This is an automated email from the ASF dual-hosted git repository. alexey pushed a commit to branch branch-1.15.x in repository https://gitbox.apache.org/repos/asf/kudu.git
commit dde28130c21d789c8490c86c4e2bfc2ad6039c7f Author: Alexey Serbin <ale...@apache.org> AuthorDate: Mon May 24 10:44:49 2021 -0700 [security] fix const-correctness of some ACL methods This patch fixes a few methods in simple_acl and server_base to be const-correct. This patch doesn't introduce any functional changes. Change-Id: I0052528865c877354d5fdfa2e069a6daf716336d Reviewed-on: http://gerrit.cloudera.org:8080/17496 Reviewed-by: Bankim Bhavsar <ban...@cloudera.com> Tested-by: Alexey Serbin <aser...@cloudera.com> (cherry picked from commit 68f0f1a1d1d9beaff60243b77b64f4b1b359702c) Reviewed-on: http://gerrit.cloudera.org:8080/17497 Tested-by: Kudu Jenkins --- src/kudu/security/simple_acl.cc | 5 ++--- src/kudu/security/simple_acl.h | 2 +- src/kudu/server/server_base.cc | 6 +++--- src/kudu/server/server_base.h | 6 +++--- 4 files changed, 9 insertions(+), 10 deletions(-) diff --git a/src/kudu/security/simple_acl.cc b/src/kudu/security/simple_acl.cc index 09cc6ab..9157bff 100644 --- a/src/kudu/security/simple_acl.cc +++ b/src/kudu/security/simple_acl.cc @@ -51,7 +51,6 @@ Status SimpleAcl::ParseFlag(const string& flag) { return Status::OK(); } - // Leave open the use of various special characters at the start of each // username. We reserve some special characters that might be useful in // ACLs: @@ -64,7 +63,7 @@ Status SimpleAcl::ParseFlag(const string& flag) { // '-', '+', '=': useful for allow/deny style ACLs // <quote characters>: in case we want to add quoted strings // whitespace: down right confusing - static const char* kReservedStartingCharacters = "!@#$%*-=+'\""; + static const char* const kReservedStartingCharacters = "!@#$%*-=+'\""; if (strchr(kReservedStartingCharacters, field[0]) || isspace(field[0])) { return Status::NotSupported("invalid username", field.ToString()); @@ -81,7 +80,7 @@ void SimpleAcl::Reset(set<string> users) { users_ = std::move(users); } -bool SimpleAcl::UserAllowed(const string& username) { +bool SimpleAcl::UserAllowed(const string& username) const { return ContainsKey(users_, "*") || ContainsKey(users_, username); } diff --git a/src/kudu/security/simple_acl.h b/src/kudu/security/simple_acl.h index e27a8ca..9216a1a 100644 --- a/src/kudu/security/simple_acl.h +++ b/src/kudu/security/simple_acl.h @@ -44,7 +44,7 @@ class SimpleAcl { // Return true if the given user is allowed by the ACL. // // Thread-safe after initialization. - bool UserAllowed(const std::string& username); + bool UserAllowed(const std::string& username) const; // Reset the ACL to the specific set of usernames. void Reset(std::set<std::string> users); diff --git a/src/kudu/server/server_base.cc b/src/kudu/server/server_base.cc index ec82d62..808faaf 100644 --- a/src/kudu/server/server_base.cc +++ b/src/kudu/server/server_base.cc @@ -696,15 +696,15 @@ void ServerBase::LogUnauthorizedAccess(rpc::RpcContext* rpc) const { << " from " << rpc->requestor_string(); } -bool ServerBase::IsFromSuperUser(const rpc::RpcContext* rpc) { +bool ServerBase::IsFromSuperUser(const rpc::RpcContext* rpc) const { return superuser_acl_.UserAllowed(rpc->remote_user().username()); } -bool ServerBase::IsServiceUserOrSuperUser(const string& user) { +bool ServerBase::IsServiceUserOrSuperUser(const string& user) const { return service_acl_.UserAllowed(user) || superuser_acl_.UserAllowed(user); } -bool ServerBase::Authorize(rpc::RpcContext* rpc, uint32_t allowed_roles) { +bool ServerBase::Authorize(rpc::RpcContext* rpc, uint32_t allowed_roles) const { if ((allowed_roles & SUPER_USER) && IsFromSuperUser(rpc)) { return true; } diff --git a/src/kudu/server/server_base.h b/src/kudu/server/server_base.h index 1fd2082..ce8b7c6 100644 --- a/src/kudu/server/server_base.h +++ b/src/kudu/server/server_base.h @@ -128,16 +128,16 @@ class ServerBase { }; // Returns whether or not the rpc is from a super-user. - bool IsFromSuperUser(const rpc::RpcContext* rpc); + bool IsFromSuperUser(const rpc::RpcContext* rpc) const; // Returns true if the given user is a service- or super-user. - bool IsServiceUserOrSuperUser(const std::string& user); + bool IsServiceUserOrSuperUser(const std::string& user) const; // Authorize an RPC. 'allowed_roles' is a bitset of which roles from the above // enum should be allowed to make hthe RPC. // // If authorization fails, return false and respond to the RPC. - bool Authorize(rpc::RpcContext* rpc, uint32_t allowed_roles); + bool Authorize(rpc::RpcContext* rpc, uint32_t allowed_roles) const; protected: ServerBase(std::string name, const ServerBaseOptions& options,