[hbase] branch branch-2.3 updated: HBASE-25441 : add security check for some APIs in RSRpcServices (#2829) (#2810)

Wed, 30 Dec 2020 10:57:10 -0800 

This is an automated email from the ASF dual-hosted git repository.

vjasani pushed a commit to branch branch-2.3
in repository https://gitbox.apache.org/repos/asf/hbase.git


The following commit(s) were added to refs/heads/branch-2.3 by this push:
     new bbd363d  HBASE-25441 : add security check for some APIs in 
RSRpcServices (#2829) (#2810)
bbd363d is described below

commit bbd363d641eb240a3d47a7806e59cffe5534823e
Author: lujiefsi <[email protected]>
AuthorDate: Thu Dec 31 02:56:43 2020 +0800

    HBASE-25441 : add security check for some APIs in RSRpcServices (#2829) 
(#2810)
    
    Signed-off-by: stack <[email protected]>
    Signed-off-by: Viraj Jasani <[email protected]>
---
 .../main/java/org/apache/hadoop/hbase/master/HMaster.java   | 13 +++++++++++++
 .../org/apache/hadoop/hbase/regionserver/RSRpcServices.java |  9 +++++++--
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git 
a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java 
b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
index ac731a0..e05fb32 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
@@ -2967,6 +2967,19 @@ public class HMaster extends HRegionServer implements 
MasterServices {
   }
 
   /**
+   * Report whether this master is started
+   *
+   * This method is used for testing.
+   *
+   * @return true if master is ready to go, false if not.
+   */
+
+  @Override
+  public boolean isOnline() {
+    return serviceStarted;
+  }
+
+  /**
    * Report whether this master is in maintenance mode.
    *
    * @return true if master is in maintenanceMode
diff --git 
a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
 
b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
index d749e1b..bedfcca 100644
--- 
a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
+++ 
b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java
@@ -2389,6 +2389,7 @@ public class RSRpcServices implements 
HBaseRPCErrorHandler,
   @QosPriority(priority=HConstants.ADMIN_QOS)
   public StopServerResponse stopServer(final RpcController controller,
       final StopServerRequest request) throws ServiceException {
+    rpcPreCheck("stopServer");
     requestCount.increment();
     String reason = request.getReason();
     regionServer.stop(reason);
@@ -2398,6 +2399,7 @@ public class RSRpcServices implements 
HBaseRPCErrorHandler,
   @Override
   public UpdateFavoredNodesResponse updateFavoredNodes(RpcController 
controller,
       UpdateFavoredNodesRequest request) throws ServiceException {
+    rpcPreCheck("updateFavoredNodes");
     List<UpdateFavoredNodesRequest.RegionUpdateInfo> openInfoList = 
request.getUpdateInfoList();
     UpdateFavoredNodesResponse.Builder respBuilder = 
UpdateFavoredNodesResponse.newBuilder();
     for (UpdateFavoredNodesRequest.RegionUpdateInfo regionUpdateInfo : 
openInfoList) {
@@ -3702,6 +3704,7 @@ public class RSRpcServices implements 
HBaseRPCErrorHandler,
       RpcController controller, UpdateConfigurationRequest request)
       throws ServiceException {
     try {
+      requirePermission("updateConfiguration", Permission.Action.ADMIN);
       this.regionServer.updateConfiguration();
     } catch (Exception e) {
       throw new ServiceException(e);
@@ -3734,7 +3737,8 @@ public class RSRpcServices implements 
HBaseRPCErrorHandler,
 
   @Override
   public ClearRegionBlockCacheResponse clearRegionBlockCache(RpcController 
controller,
-      ClearRegionBlockCacheRequest request) {
+      ClearRegionBlockCacheRequest request) throws ServiceException {
+    rpcPreCheck("clearRegionBlockCache");
     ClearRegionBlockCacheResponse.Builder builder =
         ClearRegionBlockCacheResponse.newBuilder();
     CacheEvictionStatsBuilder stats = CacheEvictionStats.builder();
@@ -3876,7 +3880,8 @@ public class RSRpcServices implements 
HBaseRPCErrorHandler,
   @Override
   @QosPriority(priority = HConstants.ADMIN_QOS)
   public ClearSlowLogResponses clearSlowLogsResponses(final RpcController 
controller,
-    final ClearSlowLogResponseRequest request) {
+    final ClearSlowLogResponseRequest request) throws ServiceException {
+    rpcPreCheck("clearSlowLogsResponses");
     final SlowLogRecorder slowLogRecorder =
       this.regionServer.getSlowLogRecorder();
     boolean slowLogsCleaned = Optional.ofNullable(slowLogRecorder)

Reply via email to