package org.apache.hadoop.hdfs.server.namenode;

import com.google.common.base.Preconditions;
import java.util.Set;
import java.util.Stack;
import org.apache.commons.cli.HelpFormatter;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.fs.UnresolvedLinkException;
import org.apache.hadoop.fs.permission.AclEntryScope;
import org.apache.hadoop.fs.permission.AclEntryType;
import org.apache.hadoop.fs.permission.FsAction;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hdfs.server.namenode.AuthorizationProvider;
import org.apache.hadoop.hdfs.server.namenode.INodeWithAdditionalFields;
import org.apache.hadoop.hdfs.util.ReadOnlyList;
import org.apache.hadoop.security.AccessControlException;
import org.apache.solr.common.params.SpatialParams;

@InterfaceAudience.Public
@InterfaceStability.Unstable
/* loaded from: input_file:WEB-INF/lib/hadoop-hdfs-2.6.0-cdh5.11.0.jar:org/apache/hadoop/hdfs/server/namenode/DefaultAuthorizationProvider.class */
public class DefaultAuthorizationProvider extends AuthorizationProvider {
    @Override // org.apache.hadoop.hdfs.server.namenode.AuthorizationProvider
    public void setUser(AuthorizationProvider.INodeAuthorizationInfo iNodeAuthorizationInfo, String str) {
        ((INodeWithAdditionalFields) iNodeAuthorizationInfo).updatePermissionStatus(INodeWithAdditionalFields.PermissionStatusFormat.USER, SerialNumberManager.INSTANCE.getUserSerialNumber(str));
    }

    @Override // org.apache.hadoop.hdfs.server.namenode.AuthorizationProvider
    public String getUser(AuthorizationProvider.INodeAuthorizationInfo iNodeAuthorizationInfo, int i) {
        INodeWithAdditionalFields iNodeWithAdditionalFields = (INodeWithAdditionalFields) iNodeAuthorizationInfo;
        return i != 2147483646 ? iNodeWithAdditionalFields.getSnapshotINode(i).getUserName() : INodeWithAdditionalFields.PermissionStatusFormat.getUser(iNodeWithAdditionalFields.getPermissionLong());
    }

    @Override // org.apache.hadoop.hdfs.server.namenode.AuthorizationProvider
    public void setGroup(AuthorizationProvider.INodeAuthorizationInfo iNodeAuthorizationInfo, String str) {
        ((INodeWithAdditionalFields) iNodeAuthorizationInfo).updatePermissionStatus(INodeWithAdditionalFields.PermissionStatusFormat.GROUP, SerialNumberManager.INSTANCE.getGroupSerialNumber(str));
    }

    @Override // org.apache.hadoop.hdfs.server.namenode.AuthorizationProvider
    public String getGroup(AuthorizationProvider.INodeAuthorizationInfo iNodeAuthorizationInfo, int i) {
        INodeWithAdditionalFields iNodeWithAdditionalFields = (INodeWithAdditionalFields) iNodeAuthorizationInfo;
        return i != 2147483646 ? iNodeWithAdditionalFields.getSnapshotINode(i).getGroupName() : INodeWithAdditionalFields.PermissionStatusFormat.getGroup(iNodeWithAdditionalFields.getPermissionLong());
    }

    @Override // org.apache.hadoop.hdfs.server.namenode.AuthorizationProvider
    public void setPermission(AuthorizationProvider.INodeAuthorizationInfo iNodeAuthorizationInfo, FsPermission fsPermission) {
        ((INodeWithAdditionalFields) iNodeAuthorizationInfo).updatePermissionStatus(INodeWithAdditionalFields.PermissionStatusFormat.MODE, fsPermission.toShort());
    }

    @Override // org.apache.hadoop.hdfs.server.namenode.AuthorizationProvider
    public FsPermission getFsPermission(AuthorizationProvider.INodeAuthorizationInfo iNodeAuthorizationInfo, int i) {
        INodeWithAdditionalFields iNodeWithAdditionalFields = (INodeWithAdditionalFields) iNodeAuthorizationInfo;
        return i != 2147483646 ? iNodeWithAdditionalFields.getSnapshotINode(i).getFsPermission() : new FsPermission(iNodeWithAdditionalFields.getFsPermissionShort());
    }

    @Override // org.apache.hadoop.hdfs.server.namenode.AuthorizationProvider
    public AclFeature getAclFeature(AuthorizationProvider.INodeAuthorizationInfo iNodeAuthorizationInfo, int i) {
        INodeWithAdditionalFields iNodeWithAdditionalFields = (INodeWithAdditionalFields) iNodeAuthorizationInfo;
        return i != 2147483646 ? iNodeWithAdditionalFields.getSnapshotINode(i).getFsimageAclFeature() : (AclFeature) iNodeWithAdditionalFields.getFeature(AclFeature.class);
    }

    @Override // org.apache.hadoop.hdfs.server.namenode.AuthorizationProvider
    public void removeAclFeature(AuthorizationProvider.INodeAuthorizationInfo iNodeAuthorizationInfo) {
        INodeWithAdditionalFields iNodeWithAdditionalFields = (INodeWithAdditionalFields) iNodeAuthorizationInfo;
        AclFeature fsimageAclFeature = iNodeWithAdditionalFields.getFsimageAclFeature();
        Preconditions.checkNotNull(fsimageAclFeature);
        iNodeWithAdditionalFields.removeFeature(fsimageAclFeature);
    }

    @Override // org.apache.hadoop.hdfs.server.namenode.AuthorizationProvider
    public void addAclFeature(AuthorizationProvider.INodeAuthorizationInfo iNodeAuthorizationInfo, AclFeature aclFeature) {
        INodeWithAdditionalFields iNodeWithAdditionalFields = (INodeWithAdditionalFields) iNodeAuthorizationInfo;
        if (iNodeWithAdditionalFields.getFsimageAclFeature() != null) {
            throw new IllegalStateException("Duplicated ACLFeature");
        }
        iNodeWithAdditionalFields.addFeature(aclFeature);
    }

    private void checkAncestorType(INode[] iNodeArr, int i, AccessControlException accessControlException) throws AccessControlException {
        for (int i2 = 0; i2 <= i && iNodeArr[i2] != null; i2++) {
            if (!iNodeArr[i2].isDirectory()) {
                throw new AccessControlException(accessControlException.getMessage() + " (Ancestor " + iNodeArr[i2].getFullPathName() + " is not a directory).");
            }
        }
        throw accessControlException;
    }

    @Override // org.apache.hadoop.hdfs.server.namenode.AuthorizationProvider
    public void checkPermission(String str, Set<String> set, AuthorizationProvider.INodeAuthorizationInfo[] iNodeAuthorizationInfoArr, int i, boolean z, FsAction fsAction, FsAction fsAction2, FsAction fsAction3, FsAction fsAction4, boolean z2) throws AccessControlException, UnresolvedLinkException {
        INode[] iNodeArr = (INode[]) iNodeAuthorizationInfoArr;
        int length = iNodeArr.length - 2;
        while (length >= 0 && iNodeArr[length] == null) {
            length--;
        }
        checkTraverse(str, set, iNodeArr, length, i);
        INode iNode = iNodeArr[iNodeArr.length - 1];
        if (fsAction2 != null && fsAction2.implies(FsAction.WRITE) && iNodeArr.length > 1 && iNode != null) {
            checkStickyBit(str, iNodeArr[iNodeArr.length - 2], iNode, i);
        }
        if (fsAction != null && iNodeArr.length > 1) {
            check(str, set, iNodeArr, length, i, fsAction);
        }
        if (fsAction2 != null && iNodeArr.length > 1) {
            check(str, set, iNodeArr, iNodeArr.length - 2, i, fsAction2);
        }
        if (fsAction3 != null) {
            check(str, set, iNode, i, fsAction3);
        }
        if (fsAction4 != null) {
            checkSubAccess(str, set, iNode, i, fsAction4, z2);
        }
        if (z) {
            checkOwner(str, iNode, i);
        }
    }

    private void checkOwner(String str, INode iNode, int i) throws AccessControlException {
        if (iNode != null && !str.equals(iNode.getUserName(i))) {
            throw new AccessControlException("Permission denied. user=" + str + " is not the owner of inode=" + iNode);
        }
    }

    private void checkTraverse(String str, Set<String> set, INode[] iNodeArr, int i, int i2) throws AccessControlException {
        int i3 = 0;
        while (i3 <= i) {
            try {
                check(str, set, iNodeArr[i3], i2, FsAction.EXECUTE);
                i3++;
            } catch (AccessControlException e) {
                checkAncestorType(iNodeArr, i3, e);
                return;
            }
        }
    }

    private void checkSubAccess(String str, Set<String> set, INode iNode, int i, FsAction fsAction, boolean z) throws AccessControlException {
        if (iNode == null || !iNode.isDirectory()) {
            return;
        }
        Stack stack = new Stack();
        stack.push(iNode.asDirectory());
        while (!stack.isEmpty()) {
            INodeDirectory iNodeDirectory = (INodeDirectory) stack.pop();
            ReadOnlyList<INode> childrenList = iNodeDirectory.getChildrenList(i);
            if (!childrenList.isEmpty() || !z) {
                check(str, set, iNodeDirectory, i, fsAction);
            }
            for (INode iNode2 : childrenList) {
                if (iNode2.isDirectory()) {
                    stack.push(iNode2.asDirectory());
                }
            }
        }
    }

    private void check(String str, Set<String> set, INode[] iNodeArr, int i, int i2, FsAction fsAction) throws AccessControlException {
        check(str, set, i >= 0 ? iNodeArr[i] : null, i2, fsAction);
    }

    private void check(String str, Set<String> set, INode iNode, int i, FsAction fsAction) throws AccessControlException {
        if (iNode == null) {
            return;
        }
        FsPermission fsPermission = iNode.getFsPermission(i);
        AclFeature aclFeature = iNode.getAclFeature(i);
        if (aclFeature == null || AclEntryStatusFormat.getScope(aclFeature.getEntryAt(0)) != AclEntryScope.ACCESS) {
            checkFsPermission(str, set, iNode, i, fsAction, fsPermission);
        } else {
            checkAccessAcl(str, set, iNode, i, fsAction, fsPermission, aclFeature);
        }
    }

    private void checkFsPermission(String str, Set<String> set, INode iNode, int i, FsAction fsAction, FsPermission fsPermission) throws AccessControlException {
        if (str.equals(iNode.getUserName(i))) {
            if (fsPermission.getUserAction().implies(fsAction)) {
                return;
            }
        } else if (set.contains(iNode.getGroupName(i))) {
            if (fsPermission.getGroupAction().implies(fsAction)) {
                return;
            }
        } else if (fsPermission.getOtherAction().implies(fsAction)) {
            return;
        }
        throw new AccessControlException(toAccessControlString(str, iNode, i, fsAction, fsPermission));
    }

    private void checkAccessAcl(String str, Set<String> set, INode iNode, int i, FsAction fsAction, FsPermission fsPermission, AclFeature aclFeature) throws AccessControlException {
        boolean z = false;
        if (str.equals(iNode.getUserName(i))) {
            if (fsPermission.getUserAction().implies(fsAction)) {
                return;
            } else {
                z = true;
            }
        }
        if (!z) {
            int i2 = 0;
            while (true) {
                if (i2 >= aclFeature.getEntriesSize()) {
                    break;
                }
                int entryAt = aclFeature.getEntryAt(i2);
                if (AclEntryStatusFormat.getScope(entryAt) == AclEntryScope.DEFAULT) {
                    break;
                }
                AclEntryType type = AclEntryStatusFormat.getType(entryAt);
                String name = AclEntryStatusFormat.getName(entryAt);
                if (type == AclEntryType.USER) {
                    if (str.equals(name)) {
                        if (AclEntryStatusFormat.getPermission(entryAt).and(fsPermission.getGroupAction()).implies(fsAction)) {
                            return;
                        } else {
                            z = true;
                        }
                    }
                } else if (type != AclEntryType.GROUP) {
                    continue;
                } else {
                    if (!set.contains(name == null ? iNode.getGroupName(i) : name)) {
                        continue;
                    } else if (AclEntryStatusFormat.getPermission(entryAt).and(fsPermission.getGroupAction()).implies(fsAction)) {
                        return;
                    } else {
                        z = true;
                    }
                }
                i2++;
            }
        }
        if (z || !fsPermission.getOtherAction().implies(fsAction)) {
            throw new AccessControlException(toAccessControlString(str, iNode, i, fsAction, fsPermission));
        }
    }

    private void checkStickyBit(String str, INode iNode, INode iNode2, int i) throws AccessControlException {
        if (!iNode.getFsPermission(i).getStickyBit() || iNode.getUserName(i).equals(str) || iNode2.getUserName(i).equals(str)) {
            return;
        }
        String fullPathName = iNode2.getFullPathName();
        Object[] objArr = new Object[11];
        objArr[0] = str;
        objArr[1] = fullPathName;
        objArr[2] = iNode2.getUserName();
        objArr[3] = iNode2.getGroupName();
        objArr[4] = iNode2.isDirectory() ? SpatialParams.DISTANCE : HelpFormatter.DEFAULT_OPT_PREFIX;
        objArr[5] = iNode2.getFsPermission().toString();
        objArr[6] = fullPathName.substring(0, (fullPathName.length() - iNode2.toString().length()) - 1);
        objArr[7] = iNode.getUserName();
        objArr[8] = iNode.getGroupName();
        objArr[9] = iNode.isDirectory() ? SpatialParams.DISTANCE : HelpFormatter.DEFAULT_OPT_PREFIX;
        objArr[10] = iNode.getFsPermission().toString();
        throw new AccessControlException(String.format("Permission denied by sticky bit: user=%s, path=\"%s\":%s:%s:%s%s, parent=\"%s\":%s:%s:%s%s", objArr));
    }

    private String toAccessControlString(String str, INode iNode, int i, FsAction fsAction, FsPermission fsPermission) {
        return "Permission denied: user=" + str + ", access=" + fsAction + ", inode=\"" + iNode.getFullPathName() + "\":" + iNode.getUserName(i) + ':' + iNode.getGroupName(i) + ':' + (iNode.isDirectory() ? 'd' : '-') + fsPermission;
    }
}
