[jira] [Commented] (HDDS-7750) Incorrect WRITE ACL check

Wed, 28 Jun 2023 12:05:05 -0700 


    [ 
https://issues.apache.org/jira/browse/HDDS-7750?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17738252#comment-17738252
 ] 

Aryan Gupta commented on HDDS-7750:
-----------------------------------

Here for the function checkAccess() of keyManagerImpl.java the call will come 
via "checkKeyAclsInOpenKeyTable(OzoneManager ozoneManager, String volume, 
String bucket, String key, IAccessAuthorizer.ACLType aclType, long clientId)" 
in case of WRITE ACL which in turn concats the key with client Id making it an 
open key name and then passes this key to checkKeyAcls() from where finally 
call comes to checkAccess() of keyManagerImpl.java. Hence, the objectKey 
mentioned in the description will have client Id as a suffix in case of WRITE 
ACL so it will be able to find the key in the open key table, hence keyInfo 
willn't be null.

> Incorrect WRITE ACL check
> -------------------------
>
>                 Key: HDDS-7750
>                 URL: https://issues.apache.org/jira/browse/HDDS-7750
>             Project: Apache Ozone
>          Issue Type: Sub-task
>          Components: Ozone Manager
>            Reporter: Wei-Chiu Chuang
>            Assignee: Aryan Gupta
>            Priority: Major
>              Labels: pull-request-available
>
> [https://github.com/apache/ozone/blob/2ba8bb71f128ec619c5bed9b6303394e8677bf53/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/KeyManagerImpl.java#L1056]
>  
> {code:java}
> if (context.getAclRights() == IAccessAuthorizer.ACLType.WRITE) {
>   keyInfo =
>       metadataManager.getOpenKeyTable(bucketLayout).get(objectKey);
> ...
> if (keyInfo == null) {
>   // the key does not exist, but it is a parent "dir" of some key
>   // let access be determined based on volume/bucket/prefix ACL
>   LOG.debug("key:{} is non-existent parent, permit access to user:{}",
>       keyName, context.getClientUgi());
>   return true;
> } {code}
> Using key name, instead of the open key name (which has client id as the 
> suffix), the key is guaranteed to not be found, and thus keyInfo is always 
> true for WRITE ACL type. Therefore, this ACL check will always pass. This 
> looks undesirable.
>  
> cc: [~smeng] 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to