/** * @return a QueryState object for internal C* calls (not limited by any kind of auth). */ public static QueryState forInternalCalls() { return new QueryState(ClientState.forInternalCalls()); }
public InetAddress getClientAddress() { return clientState.isInternal ? null : clientState.getRemoteAddress().getAddress(); } }
/** * @return a ClientState object for internal C* calls (not limited by any kind of auth). */ public static ClientState forInternalCalls() { return new ClientState(); }
InternalStateInstance() { ClientState state = ClientState.forInternalCalls(); state.setKeyspace(SchemaConstants.SYSTEM_KEYSPACE_NAME); this.queryState = new QueryState(state); } }
public void hasAllKeyspacesAccess(Permission perm) throws UnauthorizedException { if (isInternal) return; validateLogin(); ensureHasPermission(perm, DataResource.root()); }
public CqlPreparedResult prepare_cql3_query(ByteBuffer query, Compression compression) throws TException { logger.trace("prepare_cql3_query"); String queryString = uncompress(query, compression); ThriftClientState cState = state(); try { cState.validateLogin(); return ClientState.getCQLQueryHandler().prepare(queryString, cState.getQueryState(), null).toThriftPreparedResult(); } catch (RequestValidationException e) { throw ThriftConversion.toThrift(e); } }
public void validate(ClientState state) throws RequestValidationException { // validate login here before checkAccess to avoid leaking user existence to anonymous users. state.ensureNotAnonymous(); if (!ifExists && !DatabaseDescriptor.getRoleManager().isExistingRole(role)) throw new InvalidRequestException(String.format("%s doesn't exist", role.getRoleName())); AuthenticatedUser user = state.getUser(); if (user != null && user.getName().equals(role.getRoleName())) throw new InvalidRequestException("Cannot DROP primary role for current login"); }
public void validate(ClientState state) throws UnauthorizedException, InvalidRequestException { state.ensureNotAnonymous(); if ((grantee != null) && !DatabaseDescriptor.getRoleManager().isExistingRole(grantee)) throw new InvalidRequestException(String.format("%s doesn't exist", grantee)); }
public void checkAccess(ClientState state) throws UnauthorizedException { // check that the user has AUTHORIZE permission on the resource or its parents, otherwise reject GRANT/REVOKE. state.ensureHasPermission(Permission.AUTHORIZE, resource); // check that the user has [a single permission or all in case of ALL] on the resource or its parents. for (Permission p : permissions) state.ensureHasPermission(p, resource); } }
public void checkAccess(ClientState state) throws UnauthorizedException { state.ensureIsSuper("Only superusers are allowed to perform CREATE TRIGGER queries"); }
logger.info("Thrift API version: {}", cassandraConstants.VERSION); logger.info("CQL supported versions: {} (default: {})", StringUtils.join(ClientState.getCQLSupportedVersion(), ", "), ClientState.DEFAULT_CQL_VERSION); logger.info("Native protocol supported versions: {} (default: {})", StringUtils.join(ProtocolVersion.supportedVersions(), ", "), ProtocolVersion.CURRENT);
public ServerConnection(Channel channel, ProtocolVersion version, Connection.Tracker tracker) { super(channel, version, tracker); this.clientState = ClientState.forExternalCalls(channel.remoteAddress()); this.state = State.UNINITIALIZED; }
private void checkPermissionOnResourceChain(Permission perm, IResource resource) { for (IResource r : Resources.chain(resource)) if (authorize(r).contains(perm)) return; throw new UnauthorizedException(String.format("User %s has no %s permission on %s or any of its parents", user.getName(), perm, resource)); }
public void hasAllKeyspacesAccess(Permission perm) throws UnauthorizedException { if (isInternal) return; validateLogin(); ensureHasPermission(perm, DataResource.root()); }
InternalStateInstance() { ClientState state = ClientState.forInternalCalls(); state.setKeyspace(SchemaConstants.SYSTEM_KEYSPACE_NAME); this.queryState = new QueryState(state); } }
public CqlPreparedResult prepare_cql3_query(ByteBuffer query, Compression compression) throws TException { logger.trace("prepare_cql3_query"); String queryString = uncompress(query, compression); ThriftClientState cState = state(); try { cState.validateLogin(); return ClientState.getCQLQueryHandler().prepare(queryString, cState.getQueryState(), null).toThriftPreparedResult(); } catch (RequestValidationException e) { throw ThriftConversion.toThrift(e); } }
public void validate(ClientState state) throws RequestValidationException { // validate login here before checkAccess to avoid leaking user existence to anonymous users. state.ensureNotAnonymous(); if (!ifExists && !DatabaseDescriptor.getRoleManager().isExistingRole(role)) throw new InvalidRequestException(String.format("%s doesn't exist", role.getRoleName())); AuthenticatedUser user = state.getUser(); if (user != null && user.getName().equals(role.getRoleName())) throw new InvalidRequestException("Cannot DROP primary role for current login"); }
public void validate(ClientState state) throws UnauthorizedException, InvalidRequestException { state.ensureNotAnonymous(); if ((grantee != null) && !DatabaseDescriptor.getRoleManager().isExistingRole(grantee)) throw new InvalidRequestException(String.format("%s doesn't exist", grantee)); }
public void checkAccess(ClientState state) throws UnauthorizedException { // if a keyspace is omitted when GRANT/REVOKE ON TABLE <table>, we need to correct the resource. resource = maybeCorrectResource(resource, state); // check that the user has AUTHORIZE permission on the resource or its parents, otherwise reject GRANT/REVOKE. state.ensureHasPermission(Permission.AUTHORIZE, resource); // check that the user has [a single permission or all in case of ALL] on the resource or its parents. for (Permission p : permissions) state.ensureHasPermission(p, resource); } }
public void checkAccess(ClientState state) throws UnauthorizedException { state.ensureIsSuper("Only superusers are allowed to perform CREATE TRIGGER queries"); }