Repository: hbase Updated Branches: refs/heads/master 379b86c5d -> eef6a4834
HBASE-16284 Unauthorized client can shutdown the cluster Project: http://git-wip-us.apache.org/repos/asf/hbase/repo Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/eef6a483 Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/eef6a483 Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/eef6a483 Branch: refs/heads/master Commit: eef6a4834a8780037513d8fbe024671400fd70b8 Parents: 379b86c Author: Deokwoo Han <ithen...@gmail.com> Authored: Fri Jul 29 11:07:51 2016 +0900 Committer: Jerry He <jerry...@apache.org> Committed: Tue Aug 2 11:21:31 2016 -0700 ---------------------------------------------------------------------- .../org/apache/hadoop/hbase/master/HMaster.java | 22 +++++++-------- .../hadoop/hbase/master/MasterRpcServices.java | 15 +++++++++-- .../hadoop/hbase/util/JVMClusterUtil.java | 15 ++++++++--- .../security/access/TestAccessController.java | 28 ++++++++++++++++++++ 4 files changed, 62 insertions(+), 18 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hbase/blob/eef6a483/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java index 5f5cc38..4e6952a 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java @@ -2176,7 +2176,11 @@ public class HMaster extends HRegionServer implements MasterServices { getLoadedCoprocessors()); } if (t != null) LOG.fatal(msg, t); - stopMaster(); + try { + stopMaster(); + } catch (IOException e) { + LOG.error("Exception occurred while stopping master", e); + } } @Override @@ -2218,13 +2222,9 @@ public class HMaster extends HRegionServer implements MasterServices { return rsFatals; } - public void shutdown() { + public void shutdown() throws IOException { if (cpHost != null) { - try { - cpHost.preShutdown(); - } catch (IOException ioe) { - LOG.error("Error call master coprocessor preShutdown()", ioe); - } + cpHost.preShutdown(); } if (this.serverManager != null) { @@ -2239,13 +2239,9 @@ public class HMaster extends HRegionServer implements MasterServices { } } - public void stopMaster() { + public void stopMaster() throws IOException { if (cpHost != null) { - try { - cpHost.preStopMaster(); - } catch (IOException ioe) { - LOG.error("Error call master coprocessor preStopMaster()", ioe); - } + cpHost.preStopMaster(); } stop("Stopped by " + Thread.currentThread().getName()); } http://git-wip-us.apache.org/repos/asf/hbase/blob/eef6a483/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java index 8974945..ad1a3ca 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java @@ -92,6 +92,7 @@ import org.apache.hadoop.hbase.protobuf.generated.RegionServerStatusProtos.Repor import org.apache.hadoop.hbase.protobuf.generated.RegionServerStatusProtos.ReportRegionStateTransitionRequest; import org.apache.hadoop.hbase.protobuf.generated.RegionServerStatusProtos.ReportRegionStateTransitionResponse; import org.apache.hadoop.hbase.regionserver.RSRpcServices; +import org.apache.hadoop.hbase.security.AccessDeniedException; import org.apache.hadoop.hbase.security.User; import org.apache.hadoop.hbase.security.access.AccessController; import org.apache.hadoop.hbase.security.visibility.VisibilityController; @@ -1204,7 +1205,12 @@ public class MasterRpcServices extends RSRpcServices public ShutdownResponse shutdown(RpcController controller, ShutdownRequest request) throws ServiceException { LOG.info(master.getClientIdAuditPrefix() + " shutdown"); - master.shutdown(); + try { + master.shutdown(); + } catch (IOException e) { + LOG.error("Exception occurred in HMaster.shutdown()", e); + throw new ServiceException(e); + } return ShutdownResponse.newBuilder().build(); } @@ -1241,7 +1247,12 @@ public class MasterRpcServices extends RSRpcServices public StopMasterResponse stopMaster(RpcController controller, StopMasterRequest request) throws ServiceException { LOG.info(master.getClientIdAuditPrefix() + " stop"); - master.stopMaster(); + try { + master.stopMaster(); + } catch (IOException e) { + LOG.error("Exception occurred while stopping master", e); + throw new ServiceException(e); + } return StopMasterResponse.newBuilder().build(); } http://git-wip-us.apache.org/repos/asf/hbase/blob/eef6a483/hbase-server/src/main/java/org/apache/hadoop/hbase/util/JVMClusterUtil.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/util/JVMClusterUtil.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/util/JVMClusterUtil.java index 25ed63c..79865bb 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/util/JVMClusterUtil.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/util/JVMClusterUtil.java @@ -249,14 +249,23 @@ public class JVMClusterUtil { JVMClusterUtil.MasterThread activeMaster = null; for (JVMClusterUtil.MasterThread t : masters) { if (!t.master.isActiveMaster()) { - t.master.stopMaster(); + try { + t.master.stopMaster(); + } catch (IOException e) { + LOG.error("Exception occurred while stopping master", e); + } } else { activeMaster = t; } } // Do active after. - if (activeMaster != null) - activeMaster.master.shutdown(); + if (activeMaster != null) { + try { + activeMaster.master.shutdown(); + } catch (IOException e) { + LOG.error("Exception occurred in HMaster.shutdown()", e); + } + } } boolean wasInterrupted = false; http://git-wip-us.apache.org/repos/asf/hbase/blob/eef6a483/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java index f58e24e..20ff85f 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java @@ -94,6 +94,7 @@ import org.apache.hadoop.hbase.io.hfile.HFileContext; import org.apache.hadoop.hbase.io.hfile.HFileContextBuilder; import org.apache.hadoop.hbase.ipc.protobuf.generated.TestProcedureProtos; import org.apache.hadoop.hbase.mapreduce.LoadIncrementalHFiles; +import org.apache.hadoop.hbase.master.HMaster; import org.apache.hadoop.hbase.master.MasterCoprocessorHost; import org.apache.hadoop.hbase.master.procedure.MasterProcedureEnv; import org.apache.hadoop.hbase.master.procedure.TableProcedureInterface; @@ -332,6 +333,33 @@ public class TestAccessController extends SecureTestUtil { } @Test (timeout=180000) + public void testUnauthorizedShutdown() throws Exception { + AccessTestAction action = new AccessTestAction() { + @Override public Object run() throws Exception { + HMaster master = TEST_UTIL.getHBaseCluster().getMaster(); + master.shutdown(); + return null; + } + }; + verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ, + USER_GROUP_WRITE, USER_GROUP_CREATE); + } + + @Test (timeout=180000) + public void testUnauthorizedStopMaster() throws Exception { + AccessTestAction action = new AccessTestAction() { + @Override public Object run() throws Exception { + HMaster master = TEST_UTIL.getHBaseCluster().getMaster(); + master.stopMaster(); + return null; + } + }; + + verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ, + USER_GROUP_WRITE, USER_GROUP_CREATE); + } + + @Test (timeout=180000) public void testSecurityCapabilities() throws Exception { List<SecurityCapability> capabilities = TEST_UTIL.getConnection().getAdmin() .getSecurityCapabilities();
