[HDDS-7750] Incorrect WRITE ACL check - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.4.0
Component/s: Ozone Manager
Labels:
- pull-request-available

Description

https://github.com/apache/ozone/blob/2ba8bb71f128ec619c5bed9b6303394e8677bf53/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/KeyManagerImpl.java#L1056

if (context.getAclRights() == IAccessAuthorizer.ACLType.WRITE) {
  keyInfo =
      metadataManager.getOpenKeyTable(bucketLayout).get(objectKey);
...

if (keyInfo == null) {
  // the key does not exist, but it is a parent "dir" of some key
  // let access be determined based on volume/bucket/prefix ACL
  LOG.debug("key:{} is non-existent parent, permit access to user:{}",
      keyName, context.getClientUgi());
  return true;
}

Using key name, instead of the open key name (which has client id as the suffix), the key is guaranteed to not be found, and thus keyInfo is always true for WRITE ACL type. Therefore, this ACL check will always pass. This looks undesirable.

cc: smeng

Attachments

Issue Links

links to

GitHub Pull Request #4992

GitHub Pull Request #5042

Activity

People

Assignee:: Aryan Gupta

Reporter:: Wei-Chiu Chuang

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 08/Jan/23 00:50

Updated:: 11/Jul/23 13:56

Resolved:: 11/Jul/23 13:55