public class oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager extends java.lang.Object
{
static final java.lang.String BLOCKED;
static final java.lang.String HOSTS;
private static final java.lang.String HADOOP_POLICY_FILE;
private volatile java.util.Map protocolToAcls;
private volatile java.util.Map protocolToMachineLists;
public static final java.lang.String SERVICE_AUTHORIZATION_CONFIG;
public static final org.slf4j.Logger AUDITLOG;
private static final java.lang.String AUTHZ_SUCCESSFUL_FOR;
private static final java.lang.String AUTHZ_FAILED_FOR;
public void <init>()
{
java.util.IdentityHashMap v, v;
oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager v;
v := @this: oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager;
specialinvoke v.<java.lang.Object: void <init>()>();
v = new java.util.IdentityHashMap;
specialinvoke v.<java.util.IdentityHashMap: void <init>()>();
v.<oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager: java.util.Map protocolToAcls> = v;
v = new java.util.IdentityHashMap;
specialinvoke v.<java.util.IdentityHashMap: void <init>()>();
v.<oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager: java.util.Map protocolToMachineLists> = v;
return;
}
public void authorize(oadd.org.apache.hadoop.security.UserGroupInformation, java.lang.Class, oadd.org.apache.hadoop.conf.Configuration, java.net.InetAddress) throws oadd.org.apache.hadoop.security.authorize.AuthorizationException
{
oadd.org.apache.hadoop.security.authorize.AuthorizationException v, v, v, v;
java.net.InetAddress v;
java.util.Map v, v;
oadd.org.apache.hadoop.conf.Configuration v;
boolean v, v, v, v, v;
java.lang.Throwable v;
oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager v;
oadd.org.apache.hadoop.util.MachineList v, v;
int v, v;
java.lang.String v, v, v, v, v, v, v, v, v, v, v;
oadd.org.apache.hadoop.security.authorize.AccessControlList v, v;
oadd.org.apache.hadoop.security.UserGroupInformation v;
org.slf4j.Logger v, v, v;
java.io.IOException v;
java.lang.Class v;
java.lang.Object v, v;
v := @this: oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager;
v := @parameter: oadd.org.apache.hadoop.security.UserGroupInformation;
v := @parameter: java.lang.Class;
v := @parameter: oadd.org.apache.hadoop.conf.Configuration;
v := @parameter: java.net.InetAddress;
v = v.<oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager: java.util.Map protocolToAcls>;
v = interfaceinvoke v.<java.util.Map: java.lang.Object get(java.lang.Object)>(v);
v = v.<oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager: java.util.Map protocolToMachineLists>;
v = interfaceinvoke v.<java.util.Map: java.lang.Object get(java.lang.Object)>(v);
if v == null goto label;
if v != null goto label;
label:
v = new oadd.org.apache.hadoop.security.authorize.AuthorizationException;
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.Class)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("Protocol \u is not known.");
specialinvoke v.<oadd.org.apache.hadoop.security.authorize.AuthorizationException: void <init>(java.lang.String)>(v);
throw v;
label:
v = staticinvoke <oadd.org.apache.hadoop.security.SecurityUtil: java.lang.String getClientPrincipal(java.lang.Class,oadd.org.apache.hadoop.conf.Configuration)>(v, v);
if v == null goto label;
v = staticinvoke <oadd.org.apache.hadoop.security.SecurityUtil: java.lang.String getServerPrincipal(java.lang.String,java.net.InetAddress)>(v, v);
label:
goto label;
label:
v := @caughtexception;
v = new oadd.org.apache.hadoop.security.authorize.AuthorizationException;
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.net.InetAddress,oadd.org.apache.hadoop.security.UserGroupInformation,java.lang.Class)>(v, v, v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("Can\'t figure out Kerberos principal name for connection from \u for user=\u protocol=\u0001");
specialinvoke v.<oadd.org.apache.hadoop.security.authorize.AuthorizationException: void <init>(java.lang.String)>(v);
v = virtualinvoke v.<oadd.org.apache.hadoop.security.authorize.AuthorizationException: java.lang.Throwable initCause(java.lang.Throwable)>(v);
throw v;
label:
if v == null goto label;
v = virtualinvoke v.<oadd.org.apache.hadoop.security.UserGroupInformation: java.lang.String getUserName()>();
v = virtualinvoke v.<java.lang.String: boolean equals(java.lang.Object)>(v);
if v == 0 goto label;
label:
v = lengthof v;
if v != 2 goto label;
v = v[0];
v = virtualinvoke v.<oadd.org.apache.hadoop.security.authorize.AccessControlList: boolean isUserAllowed(oadd.org.apache.hadoop.security.UserGroupInformation)>(v);
if v == 0 goto label;
v = v[1];
v = virtualinvoke v.<oadd.org.apache.hadoop.security.authorize.AccessControlList: boolean isUserAllowed(oadd.org.apache.hadoop.security.UserGroupInformation)>(v);
if v == 0 goto label;
label:
if v == null goto label;
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>(": this service is only accessible by \u0001");
goto label;
label:
v = ": denied by configured ACL";
label:
v = <oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager: org.slf4j.Logger AUDITLOG>;
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (oadd.org.apache.hadoop.security.UserGroupInformation,java.lang.Class,java.lang.String)>(v, v, v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("Authorization failed for \u for protocol=\u0001\u0001");
interfaceinvoke v.<org.slf4j.Logger: void warn(java.lang.String)>(v);
v = new oadd.org.apache.hadoop.security.authorize.AuthorizationException;
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (oadd.org.apache.hadoop.security.UserGroupInformation,java.lang.Class,java.lang.String)>(v, v, v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("User \u is not authorized for protocol \u0001\u0001");
specialinvoke v.<oadd.org.apache.hadoop.security.authorize.AuthorizationException: void <init>(java.lang.String)>(v);
throw v;
label:
if v == null goto label;
v = virtualinvoke v.<java.net.InetAddress: java.lang.String getHostAddress()>();
v = lengthof v;
if v != 2 goto label;
v = v[0];
v = virtualinvoke v.<oadd.org.apache.hadoop.util.MachineList: boolean includes(java.lang.String)>(v);
if v == 0 goto label;
v = v[1];
v = virtualinvoke v.<oadd.org.apache.hadoop.util.MachineList: boolean includes(java.lang.String)>(v);
if v == 0 goto label;
label:
v = <oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager: org.slf4j.Logger AUDITLOG>;
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.Class,java.lang.String)>(v, v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("Authorization failed for  for protocol=\u from host = \u0001");
interfaceinvoke v.<org.slf4j.Logger: void warn(java.lang.String)>(v);
v = new oadd.org.apache.hadoop.security.authorize.AuthorizationException;
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String,java.lang.Class)>(v, v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("Host \u is not authorized for protocol \u0001");
specialinvoke v.<oadd.org.apache.hadoop.security.authorize.AuthorizationException: void <init>(java.lang.String)>(v);
throw v;
label:
v = <oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager: org.slf4j.Logger AUDITLOG>;
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (oadd.org.apache.hadoop.security.UserGroupInformation,java.lang.Class)>(v, v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("Authorization successful for \u for protocol=\u0001");
interfaceinvoke v.<org.slf4j.Logger: void info(java.lang.String)>(v);
return;
catch java.io.IOException from label to label with label;
}
public void refresh(oadd.org.apache.hadoop.conf.Configuration, oadd.org.apache.hadoop.security.authorize.PolicyProvider)
{
oadd.org.apache.hadoop.security.authorize.PolicyProvider v;
oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager v;
oadd.org.apache.hadoop.conf.Configuration v, v;
java.lang.String v;
v := @this: oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager;
v := @parameter: oadd.org.apache.hadoop.conf.Configuration;
v := @parameter: oadd.org.apache.hadoop.security.authorize.PolicyProvider;
v = staticinvoke <java.lang.System: java.lang.String getProperty(java.lang.String,java.lang.String)>("hadoop.policy.file", "hadoop-policy.xml");
v = new oadd.org.apache.hadoop.conf.Configuration;
specialinvoke v.<oadd.org.apache.hadoop.conf.Configuration: void <init>(oadd.org.apache.hadoop.conf.Configuration)>(v);
virtualinvoke v.<oadd.org.apache.hadoop.conf.Configuration: void addResource(java.lang.String)>(v);
virtualinvoke v.<oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager: void refreshWithLoadedConfiguration(oadd.org.apache.hadoop.conf.Configuration,oadd.org.apache.hadoop.security.authorize.PolicyProvider)>(v, v);
return;
}
public void refreshWithLoadedConfiguration(oadd.org.apache.hadoop.conf.Configuration, oadd.org.apache.hadoop.security.authorize.PolicyProvider)
{
oadd.org.apache.hadoop.security.authorize.Service[] v;
oadd.org.apache.hadoop.conf.Configuration v;
java.util.IdentityHashMap v, v;
oadd.org.apache.hadoop.security.authorize.Service v;
oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager v;
oadd.org.apache.hadoop.util.MachineList v, v;
oadd.org.apache.hadoop.security.authorize.PolicyProvider v;
int v, v;
java.lang.String v, v, v, v, v, v, v, v, v, v, v, v, v, v, v, v;
oadd.org.apache.hadoop.security.authorize.AccessControlList v, v;
oadd.org.apache.hadoop.security.authorize.AccessControlList[] v;
oadd.org.apache.hadoop.util.MachineList[] v;
java.lang.Class v, v;
v := @this: oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager;
v := @parameter: oadd.org.apache.hadoop.conf.Configuration;
v := @parameter: oadd.org.apache.hadoop.security.authorize.PolicyProvider;
v = new java.util.IdentityHashMap;
specialinvoke v.<java.util.IdentityHashMap: void <init>()>();
v = new java.util.IdentityHashMap;
specialinvoke v.<java.util.IdentityHashMap: void <init>()>();
v = virtualinvoke v.<oadd.org.apache.hadoop.conf.Configuration: java.lang.String get(java.lang.String,java.lang.String)>("security.service.authorization.default.acl", "*");
v = virtualinvoke v.<oadd.org.apache.hadoop.conf.Configuration: java.lang.String get(java.lang.String,java.lang.String)>("security.service.authorization.default.acl.blocked", "");
v = specialinvoke v.<oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager: java.lang.String getHostKey(java.lang.String)>("security.service.authorization.default.acl");
v = virtualinvoke v.<oadd.org.apache.hadoop.conf.Configuration: java.lang.String get(java.lang.String,java.lang.String)>(v, "*");
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("\u.blocked");
v = virtualinvoke v.<oadd.org.apache.hadoop.conf.Configuration: java.lang.String get(java.lang.String,java.lang.String)>(v, "");
v = virtualinvoke v.<oadd.org.apache.hadoop.security.authorize.PolicyProvider: oadd.org.apache.hadoop.security.authorize.Service[] getServices()>();
if v == null goto label;
v = lengthof v;
v = 0;
label:
if v >= v goto label;
v = v[v];
v = new oadd.org.apache.hadoop.security.authorize.AccessControlList;
v = virtualinvoke v.<oadd.org.apache.hadoop.security.authorize.Service: java.lang.String getServiceKey()>();
v = virtualinvoke v.<oadd.org.apache.hadoop.conf.Configuration: java.lang.String get(java.lang.String,java.lang.String)>(v, v);
specialinvoke v.<oadd.org.apache.hadoop.security.authorize.AccessControlList: void <init>(java.lang.String)>(v);
v = new oadd.org.apache.hadoop.security.authorize.AccessControlList;
v = virtualinvoke v.<oadd.org.apache.hadoop.security.authorize.Service: java.lang.String getServiceKey()>();
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("\u.blocked");
v = virtualinvoke v.<oadd.org.apache.hadoop.conf.Configuration: java.lang.String get(java.lang.String,java.lang.String)>(v, v);
specialinvoke v.<oadd.org.apache.hadoop.security.authorize.AccessControlList: void <init>(java.lang.String)>(v);
v = virtualinvoke v.<oadd.org.apache.hadoop.security.authorize.Service: java.lang.Class getProtocol()>();
v = newarray (oadd.org.apache.hadoop.security.authorize.AccessControlList)[2];
v[0] = v;
v[1] = v;
interfaceinvoke v.<java.util.Map: java.lang.Object put(java.lang.Object,java.lang.Object)>(v, v);
v = virtualinvoke v.<oadd.org.apache.hadoop.security.authorize.Service: java.lang.String getServiceKey()>();
v = specialinvoke v.<oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager: java.lang.String getHostKey(java.lang.String)>(v);
v = new oadd.org.apache.hadoop.util.MachineList;
v = virtualinvoke v.<oadd.org.apache.hadoop.conf.Configuration: java.lang.String get(java.lang.String,java.lang.String)>(v, v);
specialinvoke v.<oadd.org.apache.hadoop.util.MachineList: void <init>(java.lang.String)>(v);
v = new oadd.org.apache.hadoop.util.MachineList;
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("\u.blocked");
v = virtualinvoke v.<oadd.org.apache.hadoop.conf.Configuration: java.lang.String get(java.lang.String,java.lang.String)>(v, v);
specialinvoke v.<oadd.org.apache.hadoop.util.MachineList: void <init>(java.lang.String)>(v);
v = virtualinvoke v.<oadd.org.apache.hadoop.security.authorize.Service: java.lang.Class getProtocol()>();
v = newarray (oadd.org.apache.hadoop.util.MachineList)[2];
v[0] = v;
v[1] = v;
interfaceinvoke v.<java.util.Map: java.lang.Object put(java.lang.Object,java.lang.Object)>(v, v);
v = v + 1;
goto label;
label:
v.<oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager: java.util.Map protocolToAcls> = v;
v.<oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager: java.util.Map protocolToMachineLists> = v;
return;
}
private java.lang.String getHostKey(java.lang.String)
{
oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager v;
int v, v;
java.lang.String v, v, v;
v := @this: oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager;
v := @parameter: java.lang.String;
v = virtualinvoke v.<java.lang.String: int lastIndexOf(java.lang.String)>(".");
v = (int) -1;
if v == v goto label;
v = virtualinvoke v.<java.lang.String: java.lang.String substring(int,int)>(0, v);
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("\u.hosts");
return v;
label:
return v;
}
public java.util.Set getProtocolsWithAcls()
{
java.util.Set v;
oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager v;
java.util.Map v;
v := @this: oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager;
v = v.<oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager: java.util.Map protocolToAcls>;
v = interfaceinvoke v.<java.util.Map: java.util.Set keySet()>();
return v;
}
public oadd.org.apache.hadoop.security.authorize.AccessControlList getProtocolsAcls(java.lang.Class)
{
oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager v;
java.util.Map v;
java.lang.Class v;
java.lang.Object v;
oadd.org.apache.hadoop.security.authorize.AccessControlList v;
v := @this: oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager;
v := @parameter: java.lang.Class;
v = v.<oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager: java.util.Map protocolToAcls>;
v = interfaceinvoke v.<java.util.Map: java.lang.Object get(java.lang.Object)>(v);
v = v[0];
return v;
}
public oadd.org.apache.hadoop.security.authorize.AccessControlList getProtocolsBlockedAcls(java.lang.Class)
{
oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager v;
java.util.Map v;
java.lang.Class v;
java.lang.Object v;
oadd.org.apache.hadoop.security.authorize.AccessControlList v;
v := @this: oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager;
v := @parameter: java.lang.Class;
v = v.<oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager: java.util.Map protocolToAcls>;
v = interfaceinvoke v.<java.util.Map: java.lang.Object get(java.lang.Object)>(v);
v = v[1];
return v;
}
public java.util.Set getProtocolsWithMachineLists()
{
java.util.Set v;
oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager v;
java.util.Map v;
v := @this: oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager;
v = v.<oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager: java.util.Map protocolToMachineLists>;
v = interfaceinvoke v.<java.util.Map: java.util.Set keySet()>();
return v;
}
public oadd.org.apache.hadoop.util.MachineList getProtocolsMachineList(java.lang.Class)
{
oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager v;
oadd.org.apache.hadoop.util.MachineList v;
java.util.Map v;
java.lang.Class v;
java.lang.Object v;
v := @this: oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager;
v := @parameter: java.lang.Class;
v = v.<oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager: java.util.Map protocolToMachineLists>;
v = interfaceinvoke v.<java.util.Map: java.lang.Object get(java.lang.Object)>(v);
v = v[0];
return v;
}
public oadd.org.apache.hadoop.util.MachineList getProtocolsBlockedMachineList(java.lang.Class)
{
oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager v;
oadd.org.apache.hadoop.util.MachineList v;
java.util.Map v;
java.lang.Class v;
java.lang.Object v;
v := @this: oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager;
v := @parameter: java.lang.Class;
v = v.<oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager: java.util.Map protocolToMachineLists>;
v = interfaceinvoke v.<java.util.Map: java.lang.Object get(java.lang.Object)>(v);
v = v[1];
return v;
}
static void <clinit>()
{
org.slf4j.Logger v;
java.lang.Class v;
java.lang.String v, v;
v = class "Loadd/org/apache/hadoop/security/authorize/ServiceAuthorizationManager;";
v = virtualinvoke v.<java.lang.Class: java.lang.String getName()>();
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("SecurityLogger.\u0001");
v = staticinvoke <org.slf4j.LoggerFactory: org.slf4j.Logger getLogger(java.lang.String)>(v);
<oadd.org.apache.hadoop.security.authorize.ServiceAuthorizationManager: org.slf4j.Logger AUDITLOG> = v;
return;
}
}