[jira] [Work logged] (HDFS-16004) startLogSegment and journal in BackupNode lack Permission check.

Thu, 29 Apr 2021 20:40:45 -0700 


     [ 
https://issues.apache.org/jira/browse/HDFS-16004?focusedWorklogId=591358&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-591358
 ]

ASF GitHub Bot logged work on HDFS-16004:
-----------------------------------------

                Author: ASF GitHub Bot
            Created on: 30/Apr/21 03:33
            Start Date: 30/Apr/21 03:33
    Worklog Time Spent: 10m 
      Work Description: lujiefsi opened a new pull request #2966:
URL: https://github.com/apache/hadoop/pull/2966


   I have some doubt when i configurate secure HDFS.  I know we have Service 
Level Authorization  for protocols like NamenodeProtocol,DatanodeProtocol and 
so on.
   But i do not find such Authorization   for JournalProtocol after reading the 
code in HDFSPolicyProvider.  And if we have, how can i configurate such 
Authorization?
    
   Besides  even NamenodeProtocol has Service Level Authorization, its methods 
still have Permission check. Take startCheckpoint in NameNodeRpcServer who 
implemented NamenodeProtocol  for example:
    
   public NamenodeCommand startCheckpoint(NamenodeRegistration registration)
         throws IOException {
       String operationName = "startCheckpoint";
       checkNNStartup();
       namesystem.checkSuperuserPrivilege(operationName);
   ......
    
   I found that the methods in  BackupNodeRpcServer who implemented 
JournalProtocol  lack of such  Permission check. See below:
    
    
       public void startLogSegment(JournalInfo journalInfo, long epoch,
           long txid) throws IOException {
         namesystem.checkOperation(OperationCategory.JOURNAL);
         verifyJournalRequest(journalInfo);
         getBNImage().namenodeStartedLogSegment(txid);
       }
    
       @Override
       public void journal(JournalInfo journalInfo, long epoch, long firstTxId,
           int numTxns, byte[] records) throws IOException {
         namesystem.checkOperation(OperationCategory.JOURNAL);
         verifyJournalRequest(journalInfo);
         getBNImage().journal(firstTxId, numTxns, records);
       }
    
   Do we need add Permission check for them?
    
   Please point out my mistakes if i am wrong or miss something. 
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]


Issue Time Tracking
-------------------

            Worklog Id:     (was: 591358)
    Remaining Estimate: 0h
            Time Spent: 10m

> startLogSegment and journal in BackupNode lack Permission check.
> ----------------------------------------------------------------
>
>                 Key: HDFS-16004
>                 URL: https://issues.apache.org/jira/browse/HDFS-16004
>             Project: Hadoop HDFS
>          Issue Type: Bug
>            Reporter: lujie
>            Priority: Critical
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> I have some doubt when i configurate secure HDFS.  I know we have Service 
> Level Authorization  for protocols like NamenodeProtocol,DatanodeProtocol and 
> so on.
> But i do not find such Authorization   for JournalProtocol after reading the 
> code in HDFSPolicyProvider.  And if we have, how can i configurate such 
> Authorization?
>  
> Besides  even NamenodeProtocol has Service Level Authorization, its methods 
> still have Permission check. Take startCheckpoint in NameNodeRpcServer who 
> implemented NamenodeProtocol  for example:
>  
> _public NamenodeCommand startCheckpoint(NamenodeRegistration registration)_
>       _throws IOException {_
>     _String operationName = "startCheckpoint";_
>     _checkNNStartup();_
>     _{color:#ff6600}namesystem.checkSuperuserPrivilege(operationName);{color}_
> _......_
>  
> I found that the methods in  BackupNodeRpcServer who implemented 
> JournalProtocol  lack of such  Permission check. See below:
>  
>  
>     _public void startLogSegment(JournalInfo journalInfo, long epoch,_
>         _long txid) throws IOException {_
>       _namesystem.checkOperation(OperationCategory.JOURNAL);_
>       _verifyJournalRequest(journalInfo);_
>       _getBNImage().namenodeStartedLogSegment(txid);_
>     _}_
>  
>     _@Override_
>     _public void journal(JournalInfo journalInfo, long epoch, long firstTxId,_
>         _int numTxns, byte[] records) throws IOException {_
>       _namesystem.checkOperation(OperationCategory.JOURNAL);_
>       _verifyJournalRequest(journalInfo);_
>       _getBNImage().journal(firstTxId, numTxns, records);_
>     _}_
>  
> Do we need add Permission check for them?
>  
> Please point out my mistakes if i am wrong or miss something. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to