sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lsk...@apache.org
Subject incubator-sentry git commit: SENTRY-968: Uri check needs to be case sensitive (Li Li via Lenni Kuff)
Date Sat, 19 Dec 2015 01:33:38 GMT
Repository: incubator-sentry
Updated Branches:
  refs/heads/master 06688cee6 -> f1a2efac1


SENTRY-968: Uri check needs to be case sensitive (Li Li via Lenni Kuff)

Change-Id: I60c0dddb0f0e47f7ea29be1e59ebcd506a486014


Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/f1a2efac
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/f1a2efac
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/f1a2efac

Branch: refs/heads/master
Commit: f1a2efac1d26d126e5cf0e395ef2c2b2d1751add
Parents: 06688ce
Author: Lenni Kuff <lskuff@cloudera.com>
Authored: Fri Dec 18 17:32:47 2015 -0800
Committer: Lenni Kuff <lskuff@cloudera.com>
Committed: Fri Dec 18 17:32:47 2015 -0800

----------------------------------------------------------------------
 .../sentry/policy/db/DBWildcardPrivilege.java   |  4 ++--
 .../sentry/tests/e2e/hive/TestOperations.java   | 24 ++++++++++++++++++++
 2 files changed, 26 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f1a2efac/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DBWildcardPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DBWildcardPrivilege.java
b/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DBWildcardPrivilege.java
index 939d9ec..eb7350e 100644
--- a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DBWildcardPrivilege.java
+++ b/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DBWildcardPrivilege.java
@@ -119,7 +119,7 @@ public class DBWildcardPrivilege implements Privilege {
     Preconditions.checkState(policyPart.getKey().equalsIgnoreCase(requestPart.getKey()),
         "Please report, this method should not be called with two different keys");
     if(policyPart.getValue().equals(AccessConstants.ALL) ||
-        policyPart.getValue().equalsIgnoreCase("ALL") || policyPart.equals(requestPart))
{
+        policyPart.getValue().equalsIgnoreCase("ALL")) {
       return true;
     } else if (!ProviderConstants.PRIVILEGE_NAME.equalsIgnoreCase(policyPart.getKey())
         && AccessConstants.ALL.equalsIgnoreCase(requestPart.getValue())) {
@@ -132,7 +132,7 @@ public class DBWildcardPrivilege implements Privilege {
     } else if(policyPart.getKey().equalsIgnoreCase(AuthorizableType.URI.name())) {
       return impliesURI(policyPart.getValue(), requestPart.getValue());
     }
-    return false;
+    return policyPart.equals(requestPart);
   }
 
   @VisibleForTesting

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f1a2efac/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java
b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java
index 0c3910a..a0c9f4f 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java
@@ -26,6 +26,7 @@ import java.sql.Statement;
 import java.util.HashMap;
 import java.util.Map;
 
+import org.apache.hadoop.fs.Path;
 import org.apache.sentry.provider.file.PolicyFile;
 import static org.junit.Assert.assertTrue;
 import org.junit.Before;
@@ -1044,4 +1045,27 @@ public class TestOperations extends AbstractTestWithStaticConfiguration
{
 
 
   }
+
+  @Test
+  public void testCaseSensitivity() throws Exception {
+    Statement statement = null;
+    Connection connection = null;
+    try {
+      createDb(ADMIN1, DB1);
+      Path extParentDir = dfs.assertCreateDir("/ABC/hhh");
+      Path extTableDir = dfs.assertCreateDir("/abc/hhh");
+      policyFile
+          .addPermissionsToRole("create_db1", privileges.get("create_db1"))
+          .addPermissionsToRole("all_uri", "server=server1->uri=" + extParentDir)
+          .addRolesToGroup(USERGROUP1, "create_db1", "all_uri");
+      writePolicyFile(policyFile);
+      connection = context.createConnection(USER1_1);
+      statement = context.createStatement(connection);
+      assertSemanticException(statement,
+          "create external table " + DB1 + ".tb1(a int) location '" + extTableDir + "'");
+    } finally {
+      if (statement != null) statement.close();
+      if (connection != null) connection.close();
+    }
+  }
 }


Mime
View raw message