|
|
@@ -203,6 +203,25 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|
|
}
|
|
|
};
|
|
|
|
|
|
+ private HdfsFileStatus getAuditFileInfo(String path, boolean resolveSymlink)
|
|
|
+ throws IOException {
|
|
|
+ return (auditLog.isInfoEnabled() && isExternalInvocation())
|
|
|
+ ? dir.getFileInfo(path, resolveSymlink) : null;
|
|
|
+ }
|
|
|
+
|
|
|
+ private static void logAuditEvent(String cmd, String src)
|
|
|
+ throws IOException {
|
|
|
+ logAuditEvent(cmd, src, null, null);
|
|
|
+ }
|
|
|
+
|
|
|
+ private static void logAuditEvent(String cmd, String src,
|
|
|
+ String dst, HdfsFileStatus stat) throws IOException {
|
|
|
+ if (auditLog.isInfoEnabled() && isExternalInvocation()) {
|
|
|
+ logAuditEvent(getRemoteUser(), Server.getRemoteIp(),
|
|
|
+ cmd, src, dst, stat);
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
private static final void logAuditEvent(UserGroupInformation ugi,
|
|
|
InetAddress addr, String cmd, String src, String dst,
|
|
|
HdfsFileStatus stat) {
|
|
|
@@ -638,18 +657,12 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|
|
}
|
|
|
checkOwner(pc, src);
|
|
|
dir.setPermission(src, permission);
|
|
|
- if (auditLog.isInfoEnabled() && isExternalInvocation()) {
|
|
|
- resultingStat = dir.getFileInfo(src, false);
|
|
|
- }
|
|
|
+ resultingStat = getAuditFileInfo(src, false);
|
|
|
} finally {
|
|
|
writeUnlock();
|
|
|
}
|
|
|
getEditLog().logSync();
|
|
|
- if (auditLog.isInfoEnabled() && isExternalInvocation()) {
|
|
|
- logAuditEvent(UserGroupInformation.getCurrentUser(),
|
|
|
- Server.getRemoteIp(),
|
|
|
- "setPermission", src, null, resultingStat);
|
|
|
- }
|
|
|
+ logAuditEvent("setPermission", src, null, resultingStat);
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
@@ -676,18 +689,12 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|
|
}
|
|
|
}
|
|
|
dir.setOwner(src, username, group);
|
|
|
- if (auditLog.isInfoEnabled() && isExternalInvocation()) {
|
|
|
- resultingStat = dir.getFileInfo(src, false);
|
|
|
- }
|
|
|
+ resultingStat = getAuditFileInfo(src, false);
|
|
|
} finally {
|
|
|
writeUnlock();
|
|
|
}
|
|
|
getEditLog().logSync();
|
|
|
- if (auditLog.isInfoEnabled() && isExternalInvocation()) {
|
|
|
- logAuditEvent(UserGroupInformation.getCurrentUser(),
|
|
|
- Server.getRemoteIp(),
|
|
|
- "setOwner", src, null, resultingStat);
|
|
|
- }
|
|
|
+ logAuditEvent("setOwner", src, null, resultingStat);
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
@@ -728,11 +735,7 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|
|
}
|
|
|
final LocatedBlocks ret = getBlockLocationsUpdateTimes(src,
|
|
|
offset, length, doAccessTime, needBlockToken);
|
|
|
- if (auditLog.isInfoEnabled() && isExternalInvocation()) {
|
|
|
- logAuditEvent(UserGroupInformation.getCurrentUser(),
|
|
|
- Server.getRemoteIp(),
|
|
|
- "open", src, null, null);
|
|
|
- }
|
|
|
+ logAuditEvent("open", src);
|
|
|
return ret;
|
|
|
}
|
|
|
|
|
|
@@ -832,18 +835,12 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|
|
throw new SafeModeException("Cannot concat " + target, safeMode);
|
|
|
}
|
|
|
concatInternal(pc, target, srcs);
|
|
|
- if (auditLog.isInfoEnabled() && isExternalInvocation()) {
|
|
|
- resultingStat = dir.getFileInfo(target, false);
|
|
|
- }
|
|
|
+ resultingStat = getAuditFileInfo(target, false);
|
|
|
} finally {
|
|
|
writeUnlock();
|
|
|
}
|
|
|
getEditLog().logSync();
|
|
|
- if (auditLog.isInfoEnabled() && isExternalInvocation()) {
|
|
|
- logAuditEvent(UserGroupInformation.getLoginUser(),
|
|
|
- Server.getRemoteIp(),
|
|
|
- "concat", Arrays.toString(srcs), target, resultingStat);
|
|
|
- }
|
|
|
+ logAuditEvent("concat", Arrays.toString(srcs), target, resultingStat);
|
|
|
}
|
|
|
|
|
|
/** See {@link #concat(String, String[])} */
|
|
|
@@ -957,6 +954,7 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|
|
throw new IOException("Access time for hdfs is not configured. " +
|
|
|
" Please set " + DFS_NAMENODE_ACCESSTIME_PRECISION_KEY + " configuration parameter.");
|
|
|
}
|
|
|
+ HdfsFileStatus resultingStat = null;
|
|
|
FSPermissionChecker pc = getPermissionChecker();
|
|
|
writeLock();
|
|
|
try {
|
|
|
@@ -967,18 +965,14 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|
|
INode inode = dir.getINode(src);
|
|
|
if (inode != null) {
|
|
|
dir.setTimes(src, inode, mtime, atime, true);
|
|
|
- if (auditLog.isInfoEnabled() && isExternalInvocation()) {
|
|
|
- final HdfsFileStatus stat = dir.getFileInfo(src, false);
|
|
|
- logAuditEvent(UserGroupInformation.getCurrentUser(),
|
|
|
- Server.getRemoteIp(),
|
|
|
- "setTimes", src, null, stat);
|
|
|
- }
|
|
|
+ resultingStat = getAuditFileInfo(src, false);
|
|
|
} else {
|
|
|
throw new FileNotFoundException("File/Directory " + src + " does not exist.");
|
|
|
}
|
|
|
} finally {
|
|
|
writeUnlock();
|
|
|
}
|
|
|
+ logAuditEvent("setTimes", src, null, resultingStat);
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
@@ -995,18 +989,12 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|
|
verifyParentDir(link);
|
|
|
}
|
|
|
createSymlinkInternal(pc, target, link, dirPerms, createParent);
|
|
|
- if (auditLog.isInfoEnabled() && isExternalInvocation()) {
|
|
|
- resultingStat = dir.getFileInfo(link, false);
|
|
|
- }
|
|
|
+ resultingStat = getAuditFileInfo(link, false);
|
|
|
} finally {
|
|
|
writeUnlock();
|
|
|
}
|
|
|
getEditLog().logSync();
|
|
|
- if (auditLog.isInfoEnabled() && isExternalInvocation()) {
|
|
|
- logAuditEvent(UserGroupInformation.getCurrentUser(),
|
|
|
- Server.getRemoteIp(),
|
|
|
- "createSymlink", link, target, resultingStat);
|
|
|
- }
|
|
|
+ logAuditEvent("createSymlink", link, target, resultingStat);
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
@@ -1078,10 +1066,8 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|
|
}
|
|
|
|
|
|
getEditLog().logSync();
|
|
|
- if (isFile && auditLog.isInfoEnabled() && isExternalInvocation()) {
|
|
|
- logAuditEvent(UserGroupInformation.getCurrentUser(),
|
|
|
- Server.getRemoteIp(),
|
|
|
- "setReplication", src, null, null);
|
|
|
+ if (isFile) {
|
|
|
+ logAuditEvent("setReplication", src);
|
|
|
}
|
|
|
return isFile;
|
|
|
}
|
|
|
@@ -1131,23 +1117,20 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|
|
short replication, long blockSize) throws AccessControlException,
|
|
|
SafeModeException, FileAlreadyExistsException, UnresolvedLinkException,
|
|
|
FileNotFoundException, ParentNotDirectoryException, IOException {
|
|
|
+ HdfsFileStatus resultingStat = null;
|
|
|
FSPermissionChecker pc = getPermissionChecker();
|
|
|
writeLock();
|
|
|
try {
|
|
|
startFileInternal(pc, src, permissions, holder, clientMachine, flag,
|
|
|
createParent, replication, blockSize);
|
|
|
+ resultingStat = getAuditFileInfo(src, false);
|
|
|
} finally {
|
|
|
writeUnlock();
|
|
|
// There might be transactions logged while trying to recover the lease.
|
|
|
// They need to be sync'ed even when an exception was thrown.
|
|
|
getEditLog().logSync();
|
|
|
}
|
|
|
- if (auditLog.isInfoEnabled() && isExternalInvocation()) {
|
|
|
- final HdfsFileStatus stat = dir.getFileInfo(src, false);
|
|
|
- logAuditEvent(UserGroupInformation.getCurrentUser(),
|
|
|
- Server.getRemoteIp(),
|
|
|
- "create", src, null, stat);
|
|
|
- }
|
|
|
+ logAuditEvent("create", src, null, resultingStat);
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
@@ -1465,11 +1448,7 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|
|
+" block size " + lb.getBlock().getNumBytes());
|
|
|
}
|
|
|
}
|
|
|
- if (auditLog.isInfoEnabled() && isExternalInvocation()) {
|
|
|
- logAuditEvent(UserGroupInformation.getCurrentUser(),
|
|
|
- Server.getRemoteIp(),
|
|
|
- "append", src, null, null);
|
|
|
- }
|
|
|
+ logAuditEvent("append", src);
|
|
|
return lb;
|
|
|
}
|
|
|
|
|
|
@@ -1840,17 +1819,15 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|
|
writeLock();
|
|
|
try {
|
|
|
status = renameToInternal(pc, src, dst);
|
|
|
- if (status && auditLog.isInfoEnabled() && isExternalInvocation()) {
|
|
|
- resultingStat = dir.getFileInfo(dst, false);
|
|
|
+ if (status) {
|
|
|
+ resultingStat = getAuditFileInfo(dst, false);
|
|
|
}
|
|
|
} finally {
|
|
|
writeUnlock();
|
|
|
}
|
|
|
getEditLog().logSync();
|
|
|
- if (status && auditLog.isInfoEnabled() && isExternalInvocation()) {
|
|
|
- logAuditEvent(UserGroupInformation.getCurrentUser(),
|
|
|
- Server.getRemoteIp(),
|
|
|
- "rename", src, dst, resultingStat);
|
|
|
+ if (status) {
|
|
|
+ logAuditEvent("rename", src, dst, resultingStat);
|
|
|
}
|
|
|
return status;
|
|
|
}
|
|
|
@@ -1896,20 +1873,17 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|
|
writeLock();
|
|
|
try {
|
|
|
renameToInternal(pc, src, dst, options);
|
|
|
- if (auditLog.isInfoEnabled() && isExternalInvocation()) {
|
|
|
- resultingStat = dir.getFileInfo(dst, false);
|
|
|
- }
|
|
|
+ resultingStat = getAuditFileInfo(dst, false);
|
|
|
} finally {
|
|
|
writeUnlock();
|
|
|
}
|
|
|
getEditLog().logSync();
|
|
|
- if (auditLog.isInfoEnabled() && isExternalInvocation()) {
|
|
|
+ if (resultingStat != null) {
|
|
|
StringBuilder cmd = new StringBuilder("rename options=");
|
|
|
for (Rename option : options) {
|
|
|
cmd.append(option.value()).append(" ");
|
|
|
}
|
|
|
- logAuditEvent(UserGroupInformation.getCurrentUser(), Server.getRemoteIp(),
|
|
|
- cmd.toString(), src, dst, resultingStat);
|
|
|
+ logAuditEvent(cmd.toString(), src, dst, resultingStat);
|
|
|
}
|
|
|
}
|
|
|
|
|
|
@@ -1943,10 +1917,8 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|
|
NameNode.stateChangeLog.debug("DIR* NameSystem.delete: " + src);
|
|
|
}
|
|
|
boolean status = deleteInternal(src, recursive, true);
|
|
|
- if (status && auditLog.isInfoEnabled() && isExternalInvocation()) {
|
|
|
- logAuditEvent(UserGroupInformation.getCurrentUser(),
|
|
|
- Server.getRemoteIp(),
|
|
|
- "delete", src, null, null);
|
|
|
+ if (status) {
|
|
|
+ logAuditEvent("delete", src);
|
|
|
}
|
|
|
return status;
|
|
|
}
|
|
|
@@ -2069,6 +2041,7 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|
|
*/
|
|
|
boolean mkdirs(String src, PermissionStatus permissions,
|
|
|
boolean createParent) throws IOException, UnresolvedLinkException {
|
|
|
+ HdfsFileStatus resultingStat = null;
|
|
|
boolean status = false;
|
|
|
if(NameNode.stateChangeLog.isDebugEnabled()) {
|
|
|
NameNode.stateChangeLog.debug("DIR* NameSystem.mkdirs: " + src);
|
|
|
@@ -2077,15 +2050,15 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|
|
writeLock();
|
|
|
try {
|
|
|
status = mkdirsInternal(pc, src, permissions, createParent);
|
|
|
+ if (status) {
|
|
|
+ resultingStat = getAuditFileInfo(src, false);
|
|
|
+ }
|
|
|
} finally {
|
|
|
writeUnlock();
|
|
|
}
|
|
|
getEditLog().logSync();
|
|
|
- if (status && auditLog.isInfoEnabled() && isExternalInvocation()) {
|
|
|
- final HdfsFileStatus stat = dir.getFileInfo(src, false);
|
|
|
- logAuditEvent(UserGroupInformation.getCurrentUser(),
|
|
|
- Server.getRemoteIp(),
|
|
|
- "mkdirs", src, null, stat);
|
|
|
+ if (status) {
|
|
|
+ logAuditEvent("mkdirs", src, null, resultingStat);
|
|
|
}
|
|
|
return status;
|
|
|
}
|
|
|
@@ -2520,11 +2493,7 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|
|
checkTraverse(pc, src);
|
|
|
}
|
|
|
}
|
|
|
- if (auditLog.isInfoEnabled() && isExternalInvocation()) {
|
|
|
- logAuditEvent(UserGroupInformation.getCurrentUser(),
|
|
|
- Server.getRemoteIp(),
|
|
|
- "listStatus", src, null, null);
|
|
|
- }
|
|
|
+ logAuditEvent("listStatus", src);
|
|
|
dl = dir.getListing(src, startAfter, needLocation);
|
|
|
} finally {
|
|
|
readUnlock();
|
|
|
@@ -4133,7 +4102,7 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|
|
return null;
|
|
|
}
|
|
|
|
|
|
- UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
|
|
|
+ UserGroupInformation ugi = getRemoteUser();
|
|
|
String user = ugi.getUserName();
|
|
|
Text owner = new Text(user);
|
|
|
Text realUser = null;
|
|
|
@@ -4172,7 +4141,7 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|
|
throw new IOException(
|
|
|
"Delegation Token can be renewed only with kerberos or web authentication");
|
|
|
}
|
|
|
- String renewer = UserGroupInformation.getCurrentUser().getShortUserName();
|
|
|
+ String renewer = getRemoteUser().getShortUserName();
|
|
|
expiryTime = dtSecretManager.renewToken(token, renewer);
|
|
|
DelegationTokenIdentifier id = new DelegationTokenIdentifier();
|
|
|
ByteArrayInputStream buf = new ByteArrayInputStream(token.getIdentifier());
|
|
|
@@ -4198,7 +4167,7 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|
|
if (isInSafeMode()) {
|
|
|
throw new SafeModeException("Cannot cancel delegation token", safeMode);
|
|
|
}
|
|
|
- String canceller = UserGroupInformation.getCurrentUser().getUserName();
|
|
|
+ String canceller = getRemoteUser().getUserName();
|
|
|
DelegationTokenIdentifier id = dtSecretManager
|
|
|
.cancelToken(token, canceller);
|
|
|
getEditLog().logCancelDelegationToken(id);
|
|
|
@@ -4269,7 +4238,7 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|
|
*/
|
|
|
private AuthenticationMethod getConnectionAuthenticationMethod()
|
|
|
throws IOException {
|
|
|
- UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
|
|
|
+ UserGroupInformation ugi = getRemoteUser();
|
|
|
AuthenticationMethod authMethod = ugi.getAuthenticationMethod();
|
|
|
if (authMethod == AuthenticationMethod.PROXY) {
|
|
|
authMethod = ugi.getRealUser().getAuthenticationMethod();
|
|
|
@@ -4281,16 +4250,26 @@ public class FSNamesystem implements Namesystem, FSClusterStats,
|
|
|
* Client invoked methods are invoked over RPC and will be in
|
|
|
* RPC call context even if the client exits.
|
|
|
*/
|
|
|
- private boolean isExternalInvocation() {
|
|
|
+ private static boolean isExternalInvocation() {
|
|
|
return Server.isRpcInvocation();
|
|
|
}
|
|
|
|
|
|
+ // optimize ugi lookup for RPC operations to avoid a trip through
|
|
|
+ // UGI.getCurrentUser which is synch'ed
|
|
|
+ private static UserGroupInformation getRemoteUser() throws IOException {
|
|
|
+ UserGroupInformation ugi = null;
|
|
|
+ if (Server.isRpcInvocation()) {
|
|
|
+ ugi = Server.getRemoteUser();
|
|
|
+ }
|
|
|
+ return (ugi != null) ? ugi : UserGroupInformation.getCurrentUser();
|
|
|
+ }
|
|
|
+
|
|
|
/**
|
|
|
* Log fsck event in the audit log
|
|
|
*/
|
|
|
void logFsckEvent(String src, InetAddress remoteAddress) throws IOException {
|
|
|
if (auditLog.isInfoEnabled()) {
|
|
|
- logAuditEvent(UserGroupInformation.getCurrentUser(),
|
|
|
+ logAuditEvent(getRemoteUser(),
|
|
|
remoteAddress,
|
|
|
"fsck", src, null, null);
|
|
|
}
|
Daryn Sharp