Package org.apache.hadoop.security

Class JniBasedUnixGroupsNetgroupMapping

java.lang.Object

org.apache.hadoop.security.JniBasedUnixGroupsMapping

org.apache.hadoop.security.JniBasedUnixGroupsNetgroupMapping

All Implemented Interfaces:

GroupMappingServiceProvider

@LimitedPrivate({"HDFS","MapReduce"})
@Evolving
public class JniBasedUnixGroupsNetgroupMapping
extends JniBasedUnixGroupsMapping

A JNI-based implementation of GroupMappingServiceProvider that invokes libC calls to get the group memberships of a given user.

Field Summary

Fields inherited from interface org.apache.hadoop.security.GroupMappingServiceProvider

GROUP_MAPPING_CONFIG_PREFIX

Constructor Summary

Constructors

Constructor	Description
JniBasedUnixGroupsNetgroupMapping()

Method Summary

Modifier and Type	Method	Description
void	cacheGroupsAdd(List<String> groups)	Add a group to cache, only netgroups are cached
void	cacheGroupsRefresh()	Refresh the netgroup cache
List<String>	getGroups(String user)	Gets unix groups and netgroups for the user.
protected List<String>	getUsersForNetgroup(String netgroup)	Calls JNI function to get users for a netgroup, since C functions are not reentrant we need to make this synchronized (see documentation for setnetgrent, getnetgrent and endnetgrent)

Methods inherited from class org.apache.hadoop.security.JniBasedUnixGroupsMapping

getGroupsSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

JniBasedUnixGroupsNetgroupMapping

public JniBasedUnixGroupsNetgroupMapping()

Method Details

getGroups

public List<String> getGroups(String user)
                       throws IOException

Gets unix groups and netgroups for the user. It gets all unix groups as returned by id -Gn but it only returns netgroups that are used in ACLs (there is no way to get all netgroups for a given user, see documentation for getent netgroup)

Specified by:

getGroups in interface GroupMappingServiceProvider

Overrides:

getGroups in class JniBasedUnixGroupsMapping

Parameters:

user - User's name

Returns:

group memberships of user

Throws:

IOException - raised on errors performing I/O.

cacheGroupsRefresh

public void cacheGroupsRefresh()
                        throws IOException

Refresh the netgroup cache

Specified by:

cacheGroupsRefresh in interface GroupMappingServiceProvider

Overrides:

cacheGroupsRefresh in class JniBasedUnixGroupsMapping

Throws:

IOException - raised on errors performing I/O.

cacheGroupsAdd

public void cacheGroupsAdd(List<String> groups)
                    throws IOException

Add a group to cache, only netgroups are cached

Specified by:

cacheGroupsAdd in interface GroupMappingServiceProvider

Overrides:

cacheGroupsAdd in class JniBasedUnixGroupsMapping

Parameters:

groups - list of group names to add to cache

Throws:

IOException - raised on errors performing I/O.

getUsersForNetgroup

protected List<String> getUsersForNetgroup(String netgroup)

Calls JNI function to get users for a netgroup, since C functions are not reentrant we need to make this synchronized (see documentation for setnetgrent, getnetgrent and endnetgrent)

Parameters:

netgroup - return users for this netgroup

Returns:

list of users for a given netgroup