disallow user modification of System keyspace patch by Dave Brosius; reviewed by jbellis for CASSANDRA-3759
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/34161109 Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/34161109 Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/34161109 Branch: refs/heads/trunk Commit: 341611095a884f9222326af6207e838888b5764d Parents: 23026fd Author: Jonathan Ellis <[email protected]> Authored: Tue Jan 24 10:14:49 2012 -0600 Committer: Jonathan Ellis <[email protected]> Committed: Tue Jan 24 10:14:49 2012 -0600 ---------------------------------------------------------------------- CHANGES.txt | 1 + .../org/apache/cassandra/service/ClientState.java | 4 ++++ 2 files changed, 5 insertions(+), 0 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cassandra/blob/34161109/CHANGES.txt ---------------------------------------------------------------------- diff --git a/CHANGES.txt b/CHANGES.txt index 73a0f77..a105558 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,4 +1,5 @@ 1.0.8 + * disallow user modification of System keyspace (CASSANDRA-3738) * allow using sstable2json on secondary index data (CASSANDRA-3738) * (cqlsh) add DESCRIBE COLUMNFAMILIES (CASSANDRA-3586) * (cqlsh) format blobs correctly and use colors to improve output http://git-wip-us.apache.org/repos/asf/cassandra/blob/34161109/src/java/org/apache/cassandra/service/ClientState.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/service/ClientState.java b/src/java/org/apache/cassandra/service/ClientState.java index 5ecd02b..923c780 100644 --- a/src/java/org/apache/cassandra/service/ClientState.java +++ b/src/java/org/apache/cassandra/service/ClientState.java @@ -123,6 +123,10 @@ public class ClientState { validateLogin(); + // hardcode disallowing messing with system keyspace + if (keyspace.equalsIgnoreCase(Table.SYSTEM_TABLE) && perm == Permission.WRITE) + throw new InvalidRequestException("system keyspace is not user-modifiable"); + resourceClear(); Set<Permission> perms = DatabaseDescriptor.getAuthority().authorize(user, resource);
