Commit ed9a5783 authored by Tigran Mkrtchyan's avatar Tigran Mkrtchyan
Browse files

pol: update to oncrpc4j-3.1.0

Motivation:
new major version update with improvements and breaking changes:

- Drop dependency on dcache-auth , which had incompatible license
- Experimental AUTH_TLS support
- Various javadoc improvements
- Improved code coverage
- removed direct dependency on grizzly-framework-monitoring

The result of removal of license incompatible dcache-auth in oncrpc4j is
migration from org.dcache.auth.GidPrincipal and org.dcache.auth.UidPrincipal
to com.sun.security.auth.UnixNumericGroupPrincipal and
com.sun.security.auth.UnixNumericUserPrincipa. This breaking change have
to be handled in nfs4j.

Modification:
Update pom to use oncrpc4j-3.1.0. Introduce UnixSubjects that provides
alternative to org.dcache.auth.Subjects. Update code base to match API
changes.

Result:
The nfs4j has no dependency with conflicting license. Support for
nfs-over-tls.

WARNING: this is a breaking change that requires changes in VirtualFileSystem
implementations.

Acked-by: Paul Millar
Target: master
parent b1320d97
Pipeline #568 passed with stage
in 1 minute and 13 seconds
...@@ -4,6 +4,9 @@ ...@@ -4,6 +4,9 @@
- removed deprecated CompoundContextBuilder#withExportFile - removed deprecated CompoundContextBuilder#withExportFile
- removed interface org.dcache.nfs.v4.NfsLoginService - removed interface org.dcache.nfs.v4.NfsLoginService
- drop dependency on org.dcache.auth package. Now only UnixNumericUserPrincipal and UnixNumericGroupPrincipal are used.
- this change is not backward compatible due to license incompatibility of org.dcache.auth package.
- added new class org.dcache.nfs.util.UnixSubjects that provides functionality used form org.dcache.auth package.Subjects
## 0.21 ## 0.21
......
/*
* Copyright (c) 2020 Deutsches Elektronen-Synchroton,
* Member of the Helmholtz Association, (DESY), HAMBURG, GERMANY
*
* This library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Library General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public
* License along with this program (see the file COPYING.LIB for more
* details); if not, write to the Free Software Foundation, Inc.,
* 675 Mass Ave, Cambridge, MA 02139, USA.
*/
package org.dcache.nfs.util;
import com.sun.security.auth.UnixNumericGroupPrincipal;
import com.sun.security.auth.UnixNumericUserPrincipal;
import javax.security.auth.Subject;
import java.util.Arrays;
import java.util.Set;
import java.util.function.Predicate;
import java.util.stream.Collectors;
/**
* A collection of utility methods to manipulate with Unix based subjects.
*/
public class UnixSubjects {
private UnixSubjects() {}
/**
* Returns true if and only if subjects contains UnixNumericUserPrincipal with uid 0 (zero).
* @param subject subject to evaluate.
* @return true if subjects contains UnixNumericUserPrincipal with uid 0.
*/
public static boolean isRootSubject(Subject subject) {
return hasUid(subject, 0);
}
/**
* Returns true if and only if subjects doesn't contain any UnixNumericUserPrincipal.
* @param subject subject to evaluate.
* @return true if subjects doesn't contain any UnixNumericUserPrincipal.
*/
public static boolean isNobodySubject(Subject subject) {
return subject.getPrincipals().stream()
.noneMatch(UnixNumericUserPrincipal.class::isInstance);
}
/**
* Returns true if and only if the subject has the given uid.
*
* @param subject
* @param uid
* @return true, if the subject has given uid..
*/
public static boolean hasUid(Subject subject, long uid) {
return subject.getPrincipals().stream()
.filter(UnixNumericUserPrincipal.class::isInstance)
.map(UnixNumericUserPrincipal.class::cast)
.anyMatch(p -> p.longValue() == uid);
}
/**
* Returns true if and only if the subject has as primary or secondary the given gid.
*
* @param subject
* @param gid
* @return true, if the subject has given gid.
*/
public static boolean hasGid(Subject subject, long gid) {
return subject.getPrincipals().stream()
.filter(UnixNumericGroupPrincipal.class::isInstance)
.map(UnixNumericGroupPrincipal.class::cast)
.anyMatch(p -> p.longValue() == gid);
}
/**
* Create subject with given uid and gid.
* @param uid users numeric id.
* @param gid users primary group numeric id.
* @return subject with given uid, gid.
*/
public static Subject toSubject(long uid, long gid) {
return new Subject(false,
Set.of(new UnixNumericUserPrincipal(uid), new UnixNumericGroupPrincipal(gid, true)),
Set.of(),
Set.of());
}
/**
* Create subject with given uid, primary gid and secondary gids.
* @param uid users numeric id.
* @param gid users primary group numeric id.
* @param gids array of users secondary group numeric ids.
* @return subject with given uid, gid and gids.
*/
public static Subject toSubject(long uid, long gid, long ... gids) {
Subject subject = toSubject(uid, gid);
subject.getPrincipals()
.addAll(
Arrays.stream(gids)
.mapToObj(l -> new UnixNumericGroupPrincipal(l, false))
.collect(Collectors.toSet())
);
return subject;
}
/**
* Returns the user ID represented by UnixNumericUserPrincipal.
* @param subject subject to evaluate.
* @return the user id.
*/
public static long getUid(Subject subject) {
return subject.getPrincipals().stream().filter(UnixNumericUserPrincipal.class::isInstance)
.map(UnixNumericUserPrincipal.class::cast)
.mapToLong(UnixNumericUserPrincipal::longValue)
.findFirst()
.getAsLong();
}
/**
* Returns the primary group ID of a subject represented by UnixNumericGroupPrincipal.
* @param subject subject to evaluate.
* @return the primary group ID.
*/
public static long getPrimaryGid(Subject subject) {
return subject.getPrincipals().stream().filter(UnixNumericGroupPrincipal.class::isInstance)
.map(UnixNumericGroupPrincipal.class::cast)
.filter(UnixNumericGroupPrincipal::isPrimaryGroup)
.mapToLong(UnixNumericGroupPrincipal::longValue)
.findFirst()
.getAsLong();
}
/**
* Returns the secondary group IDs of a subject represented by UnixNumericGroupPrincipal.
* @param subject subject to evaluate.
* @return an array with secondary group IDs, possibly empty.
*/
public static long[] getSecondaryGids(Subject subject) {
return subject.getPrincipals().stream().filter(UnixNumericGroupPrincipal.class::isInstance)
.map(UnixNumericGroupPrincipal.class::cast)
.filter(Predicate.not(UnixNumericGroupPrincipal::isPrimaryGroup))
.mapToLong(UnixNumericGroupPrincipal::longValue)
.toArray();
}
}
/* /*
* Copyright (c) 2009 - 2018 Deutsches Elektronen-Synchroton, * Copyright (c) 2009 - 2020 Deutsches Elektronen-Synchroton,
* Member of the Helmholtz Association, (DESY), HAMBURG, GERMANY * Member of the Helmholtz Association, (DESY), HAMBURG, GERMANY
* *
* This library is free software; you can redistribute it and/or modify * This library is free software; you can redistribute it and/or modify
...@@ -19,10 +19,10 @@ ...@@ -19,10 +19,10 @@
*/ */
package org.dcache.nfs.v3; package org.dcache.nfs.v3;
import org.dcache.auth.Subjects;
import org.dcache.nfs.ExportTable; import org.dcache.nfs.ExportTable;
import org.dcache.nfs.nfsstat; import org.dcache.nfs.nfsstat;
import org.dcache.nfs.ChimeraNFSException; import org.dcache.nfs.ChimeraNFSException;
import org.dcache.nfs.util.UnixSubjects;
import org.dcache.nfs.v3.xdr.LOOKUP3res; import org.dcache.nfs.v3.xdr.LOOKUP3res;
import org.dcache.nfs.v3.xdr.WRITE3resfail; import org.dcache.nfs.v3.xdr.WRITE3resfail;
import org.dcache.nfs.v3.xdr.RMDIR3resok; import org.dcache.nfs.v3.xdr.RMDIR3resok;
...@@ -300,7 +300,7 @@ public class NfsServerV3 extends nfs3_protServerStub { ...@@ -300,7 +300,7 @@ public class NfsServerV3 extends nfs3_protServerStub {
if (newAttr != null) { if (newAttr != null) {
fmode = newAttr.mode.mode.value.value | Stat.S_IFREG; fmode = newAttr.mode.mode.value.value | Stat.S_IFREG;
if( newAttr.uid.set_it || newAttr.gid.set_it) { if( newAttr.uid.set_it || newAttr.gid.set_it) {
actualSubject = Subjects.of(newAttr.uid.uid.value.value, newAttr.gid.gid.value.value); actualSubject = UnixSubjects.toSubject(newAttr.uid.uid.value.value, newAttr.gid.gid.value.value);
} }
} }
inode = fs.create(parent, Stat.Type.REGULAR, path, actualSubject, fmode); inode = fs.create(parent, Stat.Type.REGULAR, path, actualSubject, fmode);
...@@ -600,7 +600,7 @@ public class NfsServerV3 extends nfs3_protServerStub { ...@@ -600,7 +600,7 @@ public class NfsServerV3 extends nfs3_protServerStub {
if (attr != null) { if (attr != null) {
mode = attr.mode.mode.value.value | Stat.S_IFDIR; mode = attr.mode.mode.value.value | Stat.S_IFDIR;
if( attr.uid.set_it || attr.gid.set_it) { if( attr.uid.set_it || attr.gid.set_it) {
actualSubject = Subjects.of(attr.uid.uid.value.value, attr.gid.gid.value.value); actualSubject = UnixSubjects.toSubject(attr.uid.uid.value.value, attr.gid.gid.value.value);
} }
} }
......
...@@ -21,6 +21,8 @@ package org.dcache.nfs.v4; ...@@ -21,6 +21,8 @@ package org.dcache.nfs.v4;
import java.net.InetSocketAddress; import java.net.InetSocketAddress;
import java.security.Principal; import java.security.Principal;
import com.sun.security.auth.UnixNumericUserPrincipal;
import org.dcache.nfs.ChimeraNFSException; import org.dcache.nfs.ChimeraNFSException;
import org.dcache.nfs.ExportTable; import org.dcache.nfs.ExportTable;
import org.dcache.nfs.v4.xdr.nfs_resop4; import org.dcache.nfs.v4.xdr.nfs_resop4;
...@@ -32,7 +34,6 @@ import java.util.List; ...@@ -32,7 +34,6 @@ import java.util.List;
import java.util.Optional; import java.util.Optional;
import javax.security.auth.Subject; import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosPrincipal; import javax.security.auth.kerberos.KerberosPrincipal;
import org.dcache.auth.UidPrincipal;
import org.dcache.nfs.vfs.Inode; import org.dcache.nfs.vfs.Inode;
import org.dcache.nfs.status.BadStateidException; import org.dcache.nfs.status.BadStateidException;
import org.dcache.nfs.status.NoFileHandleException; import org.dcache.nfs.status.NoFileHandleException;
...@@ -320,7 +321,7 @@ public class CompoundContext { ...@@ -320,7 +321,7 @@ public class CompoundContext {
if(call.getCredential().type() == RpcAuthType.RPCGSS_SEC) { if(call.getCredential().type() == RpcAuthType.RPCGSS_SEC) {
type = KerberosPrincipal.class; type = KerberosPrincipal.class;
} else { } else {
type = UidPrincipal.class; type = UnixNumericUserPrincipal.class;
} }
return call.getCredential().getSubject().getPrincipals().stream() return call.getCredential().getSubject().getPrincipals().stream()
......
...@@ -30,7 +30,7 @@ import java.util.List; ...@@ -30,7 +30,7 @@ import java.util.List;
import java.util.Set; import java.util.Set;
import java.util.function.Function; import java.util.function.Function;
import javax.security.auth.Subject; import javax.security.auth.Subject;
import org.dcache.auth.Subjects;
import org.dcache.nfs.ChimeraNFSException; import org.dcache.nfs.ChimeraNFSException;
import org.dcache.nfs.ExportTable; import org.dcache.nfs.ExportTable;
import org.dcache.nfs.FsExport; import org.dcache.nfs.FsExport;
...@@ -53,6 +53,8 @@ import org.slf4j.LoggerFactory; ...@@ -53,6 +53,8 @@ import org.slf4j.LoggerFactory;
import static com.google.common.collect.Lists.newArrayList; import static com.google.common.collect.Lists.newArrayList;
import static org.dcache.nfs.vfs.AclCheckable.Access; import static org.dcache.nfs.vfs.AclCheckable.Access;
import static org.dcache.nfs.util.UnixSubjects.*;
/** /**
* A decorated {@code VirtualFileSystem} that builds a Pseudo file system * A decorated {@code VirtualFileSystem} that builds a Pseudo file system
* on top of an other file system based on export rules. * on top of an other file system based on export rules.
...@@ -176,13 +178,13 @@ public class PseudoFs extends ForwardingFileSystem { ...@@ -176,13 +178,13 @@ public class PseudoFs extends ForwardingFileSystem {
public Inode create(Inode parent, Stat.Type type, String path, Subject subject, int mode) throws IOException { public Inode create(Inode parent, Stat.Type type, String path, Subject subject, int mode) throws IOException {
Subject effectiveSubject = checkAccess(parent, ACE4_ADD_FILE); Subject effectiveSubject = checkAccess(parent, ACE4_ADD_FILE);
if (subject != null && Subjects.isRoot(effectiveSubject)) { if (subject != null && isRootSubject(effectiveSubject)) {
effectiveSubject = subject; effectiveSubject = subject;
} }
if (inheritUidGid(parent)) { if (inheritUidGid(parent)) {
Stat s = _inner.getattr(parent); Stat s = _inner.getattr(parent);
effectiveSubject = Subjects.of(s.getUid(), s.getGid()); effectiveSubject = toSubject(s.getUid(), s.getGid());
} }
return pushExportIndex(parent, _inner.create(parent, type, path, effectiveSubject, mode)); return pushExportIndex(parent, _inner.create(parent, type, path, effectiveSubject, mode));
...@@ -229,7 +231,7 @@ public class PseudoFs extends ForwardingFileSystem { ...@@ -229,7 +231,7 @@ public class PseudoFs extends ForwardingFileSystem {
Subject effectiveSubject = checkAccess(parent, ACE4_ADD_FILE); Subject effectiveSubject = checkAccess(parent, ACE4_ADD_FILE);
if (inheritUidGid(parent)) { if (inheritUidGid(parent)) {
Stat s = _inner.getattr(parent); Stat s = _inner.getattr(parent);
effectiveSubject = Subjects.of(s.getUid(), s.getGid()); effectiveSubject = toSubject(s.getUid(), s.getGid());
} }
return pushExportIndex(parent, _inner.link(parent, link, path, effectiveSubject)); return pushExportIndex(parent, _inner.link(parent, link, path, effectiveSubject));
} }
...@@ -247,13 +249,13 @@ public class PseudoFs extends ForwardingFileSystem { ...@@ -247,13 +249,13 @@ public class PseudoFs extends ForwardingFileSystem {
@Override @Override
public Inode mkdir(Inode parent, String path, Subject subject, int mode) throws IOException { public Inode mkdir(Inode parent, String path, Subject subject, int mode) throws IOException {
Subject effectiveSubject = checkAccess(parent, ACE4_ADD_SUBDIRECTORY); Subject effectiveSubject = checkAccess(parent, ACE4_ADD_SUBDIRECTORY);
if (subject != null && Subjects.isRoot(effectiveSubject)) { if (subject != null && isRootSubject(effectiveSubject)) {
effectiveSubject = subject; effectiveSubject = subject;
} }
if (inheritUidGid(parent)) { if (inheritUidGid(parent)) {
Stat s = _inner.getattr(parent); Stat s = _inner.getattr(parent);
effectiveSubject = Subjects.of(s.getUid(), s.getGid()); effectiveSubject = toSubject(s.getUid(), s.getGid());
} }
return pushExportIndex(parent, _inner.mkdir(parent, path, effectiveSubject, mode)); return pushExportIndex(parent, _inner.mkdir(parent, path, effectiveSubject, mode));
} }
...@@ -318,7 +320,7 @@ public class PseudoFs extends ForwardingFileSystem { ...@@ -318,7 +320,7 @@ public class PseudoFs extends ForwardingFileSystem {
Subject effectiveSubject = checkAccess(parent, ACE4_ADD_FILE); Subject effectiveSubject = checkAccess(parent, ACE4_ADD_FILE);
if (inheritUidGid(parent)) { if (inheritUidGid(parent)) {
Stat s = _inner.getattr(parent); Stat s = _inner.getattr(parent);
effectiveSubject = Subjects.of(s.getUid(), s.getGid()); effectiveSubject = toSubject(s.getUid(), s.getGid());
} }
return pushExportIndex(parent, _inner.symlink(parent, path, link, effectiveSubject, mode)); return pushExportIndex(parent, _inner.symlink(parent, path, link, effectiveSubject, mode));
} }
...@@ -460,8 +462,8 @@ public class PseudoFs extends ForwardingFileSystem { ...@@ -460,8 +462,8 @@ public class PseudoFs extends ForwardingFileSystem {
return effectiveSubject; return effectiveSubject;
} }
if (Subjects.isNobody(_subject) || export.hasAllSquash() || (!export.isTrusted() && Subjects.isRoot(_subject))) { if (isNobodySubject(_subject) || export.hasAllSquash() || (!export.isTrusted() && isRootSubject(_subject))) {
effectiveSubject = Subjects.of(export.getAnonUid(), export.getAnonGid()); effectiveSubject = toSubject(export.getAnonUid(), export.getAnonGid());
} }
if (export.checkAcls()) { if (export.checkAcls()) {
...@@ -508,12 +510,12 @@ public class PseudoFs extends ForwardingFileSystem { ...@@ -508,12 +510,12 @@ public class PseudoFs extends ForwardingFileSystem {
boolean isDir = (mode & Stat.S_IFDIR) == Stat.S_IFDIR; boolean isDir = (mode & Stat.S_IFDIR) == Stat.S_IFDIR;
int fromUnixMask; int fromUnixMask;
if (Subjects.isRoot(subject)) { if (isRootSubject(subject)) {
fromUnixMask = Acls.toAccessMask(Acls.RBIT | Acls.WBIT | Acls.XBIT, isDir, true); fromUnixMask = Acls.toAccessMask(Acls.RBIT | Acls.WBIT | Acls.XBIT, isDir, true);
fromUnixMask |= ACE4_WRITE_OWNER; fromUnixMask |= ACE4_WRITE_OWNER;
} else if (Subjects.hasUid(subject, stat.getUid())) { } else if (hasUid(subject, stat.getUid())) {
fromUnixMask = Acls.toAccessMask(mode >> BIT_MASK_OWNER_OFFSET, isDir, true); fromUnixMask = Acls.toAccessMask(mode >> BIT_MASK_OWNER_OFFSET, isDir, true);
} else if (Subjects.hasGid(subject, stat.getGid())) { } else if (hasGid(subject, stat.getGid())) {
fromUnixMask = Acls.toAccessMask(mode >> BIT_MASK_GROUP_OFFSET, isDir, false); fromUnixMask = Acls.toAccessMask(mode >> BIT_MASK_GROUP_OFFSET, isDir, false);
} else { } else {
fromUnixMask = Acls.toAccessMask(mode >> BIT_MASK_OTHER_OFFSET, isDir, false); fromUnixMask = Acls.toAccessMask(mode >> BIT_MASK_OTHER_OFFSET, isDir, false);
......
package org.dcache.nfs.util;
import com.sun.security.auth.UnixNumericGroupPrincipal;
import com.sun.security.auth.UnixNumericUserPrincipal;
import org.junit.Test;
import javax.security.auth.Subject;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.LongStream;
import static org.hamcrest.MatcherAssert.*;
import static org.hamcrest.Matchers.*;
import static org.dcache.nfs.util.UnixSubjects.*;
public class UnixSubjectsTest {
@Test
public void shouldBeRootIfSubjectHasUidZero() {
Subject subject = toSubject(0, 0);
assertThat(isRootSubject(subject), is(true));
}
@Test
public void shouldNotBeRootIfSubjectHasUidZero() {
Subject subject = toSubject(1, 1);
assertThat(isRootSubject(subject), is(false));
}
@Test
public void shouldBeNobodyIfNoUid() {
Subject subject = new Subject(false,
Set.of(new UnixNumericGroupPrincipal(1, true)),
Set.of(),
Set.of());
assertThat(isNobodySubject(subject), is(true));
}
@Test
public void shouldContainDesiredUid() {
Subject subject = toSubject(1, 2, 4, 5);
assertThat(hasUid(subject, 1), is(true));
}
@Test
public void shouldContainDesiredGid() {
Subject subject = toSubject(1, 2, 4, 5);
assertThat(hasGid(subject, 2), is(true));
assertThat(hasGid(subject, 4), is(true));
assertThat(hasGid(subject, 5), is(true));
}
@Test
public void shouldNotContainOtherGid() {
Subject subject = toSubject(1, 2, 4, 5);
assertThat(hasGid(subject, 7), is(false));
}
@Test
public void shouldNotContainOtherUid() {
Subject subject = toSubject(1, 2, 4, 5);
assertThat(hasUid(subject, 7), is(false));
}
@Test
public void shouldBuildSubjectWithProvidedUidAndGid() {
Subject subject = toSubject(1, 2);
assertThat(subject.getPrincipals(), hasItem(new UnixNumericUserPrincipal(1)));
assertThat(subject.getPrincipals(), hasItem(new UnixNumericGroupPrincipal(2, true)));
}
@Test
public void shouldBuildSubjectWithProvidedUidAndGids() {
Subject subject = toSubject(1, 2, 4, 5);
assertThat(subject.getPrincipals(), hasItem(new UnixNumericUserPrincipal(1)));
assertThat(subject.getPrincipals(), hasItem(new UnixNumericGroupPrincipal(2, true)));
assertThat(subject.getPrincipals(), hasItem(new UnixNumericGroupPrincipal(4, false)));
assertThat(subject.getPrincipals(), hasItem(new UnixNumericGroupPrincipal(5, false)));
}
@Test
public void shouldReturnUid() {
Subject subject = toSubject(1, 2, 4, 5);
assertThat(getUid(subject), is(1L));
}
@Test
public void shouldReturnPrimaryGroup() {
Subject subject = toSubject(1, 2, 4, 5);
assertThat(getPrimaryGid(subject), is(2L));
}
@Test
public void shouldReturnSecondaryGroups() {
Subject subject = toSubject(1, 2, 4, 5);
// hamcrest can't work with primitive arrays.
Set<Long> gids = LongStream.of(getSecondaryGids(subject))
.mapToObj(Long::valueOf)
.collect(Collectors.toSet());
assertThat(gids, hasSize(2));
assertThat(gids, containsInAnyOrder(4L, 5L));
}
}
\ No newline at end of file
...@@ -3,7 +3,6 @@ package org.dcache.nfs.v4; ...@@ -3,7 +3,6 @@ package org.dcache.nfs.v4;
import java.io.IOException; import java.io.IOException;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.util.OptionalLong; import java.util.OptionalLong;
import org.dcache.auth.Subjects;
import org.dcache.nfs.status.BadLayoutException; import org.dcache.nfs.status.BadLayoutException;
import org.dcache.nfs.status.GraceException; import org.dcache.nfs.status.GraceException;
import org.dcache.nfs.v4.xdr.nfs_fh4; import org.dcache.nfs.v4.xdr.nfs_fh4;
...@@ -29,6 +28,9 @@ import org.dcache.nfs.vfs.DirectoryEntry; ...@@ -29,6 +28,9 @@ import org.dcache.nfs.vfs.DirectoryEntry;
import org.dcache.nfs.vfs.DirectoryStream; import org.dcache.nfs.vfs.DirectoryStream;
import org.dcache.nfs.vfs.DummyVFS; import org.dcache.nfs.vfs.DummyVFS;
import org.dcache.nfs.vfs.Stat; import org.dcache.nfs.vfs.Stat;
import javax.security.auth.Subject;
import static org.mockito.Mockito.mock; import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when; import static org.mockito.Mockito.when;
...@@ -87,7 +89,7 @@ public class OperationOPENTest { ...@@ -87,7 +89,7 @@ public class OperationOPENTest {
.withCall(generateRpcCall()) .withCall(generateRpcCall())
.build(); .build();
Inode inode = vfs.create(fsRoot, Stat.Type.REGULAR, "file", Subjects.ROOT, 0644); Inode inode = vfs.create(fsRoot, Stat.Type.REGULAR, "file", new Subject(), 0644);
COMPOUND4res res = execute(context, openArgs); COMPOUND4res res = execute(context, openArgs);
assertEquals("wrong file handle", inode, new Inode(res.resarray.get(3).opgetfh.resok4.object.value)); assertEquals("wrong file handle", inode, new Inode(res.resarray.get(3).opgetfh.resok4.object.value));
......
...@@ -22,6 +22,8 @@ package org.dcache.nfs.vfs; ...@@ -22,6 +22,8 @@ package org.dcache.nfs.vfs;
import com.google.common.jimfs.Configuration; import com.google.common.jimfs.Configuration;
import com.google.common.jimfs.Jimfs; import com.google.common.jimfs.Jimfs;
import com.google.common.primitives.Longs; import com.google.common.primitives.Longs;
import com.sun.security.auth.UnixNumericGroupPrincipal;
import com.sun.security.auth.UnixNumericUserPrincipal;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
...@@ -65,8 +67,6 @@ import java.util.concurrent.ConcurrentHashMap; ...@@ -65,8 +67,6 @@ import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap; import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.atomic.AtomicLong; import java.util.concurrent.atomic.AtomicLong;
import org.dcache.auth.GidPrincipal;
import org.dcache.auth.UidPrincipal;
import org.dcache.nfs.status.NotSuppException; import org.dcache.nfs.status.NotSuppException;
import org.dcache.nfs.status.PermException; import org.dcache.nfs.status.PermException;
import org.dcache.nfs.status.ServerFaultException;