void logAuditEvent(boolean succeeded, String cmd, String src) throws IOException { logAuditEvent(succeeded, cmd, src, null, null); }
@Override // RefreshAuthorizationPolicyProtocol public void refreshSuperUserGroupsConfiguration() throws IOException { LOG.info("Refreshing SuperUser proxy group mapping list "); ProxyUsers.refreshSuperUserGroupsConfiguration(); namesystem.logAuditEvent(true, "refreshSuperUserGroupsConfiguration", null); }
void checkSuperuserPrivilege(String operationName) throws IOException { try { checkSuperuserPrivilege(); } catch (AccessControlException ace) { logAuditEvent(false, operationName, null); throw ace; } }
@Override // RefreshCallQueueProtocol public void refreshCallQueue() throws IOException { LOG.info("Refreshing call queue."); Configuration conf = new Configuration(); clientRpcServer.refreshCallQueue(conf); if (this.serviceRpcServer != null) { serviceRpcServer.refreshCallQueue(conf); } namesystem.logAuditEvent(true, "refreshCallQueue", null); }
@Override // RefreshAuthorizationPolicyProtocol public void refreshUserToGroupsMappings() throws IOException { LOG.info("Refreshing all user-to-groups mappings. Requested by user: " + getRemoteUser().getShortUserName()); Groups.getUserToGroupsMappingService().refresh(); namesystem.logAuditEvent(true, "refreshUserToGroupsMappings", null); }
/** * Log fsck event in the audit log */ void logFsckEvent(String src, InetAddress remoteAddress) throws IOException { if (isAuditEnabled()) { logAuditEvent(true, getRemoteUser(), remoteAddress, "fsck", src, null, null); } }
@Override // ReconfigurationProtocol public List<String> listReconfigurableProperties() throws IOException { checkNNStartup(); String operationName = "listNamenodeReconfigurableProperties"; namesystem.checkSuperuserPrivilege(operationName); List<String> result = Lists.newArrayList(nn.getReconfigurableProperties()); namesystem.logAuditEvent(true, operationName, null); return result; }
@Override // ReconfigurationProtocol public ReconfigurationTaskStatus getReconfigurationStatus() throws IOException { checkNNStartup(); String operationName = "getNamenodeReconfigurationStatus"; namesystem.checkSuperuserPrivilege(operationName); ReconfigurationTaskStatus status = nn.getReconfigurationTaskStatus(); namesystem.logAuditEvent(true, operationName, null); return status; }
@Override // ReconfigurationProtocol public void startReconfiguration() throws IOException { checkNNStartup(); String operationName = "startNamenodeReconfiguration"; namesystem.checkSuperuserPrivilege(operationName); nn.startReconfigurationTask(); namesystem.logAuditEvent(true, operationName, null); }
@Override // RefreshAuthorizationPolicyProtocol public void refreshServiceAcl() throws IOException { checkNNStartup(); if (!serviceAuthEnabled) { throw new AuthorizationException("Service Level Authorization not enabled!"); } this.clientRpcServer.refreshServiceAcl(new Configuration(), new HDFSPolicyProvider()); if (this.serviceRpcServer != null) { this.serviceRpcServer.refreshServiceAcl(new Configuration(), new HDFSPolicyProvider()); } namesystem.logAuditEvent(true, "refreshServiceAcl", null); }
List<XAttr> listXAttrs(String src) throws IOException { final String operationName = "listXAttrs"; checkOperation(OperationCategory.READ); List<XAttr> fsXattrs; final FSPermissionChecker pc = getPermissionChecker(); readLock(); try { checkOperation(OperationCategory.READ); fsXattrs = FSDirXAttrOp.listXAttrs(dir, pc, src); } catch (AccessControlException e) { logAuditEvent(false, operationName, src); throw e; } finally { readUnlock(operationName); } logAuditEvent(true, operationName, src); return fsXattrs; }
AclStatus getAclStatus(String src) throws IOException { final String operationName = "getAclStatus"; checkOperation(OperationCategory.READ); final AclStatus ret; final FSPermissionChecker pc = getPermissionChecker(); readLock(); try { checkOperation(OperationCategory.READ); ret = FSDirAclOp.getAclStatus(dir, pc, src); } catch(AccessControlException ace) { logAuditEvent(false, operationName, src); throw ace; } finally { readUnlock(operationName); } logAuditEvent(true, operationName, src); return ret; }
private void logAuditEvent(boolean succeeded, String cmd, String src, String dst, FileStatus stat) throws IOException { if (isAuditEnabled() && isExternalInvocation()) { logAuditEvent(succeeded, Server.getRemoteUser(), Server.getRemoteIp(), cmd, src, dst, stat); } }
void reencryptEncryptionZone(final String zone, final ReencryptAction action, final boolean logRetryCache) throws IOException { boolean success = false; try { Preconditions.checkNotNull(zone, "zone is null."); checkOperation(OperationCategory.WRITE); final FSPermissionChecker pc = dir.getPermissionChecker(); checkSuperuserPrivilege(pc); checkNameNodeSafeMode("NameNode in safemode, cannot " + action + " re-encryption on zone " + zone); reencryptEncryptionZoneInt(pc, zone, action, logRetryCache); success = true; } finally { logAuditEvent(success, action + "reencryption", zone, null, null); } }
void setBalancerBandwidth(long bandwidth) throws IOException { String operationName = "setBalancerBandwidth"; checkOperation(OperationCategory.WRITE); checkSuperuserPrivilege(operationName); getBlockManager().getDatanodeManager().setBalancerBandwidth(bandwidth); logAuditEvent(true, operationName, null); }
void refreshNodes() throws IOException { String operationName = "refreshNodes"; checkOperation(OperationCategory.UNCHECKED); checkSuperuserPrivilege(operationName); getBlockManager().getDatanodeManager().refreshNodes(new HdfsConfiguration()); logAuditEvent(true, operationName, null); }
/** * Returns true if the file is closed */ boolean isFileClosed(final String src) throws IOException { final String operationName = "isFileClosed"; checkOperation(OperationCategory.READ); final FSPermissionChecker pc = getPermissionChecker(); readLock(); try { checkOperation(OperationCategory.READ); return FSDirStatAndListingOp.isFileClosed(dir, pc, src); } catch (AccessControlException e) { logAuditEvent(false, operationName, src); throw e; } finally { readUnlock(operationName); } }
DatanodeStorageReport[] getDatanodeStorageReport(final DatanodeReportType type ) throws IOException { String operationName = "getDatanodeStorageReport"; DatanodeStorageReport[] reports; checkSuperuserPrivilege(operationName); checkOperation(OperationCategory.UNCHECKED); readLock(); try { checkOperation(OperationCategory.UNCHECKED); final DatanodeManager dm = getBlockManager().getDatanodeManager(); reports = dm.getDatanodeStorageReport(type); } finally { readUnlock("getDatanodeStorageReport"); } logAuditEvent(true, operationName, null); return reports; }
/** Disallow snapshot on a directory. */ void disallowSnapshot(String path) throws IOException { checkOperation(OperationCategory.WRITE); final String operationName = "disallowSnapshot"; checkSuperuserPrivilege(operationName); boolean success = false; writeLock(); try { checkOperation(OperationCategory.WRITE); checkNameNodeSafeMode("Cannot disallow snapshot for " + path); FSDirSnapshotOp.disallowSnapshot(dir, snapshotManager, path); success = true; } finally { writeUnlock(operationName); } getEditLog().logSync(); logAuditEvent(success, operationName, path, null, null); }
void finalizeUpgrade() throws IOException { String operationName = "finalizeUpgrade"; checkSuperuserPrivilege(operationName); checkOperation(OperationCategory.UNCHECKED); cpLock(); // Block if a checkpointing is in progress on standby. writeLock(); try { checkOperation(OperationCategory.UNCHECKED); getFSImage().finalizeUpgrade(this.isHaEnabled() && inActiveState()); } finally { writeUnlock(operationName); cpUnlock(); } logAuditEvent(true, operationName, null); }