This is an automated email from the ASF dual-hosted git repository.
abhay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new c4f6cc395 RANGER-4722: HDFS authorization logic for directory
hierarchy rooted at '/' is incorrect
c4f6cc395 is described below
commit c4f6cc3951f979c4ae5859fbeaf1be5fe945b12d
Author: Abhay Kulkarni <[email protected]>
AuthorDate: Tue Feb 20 14:36:09 2024 -0800
RANGER-4722: HDFS authorization logic for directory hierarchy rooted at '/'
is incorrect
---
.../apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git
a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
index 9b1279bcb..9b410a185 100644
---
a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
+++
b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
@@ -453,7 +453,11 @@ public class RangerHdfsAuthorizer extends
INodeAttributeProvider {
if
(subDirAuthStatus != AuthzStatus.ALLOW) {
for(INode child : cList) {
if (child.isDirectory()) {
-
directories.push(new SubAccessData(child.asDirectory(), resourcePath +
Path.SEPARATOR_CHAR + child.getLocalName()));
+
if (data.resourcePath.endsWith(Path.SEPARATOR)) {
+
directories.push(new SubAccessData(child.asDirectory(),
data.resourcePath + child.getLocalName()));
+
} else {
+
directories.push(new SubAccessData(child.asDirectory(),
data.resourcePath + Path.SEPARATOR_CHAR + child.getLocalName()));
+
}
}
}
}
