View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  
19  package org.apache.hadoop.hbase.security.access;
20  
21  import java.io.ByteArrayInputStream;
22  import java.io.DataInput;
23  import java.io.DataInputStream;
24  import java.io.IOException;
25  import java.util.ArrayList;
26  import java.util.Arrays;
27  import java.util.Iterator;
28  import java.util.List;
29  import java.util.Map;
30  import java.util.Set;
31  import java.util.TreeMap;
32  import java.util.TreeSet;
33  
34  import org.apache.commons.logging.Log;
35  import org.apache.commons.logging.LogFactory;
36  import org.apache.hadoop.hbase.classification.InterfaceAudience;
37  import org.apache.hadoop.conf.Configuration;
38  import org.apache.hadoop.hbase.Cell;
39  import org.apache.hadoop.hbase.CellUtil;
40  import org.apache.hadoop.hbase.HColumnDescriptor;
41  import org.apache.hadoop.hbase.HConstants;
42  import org.apache.hadoop.hbase.HTableDescriptor;
43  import org.apache.hadoop.hbase.NamespaceDescriptor;
44  import org.apache.hadoop.hbase.TableName;
45  import org.apache.hadoop.hbase.Tag;
46  import org.apache.hadoop.hbase.TagType;
47  import org.apache.hadoop.hbase.client.Delete;
48  import org.apache.hadoop.hbase.client.Get;
49  import org.apache.hadoop.hbase.client.HTable;
50  import org.apache.hadoop.hbase.client.Put;
51  import org.apache.hadoop.hbase.client.Result;
52  import org.apache.hadoop.hbase.client.ResultScanner;
53  import org.apache.hadoop.hbase.client.Scan;
54  import org.apache.hadoop.hbase.exceptions.DeserializationException;
55  import org.apache.hadoop.hbase.filter.CompareFilter.CompareOp;
56  import org.apache.hadoop.hbase.filter.QualifierFilter;
57  import org.apache.hadoop.hbase.filter.RegexStringComparator;
58  import org.apache.hadoop.hbase.master.MasterServices;
59  import org.apache.hadoop.hbase.protobuf.ProtobufUtil;
60  import org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos;
61  import org.apache.hadoop.hbase.regionserver.BloomType;
62  import org.apache.hadoop.hbase.regionserver.HRegion;
63  import org.apache.hadoop.hbase.regionserver.InternalScanner;
64  import org.apache.hadoop.hbase.security.User;
65  import org.apache.hadoop.hbase.util.Bytes;
66  import org.apache.hadoop.hbase.util.Pair;
67  import org.apache.hadoop.io.Text;
68  
69  import com.google.common.collect.ArrayListMultimap;
70  import com.google.common.collect.ListMultimap;
71  import com.google.common.collect.Lists;
72  import com.google.protobuf.InvalidProtocolBufferException;
73  
74  /**
75   * Maintains lists of permission grants to users and groups to allow for
76   * authorization checks by {@link AccessController}.
77   *
78   * <p>
79   * Access control lists are stored in an "internal" metadata table named
80   * {@code _acl_}. Each table's permission grants are stored as a separate row,
81   * keyed by the table name. KeyValues for permissions assignments are stored
82   * in one of the formats:
83   * <pre>
84   * Key                      Desc
85   * --------                 --------
86   * user                     table level permissions for a user [R=read, W=write]
87   * group                    table level permissions for a group
88   * user,family              column family level permissions for a user
89   * group,family             column family level permissions for a group
90   * user,family,qualifier    column qualifier level permissions for a user
91   * group,family,qualifier   column qualifier level permissions for a group
92   * </pre>
93   * All values are encoded as byte arrays containing the codes from the
94   * org.apache.hadoop.hbase.security.access.TablePermission.Action enum.
95   * </p>
96   */
97  @InterfaceAudience.Private
98  public class AccessControlLists {
99    /** Internal storage table for access control lists */
100   public static final TableName ACL_TABLE_NAME =
101       TableName.valueOf(NamespaceDescriptor.SYSTEM_NAMESPACE_NAME_STR, "acl");
102   public static final byte[] ACL_GLOBAL_NAME = ACL_TABLE_NAME.getName();
103   /** Column family used to store ACL grants */
104   public static final String ACL_LIST_FAMILY_STR = "l";
105   public static final byte[] ACL_LIST_FAMILY = Bytes.toBytes(ACL_LIST_FAMILY_STR);
106   /** KV tag to store per cell access control lists */
107   public static final byte ACL_TAG_TYPE = TagType.ACL_TAG_TYPE;
108 
109   public static final char NAMESPACE_PREFIX = '@';
110 
111   /**
112    * Delimiter to separate user, column family, and qualifier in
113    * _acl_ table info: column keys */
114   public static final char ACL_KEY_DELIMITER = ',';
115   /** Prefix character to denote group names */
116   public static final String GROUP_PREFIX = "@";
117   /** Configuration key for superusers */
118   public static final String SUPERUSER_CONF_KEY = "hbase.superuser";
119 
120   private static Log LOG = LogFactory.getLog(AccessControlLists.class);
121 
122   /**
123    * Create the ACL table
124    * @param master
125    * @throws IOException
126    */
127   static void createACLTable(MasterServices master) throws IOException {
128     HTableDescriptor desc = new HTableDescriptor(ACL_TABLE_NAME);
129     desc.addFamily(new HColumnDescriptor(ACL_LIST_FAMILY)
130       .setMaxVersions(1)
131       .setInMemory(true)
132       .setBlockCacheEnabled(true)
133       .setBlocksize(8 * 1024)
134       .setBloomFilterType(BloomType.NONE)
135       .setScope(HConstants.REPLICATION_SCOPE_LOCAL));
136     master.createTable(desc, null);
137   }
138 
139   /**
140    * Stores a new user permission grant in the access control lists table.
141    * @param conf the configuration
142    * @param userPerm the details of the permission to be granted
143    * @throws IOException in the case of an error accessing the metadata table
144    */
145   static void addUserPermission(Configuration conf, UserPermission userPerm)
146       throws IOException {
147     Permission.Action[] actions = userPerm.getActions();
148     byte[] rowKey = userPermissionRowKey(userPerm);
149     Put p = new Put(rowKey);
150     byte[] key = userPermissionKey(userPerm);
151 
152     if ((actions == null) || (actions.length == 0)) {
153       String msg = "No actions associated with user '" + Bytes.toString(userPerm.getUser()) + "'";
154       LOG.warn(msg);
155       throw new IOException(msg);
156     }
157 
158     byte[] value = new byte[actions.length];
159     for (int i = 0; i < actions.length; i++) {
160       value[i] = actions[i].code();
161     }
162     p.addImmutable(ACL_LIST_FAMILY, key, value);
163     if (LOG.isDebugEnabled()) {
164       LOG.debug("Writing permission with rowKey "+
165           Bytes.toString(rowKey)+" "+
166           Bytes.toString(key)+": "+Bytes.toStringBinary(value)
167       );
168     }
169     HTable acls = null;
170     try {
171       acls = new HTable(conf, ACL_TABLE_NAME);
172       acls.put(p);
173     } finally {
174       if (acls != null) acls.close();
175     }
176   }
177 
178   /**
179    * Removes a previously granted permission from the stored access control
180    * lists.  The {@link TablePermission} being removed must exactly match what
181    * is stored -- no wildcard matching is attempted.  Ie, if user "bob" has
182    * been granted "READ" access to the "data" table, but only to column family
183    * plus qualifier "info:colA", then trying to call this method with only
184    * user "bob" and the table name "data" (but without specifying the
185    * column qualifier "info:colA") will have no effect.
186    *
187    * @param conf the configuration
188    * @param userPerm the details of the permission to be revoked
189    * @throws IOException if there is an error accessing the metadata table
190    */
191   static void removeUserPermission(Configuration conf, UserPermission userPerm)
192       throws IOException {
193     Delete d = new Delete(userPermissionRowKey(userPerm));
194     byte[] key = userPermissionKey(userPerm);
195 
196     if (LOG.isDebugEnabled()) {
197       LOG.debug("Removing permission "+ userPerm.toString());
198     }
199     d.deleteColumns(ACL_LIST_FAMILY, key);
200     HTable acls = null;
201     try {
202       acls = new HTable(conf, ACL_TABLE_NAME);
203       acls.delete(d);
204     } finally {
205       if (acls != null) acls.close();
206     }
207   }
208 
209   /**
210    * Remove specified table from the _acl_ table.
211    */
212   static void removeTablePermissions(Configuration conf, TableName tableName)
213       throws IOException{
214     Delete d = new Delete(tableName.getName());
215 
216     if (LOG.isDebugEnabled()) {
217       LOG.debug("Removing permissions of removed table "+ tableName);
218     }
219 
220     HTable acls = null;
221     try {
222       acls = new HTable(conf, ACL_TABLE_NAME);
223       acls.delete(d);
224     } finally {
225       if (acls != null) acls.close();
226     }
227   }
228 
229   /**
230    * Remove specified namespace from the acl table.
231    */
232   static void removeNamespacePermissions(Configuration conf, String namespace)
233       throws IOException{
234     Delete d = new Delete(Bytes.toBytes(toNamespaceEntry(namespace)));
235 
236     if (LOG.isDebugEnabled()) {
237       LOG.debug("Removing permissions of removed namespace "+ namespace);
238     }
239 
240     HTable acls = null;
241     try {
242       acls = new HTable(conf, ACL_TABLE_NAME);
243       acls.delete(d);
244     } finally {
245       if (acls != null) acls.close();
246     }
247   }
248 
249   /**
250    * Remove specified table column from the acl table.
251    */
252   static void removeTablePermissions(Configuration conf, TableName tableName, byte[] column)
253       throws IOException{
254 
255     if (LOG.isDebugEnabled()) {
256       LOG.debug("Removing permissions of removed column " + Bytes.toString(column) +
257                 " from table "+ tableName);
258     }
259 
260     HTable acls = null;
261     try {
262       acls = new HTable(conf, ACL_TABLE_NAME);
263 
264       Scan scan = new Scan();
265       scan.addFamily(ACL_LIST_FAMILY);
266 
267       String columnName = Bytes.toString(column);
268       scan.setFilter(new QualifierFilter(CompareOp.EQUAL, new RegexStringComparator(
269                      String.format("(%s%s%s)|(%s%s)$",
270                      ACL_KEY_DELIMITER, columnName, ACL_KEY_DELIMITER,
271                      ACL_KEY_DELIMITER, columnName))));
272 
273       Set<byte[]> qualifierSet = new TreeSet<byte[]>(Bytes.BYTES_COMPARATOR);
274       ResultScanner scanner = acls.getScanner(scan);
275       try {
276         for (Result res : scanner) {
277           for (byte[] q : res.getFamilyMap(ACL_LIST_FAMILY).navigableKeySet()) {
278             qualifierSet.add(q);
279           }
280         }
281       } finally {
282         scanner.close();
283       }
284 
285       if (qualifierSet.size() > 0) {
286         Delete d = new Delete(tableName.getName());
287         for (byte[] qualifier : qualifierSet) {
288           d.deleteColumns(ACL_LIST_FAMILY, qualifier);
289         }
290         acls.delete(d);
291       }
292     } finally {
293       if (acls != null) acls.close();
294     }
295   }
296 
297   static byte[] userPermissionRowKey(UserPermission userPerm) {
298     byte[] row;
299     if(userPerm.hasNamespace()) {
300       row = Bytes.toBytes(toNamespaceEntry(userPerm.getNamespace()));
301     } else if(userPerm.isGlobal()) {
302       row = ACL_GLOBAL_NAME;
303     } else {
304       row = userPerm.getTableName().getName();
305     }
306     return row;
307   }
308 
309   /**
310    * Build qualifier key from user permission:
311    *  username
312    *  username,family
313    *  username,family,qualifier
314    */
315   static byte[] userPermissionKey(UserPermission userPerm) {
316     byte[] qualifier = userPerm.getQualifier();
317     byte[] family = userPerm.getFamily();
318     byte[] key = userPerm.getUser();
319 
320     if (family != null && family.length > 0) {
321       key = Bytes.add(key, Bytes.add(new byte[]{ACL_KEY_DELIMITER}, family));
322       if (qualifier != null && qualifier.length > 0) {
323         key = Bytes.add(key, Bytes.add(new byte[]{ACL_KEY_DELIMITER}, qualifier));
324       }
325     }
326 
327     return key;
328   }
329 
330   /**
331    * Returns {@code true} if the given region is part of the {@code _acl_}
332    * metadata table.
333    */
334   static boolean isAclRegion(HRegion region) {
335     return ACL_TABLE_NAME.equals(region.getTableDesc().getTableName());
336   }
337 
338   /**
339    * Returns {@code true} if the given table is {@code _acl_} metadata table.
340    */
341   static boolean isAclTable(HTableDescriptor desc) {
342     return ACL_TABLE_NAME.equals(desc.getTableName());
343   }
344 
345   /**
346    * Loads all of the permission grants stored in a region of the {@code _acl_}
347    * table.
348    *
349    * @param aclRegion
350    * @return a map of the permissions for this table.
351    * @throws IOException
352    */
353   static Map<byte[], ListMultimap<String,TablePermission>> loadAll(
354       HRegion aclRegion)
355     throws IOException {
356 
357     if (!isAclRegion(aclRegion)) {
358       throw new IOException("Can only load permissions from "+ACL_TABLE_NAME);
359     }
360 
361     Map<byte[], ListMultimap<String, TablePermission>> allPerms =
362         new TreeMap<byte[], ListMultimap<String, TablePermission>>(Bytes.BYTES_RAWCOMPARATOR);
363 
364     // do a full scan of _acl_ table
365 
366     Scan scan = new Scan();
367     scan.addFamily(ACL_LIST_FAMILY);
368 
369     InternalScanner iScanner = null;
370     try {
371       iScanner = aclRegion.getScanner(scan);
372 
373       while (true) {
374         List<Cell> row = new ArrayList<Cell>();
375 
376         boolean hasNext = iScanner.next(row);
377         ListMultimap<String,TablePermission> perms = ArrayListMultimap.create();
378         byte[] entry = null;
379         for (Cell kv : row) {
380           if (entry == null) {
381             entry = CellUtil.cloneRow(kv);
382           }
383           Pair<String,TablePermission> permissionsOfUserOnTable =
384               parsePermissionRecord(entry, kv);
385           if (permissionsOfUserOnTable != null) {
386             String username = permissionsOfUserOnTable.getFirst();
387             TablePermission permissions = permissionsOfUserOnTable.getSecond();
388             perms.put(username, permissions);
389           }
390         }
391         if (entry != null) {
392           allPerms.put(entry, perms);
393         }
394         if (!hasNext) {
395           break;
396         }
397       }
398     } finally {
399       if (iScanner != null) {
400         iScanner.close();
401       }
402     }
403 
404     return allPerms;
405   }
406 
407   /**
408    * Load all permissions from the region server holding {@code _acl_},
409    * primarily intended for testing purposes.
410    */
411   static Map<byte[], ListMultimap<String,TablePermission>> loadAll(
412       Configuration conf) throws IOException {
413     Map<byte[], ListMultimap<String,TablePermission>> allPerms =
414         new TreeMap<byte[], ListMultimap<String,TablePermission>>(Bytes.BYTES_RAWCOMPARATOR);
415 
416     // do a full scan of _acl_, filtering on only first table region rows
417 
418     Scan scan = new Scan();
419     scan.addFamily(ACL_LIST_FAMILY);
420 
421     HTable acls = null;
422     ResultScanner scanner = null;
423     try {
424       acls = new HTable(conf, ACL_TABLE_NAME);
425       scanner = acls.getScanner(scan);
426       for (Result row : scanner) {
427         ListMultimap<String,TablePermission> resultPerms =
428             parsePermissions(row.getRow(), row);
429         allPerms.put(row.getRow(), resultPerms);
430       }
431     } finally {
432       if (scanner != null) scanner.close();
433       if (acls != null) acls.close();
434     }
435 
436     return allPerms;
437   }
438 
439   static ListMultimap<String, TablePermission> getTablePermissions(Configuration conf,
440         TableName tableName) throws IOException {
441     return getPermissions(conf, tableName != null ? tableName.getName() : null);
442   }
443 
444   static ListMultimap<String, TablePermission> getNamespacePermissions(Configuration conf,
445         String namespace) throws IOException {
446     return getPermissions(conf, Bytes.toBytes(toNamespaceEntry(namespace)));
447   }
448 
449   /**
450    * Reads user permission assignments stored in the <code>l:</code> column
451    * family of the first table row in <code>_acl_</code>.
452    *
453    * <p>
454    * See {@link AccessControlLists class documentation} for the key structure
455    * used for storage.
456    * </p>
457    */
458   static ListMultimap<String, TablePermission> getPermissions(Configuration conf,
459       byte[] entryName) throws IOException {
460     if (entryName == null) entryName = ACL_GLOBAL_NAME;
461 
462     // for normal user tables, we just read the table row from _acl_
463     ListMultimap<String, TablePermission> perms = ArrayListMultimap.create();
464     HTable acls = null;
465     try {
466       acls = new HTable(conf, ACL_TABLE_NAME);
467       Get get = new Get(entryName);
468       get.addFamily(ACL_LIST_FAMILY);
469       Result row = acls.get(get);
470       if (!row.isEmpty()) {
471         perms = parsePermissions(entryName, row);
472       } else {
473         LOG.info("No permissions found in " + ACL_TABLE_NAME + " for acl entry "
474             + Bytes.toString(entryName));
475       }
476     } finally {
477       if (acls != null) acls.close();
478     }
479 
480     return perms;
481   }
482 
483   /**
484    * Returns the currently granted permissions for a given table as a list of
485    * user plus associated permissions.
486    */
487   static List<UserPermission> getUserTablePermissions(
488       Configuration conf, TableName tableName) throws IOException {
489     return getUserPermissions(conf, tableName == null ? null : tableName.getName());
490   }
491 
492   static List<UserPermission> getUserNamespacePermissions(
493       Configuration conf, String namespace) throws IOException {
494     return getUserPermissions(conf, Bytes.toBytes(toNamespaceEntry(namespace)));
495   }
496 
497   static List<UserPermission> getUserPermissions(
498       Configuration conf, byte[] entryName)
499   throws IOException {
500     ListMultimap<String,TablePermission> allPerms = getPermissions(
501       conf, entryName);
502 
503     List<UserPermission> perms = new ArrayList<UserPermission>();
504 
505     for (Map.Entry<String, TablePermission> entry : allPerms.entries()) {
506       UserPermission up = new UserPermission(Bytes.toBytes(entry.getKey()),
507           entry.getValue().getTableName(), entry.getValue().getFamily(),
508           entry.getValue().getQualifier(), entry.getValue().getActions());
509       perms.add(up);
510     }
511     return perms;
512   }
513 
514   private static ListMultimap<String, TablePermission> parsePermissions(
515       byte[] entryName, Result result) {
516     ListMultimap<String, TablePermission> perms = ArrayListMultimap.create();
517     if (result != null && result.size() > 0) {
518       for (Cell kv : result.rawCells()) {
519 
520         Pair<String,TablePermission> permissionsOfUserOnTable =
521             parsePermissionRecord(entryName, kv);
522 
523         if (permissionsOfUserOnTable != null) {
524           String username = permissionsOfUserOnTable.getFirst();
525           TablePermission permissions = permissionsOfUserOnTable.getSecond();
526           perms.put(username, permissions);
527         }
528       }
529     }
530     return perms;
531   }
532 
533   private static Pair<String, TablePermission> parsePermissionRecord(
534       byte[] entryName, Cell kv) {
535     // return X given a set of permissions encoded in the permissionRecord kv.
536     byte[] family = CellUtil.cloneFamily(kv);
537 
538     if (!Bytes.equals(family, ACL_LIST_FAMILY)) {
539       return null;
540     }
541 
542     byte[] key = CellUtil.cloneQualifier(kv);
543     byte[] value = CellUtil.cloneValue(kv);
544     if (LOG.isDebugEnabled()) {
545       LOG.debug("Read acl: kv ["+
546                 Bytes.toStringBinary(key)+": "+
547                 Bytes.toStringBinary(value)+"]");
548     }
549 
550     // check for a column family appended to the key
551     // TODO: avoid the string conversion to make this more efficient
552     String username = Bytes.toString(key);
553 
554     //Handle namespace entry
555     if(isNamespaceEntry(entryName)) {
556       return new Pair<String, TablePermission>(username,
557           new TablePermission(Bytes.toString(fromNamespaceEntry(entryName)), value));
558     }
559 
560     //Handle table and global entry
561     //TODO global entry should be handled differently
562     int idx = username.indexOf(ACL_KEY_DELIMITER);
563     byte[] permFamily = null;
564     byte[] permQualifier = null;
565     if (idx > 0 && idx < username.length()-1) {
566       String remainder = username.substring(idx+1);
567       username = username.substring(0, idx);
568       idx = remainder.indexOf(ACL_KEY_DELIMITER);
569       if (idx > 0 && idx < remainder.length()-1) {
570         permFamily = Bytes.toBytes(remainder.substring(0, idx));
571         permQualifier = Bytes.toBytes(remainder.substring(idx+1));
572       } else {
573         permFamily = Bytes.toBytes(remainder);
574       }
575     }
576 
577     return new Pair<String,TablePermission>(username,
578         new TablePermission(TableName.valueOf(entryName), permFamily, permQualifier, value));
579   }
580 
581   /**
582    * Writes a set of permissions as {@link org.apache.hadoop.io.Writable} instances
583    * and returns the resulting byte array.
584    *
585    * Writes a set of permission [user: table permission]
586    */
587   public static byte[] writePermissionsAsBytes(ListMultimap<String, TablePermission> perms,
588       Configuration conf) {
589     return ProtobufUtil.prependPBMagic(ProtobufUtil.toUserTablePermissions(perms).toByteArray());
590   }
591 
592   /**
593    * Reads a set of permissions as {@link org.apache.hadoop.io.Writable} instances
594    * from the input stream.
595    */
596   public static ListMultimap<String, TablePermission> readPermissions(byte[] data,
597       Configuration conf)
598   throws DeserializationException {
599     if (ProtobufUtil.isPBMagicPrefix(data)) {
600       int pblen = ProtobufUtil.lengthOfPBMagic();
601       try {
602         AccessControlProtos.UsersAndPermissions perms =
603           AccessControlProtos.UsersAndPermissions.newBuilder().mergeFrom(
604             data, pblen, data.length - pblen).build();
605         return ProtobufUtil.toUserTablePermissions(perms);
606       } catch (InvalidProtocolBufferException e) {
607         throw new DeserializationException(e);
608       }
609     } else {
610       ListMultimap<String,TablePermission> perms = ArrayListMultimap.create();
611       try {
612         DataInput in = new DataInputStream(new ByteArrayInputStream(data));
613         int length = in.readInt();
614         for (int i=0; i<length; i++) {
615           String user = Text.readString(in);
616           List<TablePermission> userPerms =
617             (List)HbaseObjectWritableFor96Migration.readObject(in, conf);
618           perms.putAll(user, userPerms);
619         }
620       } catch (IOException e) {
621         throw new DeserializationException(e);
622       }
623       return perms;
624     }
625   }
626 
627   /**
628    * Returns whether or not the given name should be interpreted as a group
629    * principal.  Currently this simply checks if the name starts with the
630    * special group prefix character ("@").
631    */
632   public static boolean isGroupPrincipal(String name) {
633     return name != null && name.startsWith(GROUP_PREFIX);
634   }
635 
636   /**
637    * Returns the actual name for a group principal (stripped of the
638    * group prefix).
639    */
640   public static String getGroupName(String aclKey) {
641     if (!isGroupPrincipal(aclKey)) {
642       return aclKey;
643     }
644 
645     return aclKey.substring(GROUP_PREFIX.length());
646   }
647 
648   /**
649    * Returns the group entry with the group prefix for a group principal.
650    */
651   public static String toGroupEntry(String name) {
652     return GROUP_PREFIX + name;
653   }
654 
655   public static boolean isNamespaceEntry(String entryName) {
656     return entryName.charAt(0) == NAMESPACE_PREFIX;
657   }
658 
659   public static boolean isNamespaceEntry(byte[] entryName) {
660     return entryName[0] == NAMESPACE_PREFIX;
661   }
662 
663   public static String toNamespaceEntry(String namespace) {
664      return NAMESPACE_PREFIX + namespace;
665    }
666 
667    public static String fromNamespaceEntry(String namespace) {
668      if(namespace.charAt(0) != NAMESPACE_PREFIX)
669        throw new IllegalArgumentException("Argument is not a valid namespace entry");
670      return namespace.substring(1);
671    }
672 
673    public static byte[] toNamespaceEntry(byte[] namespace) {
674      byte[] ret = new byte[namespace.length+1];
675      ret[0] = NAMESPACE_PREFIX;
676      System.arraycopy(namespace, 0, ret, 1, namespace.length);
677      return ret;
678    }
679 
680    public static byte[] fromNamespaceEntry(byte[] namespace) {
681      if(namespace[0] != NAMESPACE_PREFIX) {
682        throw new IllegalArgumentException("Argument is not a valid namespace entry: " +
683            Bytes.toString(namespace));
684      }
685      return Arrays.copyOfRange(namespace, 1, namespace.length);
686    }
687 
688    public static List<Permission> getCellPermissionsForUser(User user, Cell cell)
689        throws IOException {
690      // Save an object allocation where we can
691      if (cell.getTagsLengthUnsigned() == 0) {
692        return null;
693      }
694      List<Permission> results = Lists.newArrayList();
695      Iterator<Tag> tagsIterator = CellUtil.tagsIterator(cell.getTagsArray(), cell.getTagsOffset(),
696         cell.getTagsLengthUnsigned());
697      while (tagsIterator.hasNext()) {
698        Tag tag = tagsIterator.next();
699        if (tag.getType() == ACL_TAG_TYPE) {
700          // Deserialize the table permissions from the KV
701          ListMultimap<String,Permission> kvPerms = ProtobufUtil.toUsersAndPermissions(
702            AccessControlProtos.UsersAndPermissions.newBuilder().mergeFrom(
703              tag.getBuffer(), tag.getTagOffset(), tag.getTagLength()).build());
704          // Are there permissions for this user?
705          List<Permission> userPerms = kvPerms.get(user.getShortName());
706          if (userPerms != null) {
707            results.addAll(userPerms);
708          }
709          // Are there permissions for any of the groups this user belongs to?
710          String groupNames[] = user.getGroupNames();
711          if (groupNames != null) {
712            for (String group : groupNames) {
713              List<Permission> groupPerms = kvPerms.get(GROUP_PREFIX + group);
714              if (results != null) {
715                results.addAll(groupPerms);
716              }
717            }
718          }
719        }
720      }
721      return results;
722    }
723 }