Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Not A Bug
-
3.4.8, 3.4.10
-
None
-
None
Description
I set the acl to not be able to delete a node - but was able to delete regardless.
I am not familiar with the code, but a reply from Martin in the user@ mailing list seems to confirm the issue. I will paste his response below - sorry for the long listing.
Martin's reply are inline prefixed with: MG>
----------
From: joe smith <water4u99@yahoo.com.INVALID>
Sent: Tuesday, May 2, 2017 8:40 AM
To: user@zookeeper.apache.org
Subject: Acl block detete not working
Hi,
I'm using 3.4.10 and setting custom aol to block deletion of a znode. However, I'm able to delete the node even after I've set acl from cdrwa to cra.
Can anyone point out if I missed some step.
Thanks for the help
Here is the trace:
[zk: localhost:2181(CONNECTED) 0] ls /
[zookeeper]
[zk: localhost:2181(CONNECTED) 1] create /test "data"
Created /test
[zk: localhost:2181(CONNECTED) 2] ls /
[zookeeper, test]
[zk: localhost:2181(CONNECTED) 3] addauth myfqdn localhost
[zk: localhost:2181(CONNECTED) 4] setAcl /test myfqdn:localhost:cra
cZxid = 0x2
ctime = Tue May 02 08:28:42 EDT 2017
mZxid = 0x2
mtime = Tue May 02 08:28:42 EDT 2017
pZxid = 0x2
cversion = 0
dataVersion = 0
aclVersion = 1
ephemeralOwner = 0x0
dataLength = 4
numChildren = 0
MG>in SetAclCommand you can see the acl being parsed and acl being set by setAcl into zk object
List<ACL> acl = AclParser.parse(aclStr);
int version;
if (cl.hasOption("v"))
try {
Stat stat = zk.setACL(path, acl, version);
MG>later on in DeleteCommand there is no check for aforementioned acl parameter
public boolean exec() throws KeeperException, InterruptedException {
String path = args[1];
int version;
if (cl.hasOption("v")) { version = Integer.parseInt(cl.getOptionValue("v")); }
else
{ version = -1; }try
{ zk.delete(path, version); }catch(KeeperException.BadVersionException ex)
{ err.println(ex.getMessage()); }return false;
MG>as seen here the testCase works properly saving the Zookeeper object
LsCommand entity = new LsCommand();
entity.setZk(zk);
MG>but setACL does not save the zookeeper object anywhere but instead seems to discard zookeeper object with accompanying ACLs
MG>can you report this bug to Zookeeper?
https://issues.apache.org/jira/browse/ZOOKEEPER/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel
ZooKeeper - ASF JIRA - issues.apache.org<https://issues.apache.org/jira/browse/ZOOKEEPER/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel>
issues.apache.org
Apache ZooKeeper is a service for coordinating processes of distributed applications. Versions: Unreleased. Name Release date; Unreleased 3.2.3 : Unreleased 3.3.7
MG>Thanks Joe!
[zk: localhost:2181(CONNECTED) 5] getAcl /test
'myfqdn,'localhost
: cra
[zk: localhost:2181(CONNECTED) 6] get /testdata
cZxid = 0x2
ctime = Tue May 02 08:28:42 EDT 2017
mZxid = 0x2
mtime = Tue May 02 08:28:42 EDT 2017
pZxid = 0x2
cversion = 0
dataVersion = 0
aclVersion = 1
ephemeralOwner = 0x0
dataLength = 4
numChildren = 0
[zk: localhost:2181(CONNECTED) 7] set /test "testwrite"
Authentication is not valid : /test
[zk: localhost:2181(CONNECTED) 8] delete /test
[zk: localhost:2181(CONNECTED) 9] ls /
[zookeeper]
[zk: localhost:2181(CONNECTED) 10]
The auth provider imple is here: http://s000.tinyupload.com/?file_id=42827186839577179157
Attachments
Issue Links
- links to
