@SuppressFBWarnings(value = "PATH_TRAVERSAL_IN", justification = "code runs in same security context as user who provided input") private static void printUserConfiguration(AccumuloClient accumuloClient, String user, File outputDirectory) throws IOException, AccumuloException, AccumuloSecurityException { File userScript = new File(outputDirectory, user + USER_FILE_SUFFIX); FileWriter userWriter = new FileWriter(userScript); userWriter.write(createUserFormat.format(new String[] {user})); Authorizations auths = accumuloClient.securityOperations().getUserAuthorizations(user); userWriter.write(userAuthsFormat.format(new String[] {user, auths.toString()})); for (SystemPermission sp : SystemPermission.values()) { if (accumuloClient.securityOperations().hasSystemPermission(user, sp)) { userWriter.write(sysPermFormat.format(new String[] {sp.name(), user})); } } for (String namespace : accumuloClient.namespaceOperations().list()) { for (NamespacePermission np : NamespacePermission.values()) { if (accumuloClient.securityOperations().hasNamespacePermission(user, namespace, np)) { userWriter.write(nsPermFormat.format(new String[] {np.name(), namespace, user})); } } } for (String tableName : accumuloClient.tableOperations().list()) { for (TablePermission perm : TablePermission.values()) { if (accumuloClient.securityOperations().hasTablePermission(user, tableName, perm)) { userWriter.write(tablePermFormat.format(new String[] {perm.name(), tableName, user})); } } } userWriter.close(); }
for (NamespacePermission p : NamespacePermission.values()) { if (p != null && shellState.getAccumuloClient().securityOperations() .hasNamespacePermission(user, n, p)) { if (runOnce) { shellState.getReader().print("\nNamespace permissions (" + n + "): ");
private void changeNamespacePermission(Connector conn, Random rand, String userName, String namespace) throws AccumuloException, AccumuloSecurityException { EnumSet<NamespacePermission> perms = EnumSet.noneOf(NamespacePermission.class); for (NamespacePermission p : NamespacePermission.values()) { if (conn.securityOperations().hasNamespacePermission(userName, namespace, p)) perms.add(p); } EnumSet<NamespacePermission> more = EnumSet.allOf(NamespacePermission.class); more.removeAll(perms); if (rand.nextBoolean() && more.size() > 0) { List<NamespacePermission> moreList = new ArrayList<>(more); NamespacePermission choice = moreList.get(rand.nextInt(moreList.size())); log.debug("adding permission " + choice); conn.securityOperations().grantNamespacePermission(userName, namespace, choice); } else { if (perms.size() > 0) { List<NamespacePermission> permList = new ArrayList<>(perms); NamespacePermission choice = permList.get(rand.nextInt(permList.size())); log.debug("removing permission " + choice); conn.securityOperations().revokeNamespacePermission(userName, namespace, choice); } } } }
private boolean checkAccess(final Connector connector, final String user, final String table) { try { if (!connector.securityOperations().hasTablePermission(user, table, TablePermission.READ) && !connector.securityOperations().hasNamespacePermission(user, table, NamespacePermission.READ)) { return false; } } catch (final AccumuloException | AccumuloSecurityException e) { return false; } return true; }
} else if (dice == 2) { log.debug("Checking namespace permission " + userName + " " + namespace); conn.securityOperations().hasNamespacePermission(userName, namespace, NamespacePermission.values()[rand.nextInt(NamespacePermission.values().length)]);
private static void printUserConfiguration(Connector connector, String user, File outputDirectory) throws IOException, AccumuloException, AccumuloSecurityException { File userScript = new File(outputDirectory, user + USER_FILE_SUFFIX); FileWriter userWriter = new FileWriter(userScript); userWriter.write(createUserFormat.format(new String[] {user})); Authorizations auths = connector.securityOperations().getUserAuthorizations(user); userWriter.write(userAuthsFormat.format(new String[] {user, auths.toString()})); for (SystemPermission sp : SystemPermission.values()) { if (connector.securityOperations().hasSystemPermission(user, sp)) { userWriter.write(sysPermFormat.format(new String[] {sp.name(), user})); } } for (String namespace : connector.namespaceOperations().list()) { for (NamespacePermission np : NamespacePermission.values()) { if (connector.securityOperations().hasNamespacePermission(user, namespace, np)) { userWriter.write(nsPermFormat.format(new String[] {np.name(), namespace, user})); } } } for (String tableName : connector.tableOperations().list()) { for (TablePermission perm : TablePermission.values()) { if (connector.securityOperations().hasTablePermission(user, tableName, perm)) { userWriter.write(tablePermFormat.format(new String[] {perm.name(), tableName, user})); } } } userWriter.close(); }
@Override public boolean hasNamespacePermission(ByteBuffer login, String user, String namespaceName, org.apache.accumulo.proxy.thrift.NamespacePermission perm) throws org.apache.accumulo.proxy.thrift.AccumuloException, org.apache.accumulo.proxy.thrift.AccumuloSecurityException, TException { try { return getConnector(login).securityOperations().hasNamespacePermission(user, namespaceName, NamespacePermission.getPermissionById((byte) perm.getValue())); } catch (Exception e) { handleException(e); return false; } }
for (String next : namespaces) { for (NamespacePermission nextPerm : allNamespacePerms) { if (ops.hasNamespacePermission(userName, next, nextPerm)) { namespacePermissions.add(new datawave.webservice.response.objects.NamespacePermission(next, nextPerm.name()));
assertTrue(c.securityOperations().hasNamespacePermission(c.whoami(), namespace, NamespacePermission.READ)); c.securityOperations().revokeNamespacePermission(c.whoami(), namespace, NamespacePermission.READ); assertFalse(c.securityOperations().hasNamespacePermission(c.whoami(), namespace, NamespacePermission.READ)); c.securityOperations().grantNamespacePermission(c.whoami(), namespace, NamespacePermission.READ); assertTrue(c.securityOperations().hasNamespacePermission(c.whoami(), namespace, NamespacePermission.READ)); c.securityOperations().hasNamespacePermission(c.whoami(), namespace, NamespacePermission.READ); fail();
for (NamespacePermission p : NamespacePermission.values()) { if (p != null && shellState.getConnector().securityOperations().hasNamespacePermission(user, n, p)) { if (runOnce) { shellState.getReader().print("\nNamespace permissions (" + n + "): ");