Repository: hbase Updated Branches: refs/heads/branch-1 dc56aa2d4 -> 1b5f8c712
HBASE-16284 Unauthorized client can shutdown the cluster Project: http://git-wip-us.apache.org/repos/asf/hbase/repo Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/1b5f8c71 Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/1b5f8c71 Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/1b5f8c71 Branch: refs/heads/branch-1 Commit: 1b5f8c7123da230a7f6d8611819fd39d122421e5 Parents: dc56aa2 Author: Deokwoo Han <ithen...@gmail.com> Authored: Fri Jul 29 11:07:51 2016 +0900 Committer: Jerry He <jerry...@apache.org> Committed: Tue Aug 2 11:37:56 2016 -0700 ---------------------------------------------------------------------- .../org/apache/hadoop/hbase/master/HMaster.java | 16 +++-------- .../hadoop/hbase/master/MasterRpcServices.java | 15 +++++++++-- .../hadoop/hbase/util/JVMClusterUtil.java | 15 ++++++++--- .../security/access/TestAccessController.java | 28 ++++++++++++++++++++ 4 files changed, 57 insertions(+), 17 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hbase/blob/1b5f8c71/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java index 8dd1d25..dcbf1c8 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java @@ -2329,13 +2329,9 @@ public class HMaster extends HRegionServer implements MasterServices, Server { return rsFatals; } - public void shutdown() { + public void shutdown() throws IOException { if (cpHost != null) { - try { - cpHost.preShutdown(); - } catch (IOException ioe) { - LOG.error("Error call master coprocessor preShutdown()", ioe); - } + cpHost.preShutdown(); } if (this.serverManager != null) { @@ -2350,13 +2346,9 @@ public class HMaster extends HRegionServer implements MasterServices, Server { } } - public void stopMaster() { + public void stopMaster() throws IOException { if (cpHost != null) { - try { - cpHost.preStopMaster(); - } catch (IOException ioe) { - LOG.error("Error call master coprocessor preStopMaster()", ioe); - } + cpHost.preStopMaster(); } stop("Stopped by " + Thread.currentThread().getName()); } http://git-wip-us.apache.org/repos/asf/hbase/blob/1b5f8c71/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java index 37b3816..341bf1b 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java @@ -181,6 +181,7 @@ import org.apache.hadoop.hbase.protobuf.generated.RegionServerStatusProtos.Repor import org.apache.hadoop.hbase.protobuf.generated.RegionServerStatusProtos.ReportRegionStateTransitionRequest; import org.apache.hadoop.hbase.protobuf.generated.RegionServerStatusProtos.ReportRegionStateTransitionResponse; import org.apache.hadoop.hbase.regionserver.RSRpcServices; +import org.apache.hadoop.hbase.security.AccessDeniedException; import org.apache.hadoop.hbase.security.User; import org.apache.hadoop.hbase.security.access.AccessController; import org.apache.hadoop.hbase.security.visibility.VisibilityController; @@ -1319,7 +1320,12 @@ public class MasterRpcServices extends RSRpcServices public ShutdownResponse shutdown(RpcController controller, ShutdownRequest request) throws ServiceException { LOG.info(master.getClientIdAuditPrefix() + " shutdown"); - master.shutdown(); + try { + master.shutdown(); + } catch (IOException e) { + LOG.error("Exception occurred in HMaster.shutdown()", e); + throw new ServiceException(e); + } return ShutdownResponse.newBuilder().build(); } @@ -1356,7 +1362,12 @@ public class MasterRpcServices extends RSRpcServices public StopMasterResponse stopMaster(RpcController controller, StopMasterRequest request) throws ServiceException { LOG.info(master.getClientIdAuditPrefix() + " stop"); - master.stopMaster(); + try { + master.stopMaster(); + } catch (IOException e) { + LOG.error("Exception occurred while stopping master", e); + throw new ServiceException(e); + } return StopMasterResponse.newBuilder().build(); } http://git-wip-us.apache.org/repos/asf/hbase/blob/1b5f8c71/hbase-server/src/main/java/org/apache/hadoop/hbase/util/JVMClusterUtil.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/util/JVMClusterUtil.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/util/JVMClusterUtil.java index 25ed63c..79865bb 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/util/JVMClusterUtil.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/util/JVMClusterUtil.java @@ -249,14 +249,23 @@ public class JVMClusterUtil { JVMClusterUtil.MasterThread activeMaster = null; for (JVMClusterUtil.MasterThread t : masters) { if (!t.master.isActiveMaster()) { - t.master.stopMaster(); + try { + t.master.stopMaster(); + } catch (IOException e) { + LOG.error("Exception occurred while stopping master", e); + } } else { activeMaster = t; } } // Do active after. - if (activeMaster != null) - activeMaster.master.shutdown(); + if (activeMaster != null) { + try { + activeMaster.master.shutdown(); + } catch (IOException e) { + LOG.error("Exception occurred in HMaster.shutdown()", e); + } + } } boolean wasInterrupted = false; http://git-wip-us.apache.org/repos/asf/hbase/blob/1b5f8c71/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java index dd554a1..2e77c78 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java @@ -98,6 +98,7 @@ import org.apache.hadoop.hbase.io.hfile.HFileContext; import org.apache.hadoop.hbase.io.hfile.HFileContextBuilder; import org.apache.hadoop.hbase.ipc.protobuf.generated.TestProcedureProtos; import org.apache.hadoop.hbase.mapreduce.LoadIncrementalHFiles; +import org.apache.hadoop.hbase.master.HMaster; import org.apache.hadoop.hbase.master.MasterCoprocessorHost; import org.apache.hadoop.hbase.master.procedure.MasterProcedureEnv; import org.apache.hadoop.hbase.master.procedure.TableProcedureInterface; @@ -333,6 +334,33 @@ public class TestAccessController extends SecureTestUtil { } @Test (timeout=180000) + public void testUnauthorizedShutdown() throws Exception { + AccessTestAction action = new AccessTestAction() { + @Override public Object run() throws Exception { + HMaster master = TEST_UTIL.getHBaseCluster().getMaster(); + master.shutdown(); + return null; + } + }; + verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ, + USER_GROUP_WRITE, USER_GROUP_CREATE); + } + + @Test (timeout=180000) + public void testUnauthorizedStopMaster() throws Exception { + AccessTestAction action = new AccessTestAction() { + @Override public Object run() throws Exception { + HMaster master = TEST_UTIL.getHBaseCluster().getMaster(); + master.stopMaster(); + return null; + } + }; + + verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ, + USER_GROUP_WRITE, USER_GROUP_CREATE); + } + + @Test (timeout=180000) public void testSecurityCapabilities() throws Exception { List<SecurityCapability> capabilities = TEST_UTIL.getConnection().getAdmin() .getSecurityCapabilities();