hbase git commit: HBASE-16284 Unauthorized client can shutdown the cluster

jerryjch Tue, 02 Aug 2016 11:38:36 -0700

Repository: hbase
Updated Branches:
  refs/heads/branch-1 dc56aa2d4 -> 1b5f8c712



HBASE-16284 Unauthorized client can shutdown the cluster


Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/1b5f8c71
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/1b5f8c71
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/1b5f8c71

Branch: refs/heads/branch-1
Commit: 1b5f8c7123da230a7f6d8611819fd39d122421e5
Parents: dc56aa2
Author: Deokwoo Han <ithen...@gmail.com>
Authored: Fri Jul 29 11:07:51 2016 +0900
Committer: Jerry He <jerry...@apache.org>
Committed: Tue Aug 2 11:37:56 2016 -0700

----------------------------------------------------------------------
 .../org/apache/hadoop/hbase/master/HMaster.java | 16 +++--------
 .../hadoop/hbase/master/MasterRpcServices.java  | 15 +++++++++--
 .../hadoop/hbase/util/JVMClusterUtil.java       | 15 ++++++++---
 .../security/access/TestAccessController.java   | 28 ++++++++++++++++++++
 4 files changed, 57 insertions(+), 17 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hbase/blob/1b5f8c71/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
----------------------------------------------------------------------
diff --git 
a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java 
b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
index 8dd1d25..dcbf1c8 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
@@ -2329,13 +2329,9 @@ public class HMaster extends HRegionServer implements 
MasterServices, Server {
     return rsFatals;
   }
 
-  public void shutdown() {
+  public void shutdown() throws IOException {
     if (cpHost != null) {
-      try {
-        cpHost.preShutdown();
-      } catch (IOException ioe) {
-        LOG.error("Error call master coprocessor preShutdown()", ioe);
-      }
+      cpHost.preShutdown();
     }
 
     if (this.serverManager != null) {
@@ -2350,13 +2346,9 @@ public class HMaster extends HRegionServer implements 
MasterServices, Server {
     }
   }
 
-  public void stopMaster() {
+  public void stopMaster() throws IOException {
     if (cpHost != null) {
-      try {
-        cpHost.preStopMaster();
-      } catch (IOException ioe) {
-        LOG.error("Error call master coprocessor preStopMaster()", ioe);
-      }
+      cpHost.preStopMaster();
     }
     stop("Stopped by " + Thread.currentThread().getName());
   }

http://git-wip-us.apache.org/repos/asf/hbase/blob/1b5f8c71/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java
----------------------------------------------------------------------
diff --git 
a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java
 
b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java
index 37b3816..341bf1b 100644
--- 
a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java
+++ 
b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java
@@ -181,6 +181,7 @@ import 
org.apache.hadoop.hbase.protobuf.generated.RegionServerStatusProtos.Repor
 import 
org.apache.hadoop.hbase.protobuf.generated.RegionServerStatusProtos.ReportRegionStateTransitionRequest;
 import 
org.apache.hadoop.hbase.protobuf.generated.RegionServerStatusProtos.ReportRegionStateTransitionResponse;
 import org.apache.hadoop.hbase.regionserver.RSRpcServices;
+import org.apache.hadoop.hbase.security.AccessDeniedException;
 import org.apache.hadoop.hbase.security.User;
 import org.apache.hadoop.hbase.security.access.AccessController;
 import org.apache.hadoop.hbase.security.visibility.VisibilityController;
@@ -1319,7 +1320,12 @@ public class MasterRpcServices extends RSRpcServices
   public ShutdownResponse shutdown(RpcController controller,
       ShutdownRequest request) throws ServiceException {
     LOG.info(master.getClientIdAuditPrefix() + " shutdown");
-    master.shutdown();
+    try {
+      master.shutdown();
+    } catch (IOException e) {
+      LOG.error("Exception occurred in HMaster.shutdown()", e);
+      throw new ServiceException(e);
+    }
     return ShutdownResponse.newBuilder().build();
   }
 
@@ -1356,7 +1362,12 @@ public class MasterRpcServices extends RSRpcServices
   public StopMasterResponse stopMaster(RpcController controller,
       StopMasterRequest request) throws ServiceException {
     LOG.info(master.getClientIdAuditPrefix() + " stop");
-    master.stopMaster();
+    try {
+      master.stopMaster();
+    } catch (IOException e) {
+      LOG.error("Exception occurred while stopping master", e);
+      throw new ServiceException(e);
+    }
     return StopMasterResponse.newBuilder().build();
   }
 

http://git-wip-us.apache.org/repos/asf/hbase/blob/1b5f8c71/hbase-server/src/main/java/org/apache/hadoop/hbase/util/JVMClusterUtil.java
----------------------------------------------------------------------
diff --git 
a/hbase-server/src/main/java/org/apache/hadoop/hbase/util/JVMClusterUtil.java 
b/hbase-server/src/main/java/org/apache/hadoop/hbase/util/JVMClusterUtil.java
index 25ed63c..79865bb 100644
--- 
a/hbase-server/src/main/java/org/apache/hadoop/hbase/util/JVMClusterUtil.java
+++ 
b/hbase-server/src/main/java/org/apache/hadoop/hbase/util/JVMClusterUtil.java
@@ -249,14 +249,23 @@ public class JVMClusterUtil {
       JVMClusterUtil.MasterThread activeMaster = null;
       for (JVMClusterUtil.MasterThread t : masters) {
         if (!t.master.isActiveMaster()) {
-          t.master.stopMaster();
+          try {
+            t.master.stopMaster();
+          } catch (IOException e) {
+            LOG.error("Exception occurred while stopping master", e);
+          }
         } else {
           activeMaster = t;
         }
       }
       // Do active after.
-      if (activeMaster != null)
-        activeMaster.master.shutdown();
+      if (activeMaster != null) {
+        try {
+          activeMaster.master.shutdown();
+        } catch (IOException e) {
+          LOG.error("Exception occurred in HMaster.shutdown()", e);
+        }
+      }
 
     }
     boolean wasInterrupted = false;

http://git-wip-us.apache.org/repos/asf/hbase/blob/1b5f8c71/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
----------------------------------------------------------------------
diff --git 
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
 
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
index dd554a1..2e77c78 100644
--- 
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
+++ 
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
@@ -98,6 +98,7 @@ import org.apache.hadoop.hbase.io.hfile.HFileContext;
 import org.apache.hadoop.hbase.io.hfile.HFileContextBuilder;
 import org.apache.hadoop.hbase.ipc.protobuf.generated.TestProcedureProtos;
 import org.apache.hadoop.hbase.mapreduce.LoadIncrementalHFiles;
+import org.apache.hadoop.hbase.master.HMaster;
 import org.apache.hadoop.hbase.master.MasterCoprocessorHost;
 import org.apache.hadoop.hbase.master.procedure.MasterProcedureEnv;
 import org.apache.hadoop.hbase.master.procedure.TableProcedureInterface;
@@ -333,6 +334,33 @@ public class TestAccessController extends SecureTestUtil {
   }
 
   @Test (timeout=180000)
+  public void testUnauthorizedShutdown() throws Exception {
+    AccessTestAction action = new AccessTestAction() {
+      @Override public Object run() throws Exception {
+        HMaster master = TEST_UTIL.getHBaseCluster().getMaster();
+        master.shutdown();
+        return null;
+      }
+    };
+    verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, 
USER_GROUP_READ,
+        USER_GROUP_WRITE, USER_GROUP_CREATE);
+  }
+
+  @Test (timeout=180000)
+  public void testUnauthorizedStopMaster() throws Exception {
+    AccessTestAction action = new AccessTestAction() {
+      @Override public Object run() throws Exception {
+        HMaster master = TEST_UTIL.getHBaseCluster().getMaster();
+        master.stopMaster();
+        return null;
+      }
+    };
+
+    verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, 
USER_GROUP_READ,
+        USER_GROUP_WRITE, USER_GROUP_CREATE);
+  }
+
+  @Test (timeout=180000)
   public void testSecurityCapabilities() throws Exception {
     List<SecurityCapability> capabilities = 
TEST_UTIL.getConnection().getAdmin()
       .getSecurityCapabilities();

hbase git commit: HBASE-16284 Unauthorized client can shutdown the cluster

Reply via email to