[kudu] branch master updated: [security] fix const-correctness of some ACL methods

alexey Mon, 24 May 2021 11:45:52 -0700

This is an automated email from the ASF dual-hosted git repository.

alexey pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git



The following commit(s) were added to refs/heads/master by this push:
     new 68f0f1a  [security] fix const-correctness of some ACL methods
68f0f1a is described below

commit 68f0f1a1d1d9beaff60243b77b64f4b1b359702c
Author: Alexey Serbin <ale...@apache.org>
AuthorDate: Mon May 24 10:44:49 2021 -0700

    [security] fix const-correctness of some ACL methods
    
    This patch fixes a few methods in simple_acl and server_base to be
    const-correct.
    
    This patch doesn't introduce any functional changes.
    
    Change-Id: I0052528865c877354d5fdfa2e069a6daf716336d
    Reviewed-on: http://gerrit.cloudera.org:8080/17496
    Reviewed-by: Bankim Bhavsar <ban...@cloudera.com>
    Tested-by: Alexey Serbin <aser...@cloudera.com>
---
 src/kudu/security/simple_acl.cc | 5 ++---
 src/kudu/security/simple_acl.h  | 2 +-
 src/kudu/server/server_base.cc  | 6 +++---
 src/kudu/server/server_base.h   | 6 +++---
 4 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/src/kudu/security/simple_acl.cc b/src/kudu/security/simple_acl.cc
index 09cc6ab..9157bff 100644
--- a/src/kudu/security/simple_acl.cc
+++ b/src/kudu/security/simple_acl.cc
@@ -51,7 +51,6 @@ Status SimpleAcl::ParseFlag(const string& flag) {
       return Status::OK();
     }
 
-
     // Leave open the use of various special characters at the start of each
     // username. We reserve some special characters that might be useful in
     // ACLs:
@@ -64,7 +63,7 @@ Status SimpleAcl::ParseFlag(const string& flag) {
     // '-', '+', '=': useful for allow/deny style ACLs
     // <quote characters>: in case we want to add quoted strings
     // whitespace: down right confusing
-    static const char* kReservedStartingCharacters = "!@#$%*-=+'\"";
+    static const char* const kReservedStartingCharacters = "!@#$%*-=+'\"";
     if (strchr(kReservedStartingCharacters, field[0]) ||
         isspace(field[0])) {
       return Status::NotSupported("invalid username", field.ToString());
@@ -81,7 +80,7 @@ void SimpleAcl::Reset(set<string> users) {
   users_ = std::move(users);
 }
 
-bool SimpleAcl::UserAllowed(const string& username) {
+bool SimpleAcl::UserAllowed(const string& username) const {
   return ContainsKey(users_, "*") || ContainsKey(users_, username);
 }
 
diff --git a/src/kudu/security/simple_acl.h b/src/kudu/security/simple_acl.h
index e27a8ca..9216a1a 100644
--- a/src/kudu/security/simple_acl.h
+++ b/src/kudu/security/simple_acl.h
@@ -44,7 +44,7 @@ class SimpleAcl {
   // Return true if the given user is allowed by the ACL.
   //
   // Thread-safe after initialization.
-  bool UserAllowed(const std::string& username);
+  bool UserAllowed(const std::string& username) const;
 
   // Reset the ACL to the specific set of usernames.
   void Reset(std::set<std::string> users);
diff --git a/src/kudu/server/server_base.cc b/src/kudu/server/server_base.cc
index ec82d62..808faaf 100644
--- a/src/kudu/server/server_base.cc
+++ b/src/kudu/server/server_base.cc
@@ -696,15 +696,15 @@ void ServerBase::LogUnauthorizedAccess(rpc::RpcContext* 
rpc) const {
                << " from " << rpc->requestor_string();
 }
 
-bool ServerBase::IsFromSuperUser(const rpc::RpcContext* rpc) {
+bool ServerBase::IsFromSuperUser(const rpc::RpcContext* rpc) const {
   return superuser_acl_.UserAllowed(rpc->remote_user().username());
 }
 
-bool ServerBase::IsServiceUserOrSuperUser(const string& user) {
+bool ServerBase::IsServiceUserOrSuperUser(const string& user) const {
   return service_acl_.UserAllowed(user) || superuser_acl_.UserAllowed(user);
 }
 
-bool ServerBase::Authorize(rpc::RpcContext* rpc, uint32_t allowed_roles) {
+bool ServerBase::Authorize(rpc::RpcContext* rpc, uint32_t allowed_roles) const 
{
   if ((allowed_roles & SUPER_USER) && IsFromSuperUser(rpc)) {
     return true;
   }
diff --git a/src/kudu/server/server_base.h b/src/kudu/server/server_base.h
index 1fd2082..ce8b7c6 100644
--- a/src/kudu/server/server_base.h
+++ b/src/kudu/server/server_base.h
@@ -128,16 +128,16 @@ class ServerBase {
   };
 
   // Returns whether or not the rpc is from a super-user.
-  bool IsFromSuperUser(const rpc::RpcContext* rpc);
+  bool IsFromSuperUser(const rpc::RpcContext* rpc) const;
 
   // Returns true if the given user is a service- or super-user.
-  bool IsServiceUserOrSuperUser(const std::string& user);
+  bool IsServiceUserOrSuperUser(const std::string& user) const;
 
   // Authorize an RPC. 'allowed_roles' is a bitset of which roles from the 
above
   // enum should be allowed to make hthe RPC.
   //
   // If authorization fails, return false and respond to the RPC.
-  bool Authorize(rpc::RpcContext* rpc, uint32_t allowed_roles);
+  bool Authorize(rpc::RpcContext* rpc, uint32_t allowed_roles) const;
 
  protected:
   ServerBase(std::string name, const ServerBaseOptions& options,

[kudu] branch master updated: [security] fix const-correctness of some ACL methods

Reply via email to