISSIONS - 1 ? 0 : i + 1; |
---|
410 | testRename(ugi, files[i], files[next], ancestorPermission[i], |
---|
411 | parentPermission[i], ancestorPermission[next], parentPermission[next]); |
---|
412 | testDeleteFile(ugi, files[i], ancestorPermission[i], parentPermission[i]); |
---|
413 | testDeleteDir(ugi, dirs[i], ancestorPermission[i], parentPermission[i], |
---|
414 | filePermission[i], null); |
---|
415 | } |
---|
416 | |
---|
417 | // test non existent file |
---|
418 | checkNonExistentFile(); |
---|
419 | } |
---|
420 | |
---|
421 | /* A random permission generator that guarantees that each permission |
---|
422 | * value is generated only once. |
---|
423 | */ |
---|
424 | static private class PermissionGenerator { |
---|
425 | private Random r; |
---|
426 | private short permissions[] = new short[MAX_PERMISSION + 1]; |
---|
427 | private int numLeft = MAX_PERMISSION + 1; |
---|
428 | |
---|
429 | PermissionGenerator(Random r) { |
---|
430 | this.r = r; |
---|
431 | for (int i = 0; i <= MAX_PERMISSION; i++) { |
---|
432 | permissions[i] = (short) i; |
---|
433 | } |
---|
434 | } |
---|
435 | |
---|
436 | short next() throws IOException { |
---|
437 | if (numLeft == 0) { |
---|
438 | throw new IOException("No more permission is avaialbe"); |
---|
439 | } |
---|
440 | int index = r.nextInt(numLeft); // choose which permission to return |
---|
441 | numLeft--; // decrement the counter |
---|
442 | |
---|
443 | // swap the chosen permission with last available permission in the array |
---|
444 | short temp = permissions[numLeft]; |
---|
445 | permissions[numLeft] = permissions[index]; |
---|
446 | permissions[index] = temp; |
---|
447 | |
---|
448 | return permissions[numLeft]; |
---|
449 | } |
---|
450 | } |
---|
451 | |
---|
452 | /* A base class that verifies the permission checking is correct |
---|
453 | * for an operation */ |
---|
454 | abstract class PermissionVerifier { |
---|
455 | protected Path path; |
---|
456 | protected short ancestorPermission; |
---|
457 | protected short parentPermission; |
---|
458 | private short permission; |
---|
459 | protected short requiredAncestorPermission; |
---|
460 | protected short requiredParentPermission; |
---|
461 | protected short requiredPermission; |
---|
462 | final static protected short opAncestorPermission = SEARCH_MASK; |
---|
463 | protected short opParentPermission; |
---|
464 | protected short opPermission; |
---|
465 | protected UnixUserGroupInformation ugi; |
---|
466 | |
---|
467 | /* initialize */ |
---|
468 | protected void set(Path path, short ancestorPermission, |
---|
469 | short parentPermission, short permission) { |
---|
470 | this.path = path; |
---|
471 | this.ancestorPermission = ancestorPermission; |
---|
472 | this.parentPermission = parentPermission; |
---|
473 | this.permission = permission; |
---|
474 | setOpPermission(); |
---|
475 | this.ugi = null; |
---|
476 | } |
---|
477 | |
---|
478 | /* Perform an operation and verify if the permission checking is correct */ |
---|
479 | void verifyPermission(UnixUserGroupInformation ugi) throws LoginException, |
---|
480 | IOException { |
---|
481 | if (this.ugi != ugi) { |
---|
482 | setRequiredPermissions(ugi); |
---|
483 | this.ugi = ugi; |
---|
484 | } |
---|
485 | |
---|
486 | try { |
---|
487 | try { |
---|
488 | call(); |
---|
489 | assertFalse(expectPermissionDeny()); |
---|
490 | } catch(AccessControlException e) { |
---|
491 | assertTrue(expectPermissionDeny()); |
---|
492 | } |
---|
493 | } catch (AssertionFailedError ae) { |
---|
494 | logPermissions(); |
---|
495 | throw ae; |
---|
496 | } |
---|
497 | } |
---|
498 | |
---|
499 | /** Log the permissions and required permissions */ |
---|
500 | protected void logPermissions() { |
---|
501 | LOG.info("required ancestor permission:" |
---|
502 | + Integer.toOctalString(requiredAncestorPermission)); |
---|
503 | LOG.info("ancestor permission: " |
---|
504 | + Integer.toOctalString(ancestorPermission)); |
---|
505 | LOG.info("required parent permission:" |
---|
506 | + Integer.toOctalString(requiredParentPermission)); |
---|
507 | LOG.info("parent permission: " + Integer.toOctalString(parentPermission)); |
---|
508 | LOG.info("required permission:" |
---|
509 | + Integer.toOctalString(requiredPermission)); |
---|
510 | LOG.info("permission: " + Integer.toOctalString(permission)); |
---|
511 | } |
---|
512 | |
---|
513 | /* Return true if an AccessControlException is expected */ |
---|
514 | protected boolean expectPermissionDeny() { |
---|
515 | return (requiredPermission & permission) != requiredPermission |
---|
516 | || (requiredParentPermission & parentPermission) != |
---|
517 | requiredParentPermission |
---|
518 | || (requiredAncestorPermission & ancestorPermission) != |
---|
519 | requiredAncestorPermission; |
---|
520 | } |
---|
521 | |
---|
522 | /* Set the permissions required to pass the permission checking */ |
---|
523 | protected void setRequiredPermissions(UnixUserGroupInformation ugi) |
---|
524 | throws IOException { |
---|
525 | if (SUPERUSER.equals(ugi)) { |
---|
526 | requiredAncestorPermission = SUPER_MASK; |
---|
527 | requiredParentPermission = SUPER_MASK; |
---|
528 | requiredPermission = SUPER_MASK; |
---|
529 | } else if (USER1.equals(ugi)) { |
---|
530 | requiredAncestorPermission = (short)(opAncestorPermission & OWNER_MASK); |
---|
531 | requiredParentPermission = (short)(opParentPermission & OWNER_MASK); |
---|
532 | requiredPermission = (short)(opPermission & OWNER_MASK); |
---|
533 | } else if (USER2.equals(ugi)) { |
---|
534 | requiredAncestorPermission = (short)(opAncestorPermission & GROUP_MASK); |
---|
535 | requiredParentPermission = (short)(opParentPermission & GROUP_MASK); |
---|
536 | requiredPermission = (short)(opPermission & GROUP_MASK); |
---|
537 | } else if (USER3.equals(ugi)) { |
---|
538 | requiredAncestorPermission = (short)(opAncestorPermission & OTHER_MASK); |
---|
539 | requiredParentPermission = (short)(opParentPermission & OTHER_MASK); |
---|
540 | requiredPermission = (short)(opPermission & OTHER_MASK); |
---|
541 | } else { |
---|
542 | throw new IllegalArgumentException("Non-supported user: " + ugi); |
---|
543 | } |
---|
544 | } |
---|
545 | |
---|
546 | /* Set the rwx permissions required for the operation */ |
---|
547 | abstract void setOpPermission(); |
---|
548 | |
---|
549 | /* Perform the operation */ |
---|
550 | abstract void call() throws IOException; |
---|
551 | } |
---|
552 | |
---|
553 | final static private short SUPER_MASK = 0; |
---|
554 | final static private short READ_MASK = 0444; |
---|
555 | final static private short WRITE_MASK = 0222; |
---|
556 | final static private short SEARCH_MASK = 0111; |
---|
557 | final static private short NULL_MASK = 0; |
---|
558 | final static private short OWNER_MASK = 0700; |
---|
559 | final static private short GROUP_MASK = 0070; |
---|
560 | final static private short OTHER_MASK = 0007; |
---|
561 | |
---|
562 | /* A class that verifies the permission checking is correct for create/mkdir*/ |
---|
563 | private class CreatePermissionVerifier extends PermissionVerifier { |
---|
564 | private OpType opType; |
---|
565 | private boolean cleanup = true; |
---|
566 | |
---|
567 | /* initialize */ |
---|
568 | protected void set(Path path, OpType opType, short ancestorPermission, |
---|
569 | short parentPermission) { |
---|
570 | super.set(path, ancestorPermission, parentPermission, NULL_MASK); |
---|
571 | setOpType(opType); |
---|
572 | } |
---|
573 | |
---|
574 | void setCleanup(boolean cleanup) { |
---|
575 | this.cleanup = cleanup; |
---|
576 | } |
---|
577 | |
---|
578 | /* set if the operation mkdir/create */ |
---|
579 | void setOpType(OpType opType) { |
---|
580 | this.opType = opType; |
---|
581 | } |
---|
582 | |
---|
583 | @Override |
---|
584 | void setOpPermission() { |
---|
585 | this.opParentPermission = SEARCH_MASK | WRITE_MASK; |
---|
586 | } |
---|
587 | |
---|
588 | @Override |
---|
589 | void call() throws IOException { |
---|
590 | create(opType, path); |
---|
591 | if (cleanup) { |
---|
592 | fs.delete(path, true); |
---|
593 | } |
---|
594 | } |
---|
595 | } |
---|
596 | |
---|
597 | private CreatePermissionVerifier createVerifier = |
---|
598 | new CreatePermissionVerifier(); |
---|
599 | /* test if the permission checking of create/mkdir is correct */ |
---|
600 | private void testCreateMkdirs(UnixUserGroupInformation ugi, Path path, |
---|
601 | short ancestorPermission, short parentPermission) throws Exception { |
---|
602 | createVerifier.set(path, OpType.MKDIRS, ancestorPermission, |
---|
603 | parentPermission); |
---|
604 | createVerifier.verifyPermission(ugi); |
---|
605 | createVerifier.setOpType(OpType.CREATE); |
---|
606 | createVerifier.setCleanup(false); |
---|
607 | createVerifier.verifyPermission(ugi); |
---|
608 | createVerifier.setCleanup(true); |
---|
609 | createVerifier.verifyPermission(ugi); // test overWritten |
---|
610 | } |
---|
611 | |
---|
612 | /* A class that verifies the permission checking is correct for open */ |
---|
613 | private class OpenPermissionVerifier extends PermissionVerifier { |
---|
614 | @Override |
---|
615 | void setOpPermission() { |
---|
616 | this.opParentPermission = SEARCH_MASK; |
---|
617 | this.opPermission = READ_MASK; |
---|
618 | } |
---|
619 | |
---|
620 | @Override |
---|
621 | void call() throws IOException { |
---|
622 | FSDataInputStream in = fs.open(path); |
---|
623 | in.close(); |
---|
624 | } |
---|
625 | } |
---|
626 | |
---|
627 | private OpenPermissionVerifier openVerifier = new OpenPermissionVerifier(); |
---|
628 | /* test if the permission checking of open is correct */ |
---|
629 | private void testOpen(UnixUserGroupInformation ugi, Path path, |
---|
630 | short ancestorPermission, short parentPermission, short filePermission) |
---|
631 | throws Exception { |
---|
632 | openVerifier |
---|
633 | .set(path, ancestorPermission, parentPermission, filePermission); |
---|
634 | openVerifier.verifyPermission(ugi); |
---|
635 | } |
---|
636 | |
---|
637 | /* A class that verifies the permission checking is correct for |
---|
638 | * setReplication */ |
---|
639 | private class SetReplicationPermissionVerifier extends PermissionVerifier { |
---|
640 | @Override |
---|
641 | void setOpPermission() { |
---|
642 | this.opParentPermission = SEARCH_MASK; |
---|
643 | this.opPermission = WRITE_MASK; |
---|
644 | } |
---|
645 | |
---|
646 | @Override |
---|
647 | void call() throws IOException { |
---|
648 | fs.setReplication(path, (short) 1); |
---|
649 | } |
---|
650 | } |
---|
651 | |
---|
652 | private SetReplicationPermissionVerifier replicatorVerifier = |
---|
653 | new SetReplicationPermissionVerifier(); |
---|
654 | /* test if the permission checking of setReplication is correct */ |
---|
655 | private void testSetReplication(UnixUserGroupInformation ugi, Path path, |
---|
656 | short ancestorPermission, short parentPermission, short filePermission) |
---|
657 | throws Exception { |
---|
658 | replicatorVerifier.set(path, ancestorPermission, parentPermission, |
---|
659 | filePermission); |
---|
660 | replicatorVerifier.verifyPermission(ugi); |
---|
661 | } |
---|
662 | |
---|
663 | /* A class that verifies the permission checking is correct for |
---|
664 | * setTimes */ |
---|
665 | private class SetTimesPermissionVerifier extends PermissionVerifier { |
---|
666 | @Override |
---|
667 | void setOpPermission() { |
---|
668 | this.opParentPermission = SEARCH_MASK; |
---|
669 | this.opPermission = WRITE_MASK; |
---|
670 | } |
---|
671 | |
---|
672 | @Override |
---|
673 | void call() throws IOException { |
---|
674 | fs.setTimes(path, 100, 100); |
---|
675 | fs.setTimes(path, -1, 100); |
---|
676 | fs.setTimes(path, 100, -1); |
---|
677 | } |
---|
678 | } |
---|
679 | |
---|
680 | private SetTimesPermissionVerifier timesVerifier = |
---|
681 | new SetTimesPermissionVerifier(); |
---|
682 | /* test if the permission checking of setReplication is correct */ |
---|
683 | private void testSetTimes(UnixUserGroupInformation ugi, Path path, |
---|
684 | short ancestorPermission, short parentPermission, short filePermission) |
---|
685 | throws Exception { |
---|
686 | timesVerifier.set(path, ancestorPermission, parentPermission, |
---|
687 | filePermission); |
---|
688 | timesVerifier.verifyPermission(ugi); |
---|
689 | } |
---|
690 | |
---|
691 | /* A class that verifies the permission checking is correct for isDirectory, |
---|
692 | * exist, getFileInfo, getContentSummary */ |
---|
693 | private class StatsPermissionVerifier extends PermissionVerifier { |
---|
694 | OpType opType; |
---|
695 | |
---|
696 | /* initialize */ |
---|
697 | void set(Path path, OpType opType, short ancestorPermission, |
---|
698 | short parentPermission) { |
---|
699 | super.set(path, ancestorPermission, parentPermission, NULL_MASK); |
---|
700 | setOpType(opType); |
---|
701 | } |
---|
702 | |
---|
703 | /* set if operation is getFileInfo, isDirectory, exist, getContenSummary */ |
---|
704 | void setOpType(OpType opType) { |
---|
705 | this.opType = opType; |
---|
706 | } |
---|
707 | |
---|
708 | @Override |
---|
709 | void setOpPermission() { |
---|
710 | this.opParentPermission = SEARCH_MASK; |
---|
711 | } |
---|
712 | |
---|
713 | @Override |
---|
714 | void call() throws IOException { |
---|
715 | switch (opType) { |
---|
716 | case GET_FILEINFO: |
---|
717 | fs.getFileStatus(path); |
---|
718 | break; |
---|
719 | case IS_DIR: |
---|
720 | fs.isDirectory(path); |
---|
721 | break; |
---|
722 | case EXISTS: |
---|
723 | fs.exists(path); |
---|
724 | break; |
---|
725 | case GET_CONTENT_LENGTH: |
---|
726 | fs.getContentSummary(path).getLength(); |
---|
727 | break; |
---|
728 | default: |
---|
729 | throw new IllegalArgumentException("Unexpected operation type: " |
---|
730 | + opType); |
---|
731 | } |
---|
732 | } |
---|
733 | } |
---|
734 | |
---|
735 | private StatsPermissionVerifier statsVerifier = new StatsPermissionVerifier(); |
---|
736 | /* test if the permission checking of isDirectory, exist, |
---|
737 | * getFileInfo, getContentSummary is correct */ |
---|
738 | private void testStats(UnixUserGroupInformation ugi, Path path, |
---|
739 | short ancestorPermission, short parentPermission) throws Exception { |
---|
740 | statsVerifier.set(path, OpType.GET_FILEINFO, ancestorPermission, |
---|
741 | parentPermission); |
---|
742 | statsVerifier.verifyPermission(ugi); |
---|
743 | statsVerifier.setOpType(OpType.IS_DIR); |
---|
744 | statsVerifier.verifyPermission(ugi); |
---|
745 | statsVerifier.setOpType(OpType.EXISTS); |
---|
746 | statsVerifier.verifyPermission(ugi); |
---|
747 | statsVerifier.setOpType(OpType.GET_CONTENT_LENGTH); |
---|
748 | statsVerifier.verifyPermission(ugi); |
---|
749 | } |
---|
750 | |
---|
751 | private enum InodeType { |
---|
752 | FILE, DIR |
---|
753 | }; |
---|
754 | |
---|
755 | /* A class that verifies the permission checking is correct for list */ |
---|
756 | private class ListPermissionVerifier extends PermissionVerifier { |
---|
757 | private InodeType inodeType; |
---|
758 | |
---|
759 | /* initialize */ |
---|
760 | void set(Path path, InodeType inodeType, short ancestorPermission, |
---|
761 | short parentPermission, short permission) { |
---|
762 | this.inodeType = inodeType; |
---|
763 | super.set(path, ancestorPermission, parentPermission, permission); |
---|
764 | } |
---|
765 | |
---|
766 | /* set if the given path is a file/directory */ |
---|
767 | void setInodeType(Path path, InodeType inodeType) { |
---|
768 | this.path = path; |
---|
769 | this.inodeType = inodeType; |
---|
770 | setOpPermission(); |
---|
771 | this.ugi = null; |
---|
772 | } |
---|
773 | |
---|
774 | @Override |
---|
775 | void setOpPermission() { |
---|
776 | this.opParentPermission = SEARCH_MASK; |
---|
777 | switch (inodeType) { |
---|
778 | case FILE: |
---|
779 | this.opPermission = 0; |
---|
780 | break; |
---|
781 | case DIR: |
---|
782 | this.opPermission = READ_MASK | SEARCH_MASK; |
---|
783 | break; |
---|
784 | default: |
---|
785 | throw new IllegalArgumentException("Illegal inode type: " + inodeType); |
---|
786 | } |
---|
787 | } |
---|
788 | |
---|
789 | @Override |
---|
790 | void call() throws IOException { |
---|
791 | fs.listStatus(path); |
---|
792 | } |
---|
793 | } |
---|
794 | |
---|
795 | ListPermissionVerifier listVerifier = new ListPermissionVerifier(); |
---|
796 | /* test if the permission checking of list is correct */ |
---|
797 | private void testList(UnixUserGroupInformation ugi, Path file, Path dir, |
---|
798 | short ancestorPermission, short parentPermission, short filePermission) |
---|
799 | throws Exception { |
---|
800 | listVerifier.set(file, InodeType.FILE, ancestorPermission, |
---|
801 | parentPermission, filePermission); |
---|
802 | listVerifier.verifyPermission(ugi); |
---|
803 | listVerifier.setInodeType(dir, InodeType.DIR); |
---|
804 | listVerifier.verifyPermission(ugi); |
---|
805 | } |
---|
806 | |
---|
807 | /* A class that verifies the permission checking is correct for rename */ |
---|
808 | private class RenamePermissionVerifier extends PermissionVerifier { |
---|
809 | private Path dst; |
---|
810 | private short dstAncestorPermission; |
---|
811 | private short dstParentPermission; |
---|
812 | |
---|
813 | /* initialize */ |
---|
814 | void set(Path src, short srcAncestorPermission, short srcParentPermission, |
---|
815 | Path dst, short dstAncestorPermission, short dstParentPermission) { |
---|
816 | super.set(src, srcAncestorPermission, srcParentPermission, NULL_MASK); |
---|
817 | this.dst = dst; |
---|
818 | this.dstAncestorPermission = dstAncestorPermission; |
---|
819 | this.dstParentPermission = dstParentPermission; |
---|
820 | } |
---|
821 | |
---|
822 | @Override |
---|
823 | void setOpPermission() { |
---|
824 | opParentPermission = SEARCH_MASK | WRITE_MASK; |
---|
825 | } |
---|
826 | |
---|
827 | @Override |
---|
828 | void call() throws IOException { |
---|
829 | fs.rename(path, dst); |
---|
830 | } |
---|
831 | |
---|
832 | @Override |
---|
833 | protected boolean expectPermissionDeny() { |
---|
834 | return super.expectPermissionDeny() |
---|
835 | || (requiredParentPermission & dstParentPermission) != |
---|
836 | requiredParentPermission |
---|
837 | || (requiredAncestorPermission & dstAncestorPermission) != |
---|
838 | requiredAncestorPermission; |
---|
839 | } |
---|
840 | |
---|
841 | protected void logPermissions() { |
---|
842 | super.logPermissions(); |
---|
843 | LOG.info("dst ancestor permission: " |
---|
844 | + Integer.toOctalString(dstAncestorPermission)); |
---|
845 | LOG.info("dst parent permission: " |
---|
846 | + Integer.toOctalString(dstParentPermission)); |
---|
847 | } |
---|
848 | } |
---|
849 | |
---|
850 | RenamePermissionVerifier renameVerifier = new RenamePermissionVerifier(); |
---|
851 | /* test if the permission checking of rename is correct */ |
---|
852 | private void testRename(UnixUserGroupInformation ugi, Path src, Path dst, |
---|
853 | short srcAncestorPermission, short srcParentPermission, |
---|
854 | short dstAncestorPermission, short dstParentPermission) throws Exception { |
---|
855 | renameVerifier.set(src, srcAncestorPermission, srcParentPermission, dst, |
---|
856 | dstAncestorPermission, dstParentPermission); |
---|
857 | renameVerifier.verifyPermission(ugi); |
---|
858 | } |
---|
859 | |
---|
860 | /* A class that verifies the permission checking is correct for delete */ |
---|
861 | private class DeletePermissionVerifier extends PermissionVerifier { |
---|
862 | void set(Path path, short ancestorPermission, short parentPermission) { |
---|
863 | super.set(path, ancestorPermission, parentPermission, NULL_MASK); |
---|
864 | } |
---|
865 | |
---|
866 | @Override |
---|
867 | void setOpPermission() { |
---|
868 | this.opParentPermission = SEARCH_MASK | WRITE_MASK; |
---|
869 | } |
---|
870 | |
---|
871 | @Override |
---|
872 | void call() throws IOException { |
---|
873 | fs.delete(path, true); |
---|
874 | } |
---|
875 | } |
---|
876 | |
---|
877 | /* A class that verifies the permission checking is correct for |
---|
878 | * directory deletion */ |
---|
879 | private class DeleteDirPermissionVerifier extends DeletePermissionVerifier { |
---|
880 | private short[] childPermissions; |
---|
881 | |
---|
882 | /* initialize */ |
---|
883 | void set(Path path, short ancestorPermission, short parentPermission, |
---|
884 | short permission, short[] childPermissions) { |
---|
885 | set(path, ancestorPermission, parentPermission, permission); |
---|
886 | this.childPermissions = childPermissions; |
---|
887 | } |
---|
888 | |
---|
889 | @Override |
---|
890 | void setOpPermission() { |
---|
891 | this.opParentPermission = SEARCH_MASK | WRITE_MASK; |
---|
892 | this.opPermission = SEARCH_MASK | WRITE_MASK | READ_MASK; |
---|
893 | } |
---|
894 | |
---|
895 | @Override |
---|
896 | protected boolean expectPermissionDeny() { |
---|
897 | if (super.expectPermissionDeny()) { |
---|
898 | return true; |
---|
899 | } else { |
---|
900 | if (childPermissions != null) { |
---|
901 | for (short childPermission : childPermissions) { |
---|
902 | if ((requiredPermission & childPermission) != requiredPermission) { |
---|
903 | return true; |
---|
904 | } |
---|
905 | } |
---|
906 | } |
---|
907 | return false; |
---|
908 | } |
---|
909 | } |
---|
910 | } |
---|
911 | |
---|
912 | DeletePermissionVerifier fileDeletionVerifier = |
---|
913 | new DeletePermissionVerifier(); |
---|
914 | |
---|
915 | /* test if the permission checking of file deletion is correct */ |
---|
916 | private void testDeleteFile(UnixUserGroupInformation ugi, Path file, |
---|
917 | short ancestorPermission, short parentPermission) throws Exception { |
---|
918 | fileDeletionVerifier.set(file, ancestorPermission, parentPermission); |
---|
919 | fileDeletionVerifier.verifyPermission(ugi); |
---|
920 | } |
---|
921 | |
---|
922 | DeleteDirPermissionVerifier dirDeletionVerifier = |
---|
923 | new DeleteDirPermissionVerifier(); |
---|
924 | |
---|
925 | /* test if the permission checking of directory deletion is correct */ |
---|
926 | private void testDeleteDir(UnixUserGroupInformation ugi, Path path, |
---|
927 | short ancestorPermission, short parentPermission, short permission, |
---|
928 | short[] childPermissions) throws Exception { |
---|
929 | dirDeletionVerifier.set(path, ancestorPermission, parentPermission, |
---|
930 | permission, childPermissions); |
---|
931 | dirDeletionVerifier.verifyPermission(ugi); |
---|
932 | |
---|
933 | } |
---|
934 | |
---|
935 | /* log into dfs as the given user */ |
---|
936 | private void login(UnixUserGroupInformation ugi) throws IOException { |
---|
937 | if (fs != null) { |
---|
938 | fs.close(); |
---|
939 | } |
---|
940 | UnixUserGroupInformation.saveToConf(conf, |
---|
941 | UnixUserGroupInformation.UGI_PROPERTY_NAME, ugi); |
---|
942 | fs = FileSystem.get(conf); // login as ugi |
---|
943 | } |
---|
944 | |
---|
945 | /* test non-existent file */ |
---|
946 | private void checkNonExistentFile() { |
---|
947 | try { |
---|
948 | assertFalse(fs.exists(NON_EXISTENT_FILE)); |
---|
949 | } catch (IOException e) { |
---|
950 | checkNoPermissionDeny(e); |
---|
951 | } |
---|
952 | try { |
---|
953 | fs.open(NON_EXISTENT_FILE); |
---|
954 | } catch (IOException e) { |
---|
955 | checkNoPermissionDeny(e); |
---|
956 | } |
---|
957 | try { |
---|
958 | fs.setReplication(NON_EXISTENT_FILE, (short)4); |
---|
959 | } catch (IOException e) { |
---|
960 | checkNoPermissionDeny(e); |
---|
961 | } |
---|
962 | try { |
---|
963 | fs.getFileStatus(NON_EXISTENT_FILE); |
---|
964 | } catch (IOException e) { |
---|
965 | checkNoPermissionDeny(e); |
---|
966 | } |
---|
967 | try { |
---|
968 | fs.getContentSummary(NON_EXISTENT_FILE).getLength(); |
---|
969 | } catch (IOException e) { |
---|
970 | checkNoPermissionDeny(e); |
---|
971 | } |
---|
972 | try { |
---|
973 | fs.listStatus(NON_EXISTENT_FILE); |
---|
974 | } catch (IOException e) { |
---|
975 | checkNoPermissionDeny(e); |
---|
976 | } |
---|
977 | try { |
---|
978 | fs.delete(NON_EXISTENT_FILE, true); |
---|
979 | } catch (IOException e) { |
---|
980 | checkNoPermissionDeny(e); |
---|
981 | } |
---|
982 | try { |
---|
983 | fs.rename(NON_EXISTENT_FILE, new Path(NON_EXISTENT_FILE+".txt")); |
---|
984 | } catch (IOException e) { |
---|
985 | checkNoPermissionDeny(e); |
---|
986 | } |
---|
987 | } |
---|
988 | |
---|
989 | private void checkNoPermissionDeny(IOException e) { |
---|
990 | assertFalse(e instanceof AccessControlException); |
---|
991 | } |
---|
992 | } |
---|