Repository: incubator-sentry Updated Branches: refs/heads/master 06688cee6 -> f1a2efac1
SENTRY-968: Uri check needs to be case sensitive (Li Li via Lenni Kuff) Change-Id: I60c0dddb0f0e47f7ea29be1e59ebcd506a486014 Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/f1a2efac Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/f1a2efac Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/f1a2efac Branch: refs/heads/master Commit: f1a2efac1d26d126e5cf0e395ef2c2b2d1751add Parents: 06688ce Author: Lenni Kuff <[email protected]> Authored: Fri Dec 18 17:32:47 2015 -0800 Committer: Lenni Kuff <[email protected]> Committed: Fri Dec 18 17:32:47 2015 -0800 ---------------------------------------------------------------------- .../sentry/policy/db/DBWildcardPrivilege.java | 4 ++-- .../sentry/tests/e2e/hive/TestOperations.java | 24 ++++++++++++++++++++ 2 files changed, 26 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f1a2efac/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DBWildcardPrivilege.java ---------------------------------------------------------------------- diff --git a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DBWildcardPrivilege.java b/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DBWildcardPrivilege.java index 939d9ec..eb7350e 100644 --- a/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DBWildcardPrivilege.java +++ b/sentry-policy/sentry-policy-db/src/main/java/org/apache/sentry/policy/db/DBWildcardPrivilege.java @@ -119,7 +119,7 @@ public class DBWildcardPrivilege implements Privilege { Preconditions.checkState(policyPart.getKey().equalsIgnoreCase(requestPart.getKey()), "Please report, this method should not be called with two different keys"); if(policyPart.getValue().equals(AccessConstants.ALL) || - policyPart.getValue().equalsIgnoreCase("ALL") || policyPart.equals(requestPart)) { + policyPart.getValue().equalsIgnoreCase("ALL")) { return true; } else if (!ProviderConstants.PRIVILEGE_NAME.equalsIgnoreCase(policyPart.getKey()) && AccessConstants.ALL.equalsIgnoreCase(requestPart.getValue())) { @@ -132,7 +132,7 @@ public class DBWildcardPrivilege implements Privilege { } else if(policyPart.getKey().equalsIgnoreCase(AuthorizableType.URI.name())) { return impliesURI(policyPart.getValue(), requestPart.getValue()); } - return false; + return policyPart.equals(requestPart); } @VisibleForTesting http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/f1a2efac/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java index 0c3910a..a0c9f4f 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java @@ -26,6 +26,7 @@ import java.sql.Statement; import java.util.HashMap; import java.util.Map; +import org.apache.hadoop.fs.Path; import org.apache.sentry.provider.file.PolicyFile; import static org.junit.Assert.assertTrue; import org.junit.Before; @@ -1044,4 +1045,27 @@ public class TestOperations extends AbstractTestWithStaticConfiguration { } + + @Test + public void testCaseSensitivity() throws Exception { + Statement statement = null; + Connection connection = null; + try { + createDb(ADMIN1, DB1); + Path extParentDir = dfs.assertCreateDir("/ABC/hhh"); + Path extTableDir = dfs.assertCreateDir("/abc/hhh"); + policyFile + .addPermissionsToRole("create_db1", privileges.get("create_db1")) + .addPermissionsToRole("all_uri", "server=server1->uri=" + extParentDir) + .addRolesToGroup(USERGROUP1, "create_db1", "all_uri"); + writePolicyFile(policyFile); + connection = context.createConnection(USER1_1); + statement = context.createStatement(connection); + assertSemanticException(statement, + "create external table " + DB1 + ".tb1(a int) location '" + extTableDir + "'"); + } finally { + if (statement != null) statement.close(); + if (connection != null) connection.close(); + } + } }
