[jira] [Updated] (HDFS-16004) QJournal lack Permission check.

[lujie (Jira)]

     [ 
https://issues.apache.org/jira/browse/HDFS-16004?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

lujie updated HDFS-16004:
-------------------------
    Description: 
{color:#c1c7d0}I have some doubt when i configurate secure HDFS.  I know we 
have Service Level Authorization  for protocols like 
NamenodeProtocol,DatanodeProtocol and so on.{color}
{color:#c1c7d0} But i do not find such Authorization   for JournalProtocol 
after reading the code in HDFSPolicyProvider.  And if we have, how can i 
configurate such Authorization?{color}
{color:#c1c7d0}  {color}
{color:#c1c7d0} Besides  even NamenodeProtocol has Service Level Authorization, 
its methods still have Permission check. Take startCheckpoint in 
NameNodeRpcServer who implemented NamenodeProtocol  for example:{color}
{color:#c1c7d0}  {color}
{color:#c1c7d0} _public NamenodeCommand startCheckpoint(NamenodeRegistration 
registration)_{color}
{color:#c1c7d0}       _throws IOException {_{color}
{color:#c1c7d0}     _String operationName = "startCheckpoint";_{color}
{color:#c1c7d0}     _checkNNStartup();_{color}
{color:#c1c7d0}     
_{color:#ff6600}namesystem.checkSuperuserPrivilege(operationName);{color}_{color}
{color:#c1c7d0} _......_{color}
{color:#c1c7d0}  {color}
{color:#c1c7d0} I found that the methods in  BackupNodeRpcServer who 
implemented JournalProtocol  lack of such  Permission check. See below:{color}
{color:#c1c7d0}  {color}
{color:#c1c7d0}  {color}
{color:#c1c7d0}     _public void startLogSegment(JournalInfo journalInfo, long 
epoch,_{color}
{color:#c1c7d0}         _long txid) throws IOException {_{color}
{color:#c1c7d0}       
_namesystem.checkOperation(OperationCategory.JOURNAL);_{color}
{color:#c1c7d0}       _verifyJournalRequest(journalInfo);_{color}
{color:#c1c7d0}       _getBNImage().namenodeStartedLogSegment(txid);_{color}
{color:#c1c7d0}     _}_{color}
{color:#c1c7d0}  {color}
{color:#c1c7d0}     _@Override_{color}
{color:#c1c7d0}     _public void journal(JournalInfo journalInfo, long epoch, 
long firstTxId,_{color}
{color:#c1c7d0}         _int numTxns, byte[] records) throws IOException 
{_{color}
{color:#c1c7d0}       
_namesystem.checkOperation(OperationCategory.JOURNAL);_{color}
{color:#c1c7d0}       _verifyJournalRequest(journalInfo);_{color}
{color:#c1c7d0}       _getBNImage().journal(firstTxId, numTxns, 
records);_{color}
{color:#c1c7d0}     _}_{color}
{color:#c1c7d0}  {color}
{color:#c1c7d0} Do we need add Permission check for them?{color}
{color:#c1c7d0}  {color}
{color:#c1c7d0} Please point out my mistakes if i am wrong or miss something. 
{color}

  was:
I have some doubt when i configurate secure HDFS.  I know we have Service Level 
Authorization  for protocols like NamenodeProtocol,DatanodeProtocol and so on.
But i do not find such Authorization   for JournalProtocol after reading the 
code in HDFSPolicyProvider.  And if we have, how can i configurate such 
Authorization?
 
Besides  even NamenodeProtocol has Service Level Authorization, its methods 
still have Permission check. Take startCheckpoint in NameNodeRpcServer who 
implemented NamenodeProtocol  for example:
 
_public NamenodeCommand startCheckpoint(NamenodeRegistration registration)_
      _throws IOException {_
    _String operationName = "startCheckpoint";_
    _checkNNStartup();_
    _{color:#ff6600}namesystem.checkSuperuserPrivilege(operationName);{color}_
_......_
 
I found that the methods in  BackupNodeRpcServer who implemented 
JournalProtocol  lack of such  Permission check. See below:
 
 
    _public void startLogSegment(JournalInfo journalInfo, long epoch,_
        _long txid) throws IOException {_
      _namesystem.checkOperation(OperationCategory.JOURNAL);_
      _verifyJournalRequest(journalInfo);_
      _getBNImage().namenodeStartedLogSegment(txid);_
    _}_
 
    _@Override_
    _public void journal(JournalInfo journalInfo, long epoch, long firstTxId,_
        _int numTxns, byte[] records) throws IOException {_
      _namesystem.checkOperation(OperationCategory.JOURNAL);_
      _verifyJournalRequest(journalInfo);_
      _getBNImage().journal(firstTxId, numTxns, records);_
    _}_
 
Do we need add Permission check for them?
 
Please point out my mistakes if i am wrong or miss something. 


>  QJournal lack Permission check.
> --------------------------------
>
>                 Key: HDFS-16004
>                 URL: https://issues.apache.org/jira/browse/HDFS-16004
>             Project: Hadoop HDFS
>          Issue Type: Bug
>            Reporter: lujie
>            Assignee: lujie
>            Priority: Critical
>              Labels: pull-request-available
>          Time Spent: 1h
>  Remaining Estimate: 0h
>
> {color:#c1c7d0}I have some doubt when i configurate secure HDFS.  I know we 
> have Service Level Authorization  for protocols like 
> NamenodeProtocol,DatanodeProtocol and so on.{color}
> {color:#c1c7d0} But i do not find such Authorization   for JournalProtocol 
> after reading the code in HDFSPolicyProvider.  And if we have, how can i 
> configurate such Authorization?{color}
> {color:#c1c7d0}  {color}
> {color:#c1c7d0} Besides  even NamenodeProtocol has Service Level 
> Authorization, its methods still have Permission check. Take startCheckpoint 
> in NameNodeRpcServer who implemented NamenodeProtocol  for example:{color}
> {color:#c1c7d0}  {color}
> {color:#c1c7d0} _public NamenodeCommand startCheckpoint(NamenodeRegistration 
> registration)_{color}
> {color:#c1c7d0}       _throws IOException {_{color}
> {color:#c1c7d0}     _String operationName = "startCheckpoint";_{color}
> {color:#c1c7d0}     _checkNNStartup();_{color}
> {color:#c1c7d0}     
> _{color:#ff6600}namesystem.checkSuperuserPrivilege(operationName);{color}_{color}
> {color:#c1c7d0} _......_{color}
> {color:#c1c7d0}  {color}
> {color:#c1c7d0} I found that the methods in  BackupNodeRpcServer who 
> implemented JournalProtocol  lack of such  Permission check. See below:{color}
> {color:#c1c7d0}  {color}
> {color:#c1c7d0}  {color}
> {color:#c1c7d0}     _public void startLogSegment(JournalInfo journalInfo, 
> long epoch,_{color}
> {color:#c1c7d0}         _long txid) throws IOException {_{color}
> {color:#c1c7d0}       
> _namesystem.checkOperation(OperationCategory.JOURNAL);_{color}
> {color:#c1c7d0}       _verifyJournalRequest(journalInfo);_{color}
> {color:#c1c7d0}       _getBNImage().namenodeStartedLogSegment(txid);_{color}
> {color:#c1c7d0}     _}_{color}
> {color:#c1c7d0}  {color}
> {color:#c1c7d0}     _@Override_{color}
> {color:#c1c7d0}     _public void journal(JournalInfo journalInfo, long epoch, 
> long firstTxId,_{color}
> {color:#c1c7d0}         _int numTxns, byte[] records) throws IOException 
> {_{color}
> {color:#c1c7d0}       
> _namesystem.checkOperation(OperationCategory.JOURNAL);_{color}
> {color:#c1c7d0}       _verifyJournalRequest(journalInfo);_{color}
> {color:#c1c7d0}       _getBNImage().journal(firstTxId, numTxns, 
> records);_{color}
> {color:#c1c7d0}     _}_{color}
> {color:#c1c7d0}  {color}
> {color:#c1c7d0} Do we need add Permission check for them?{color}
> {color:#c1c7d0}  {color}
> {color:#c1c7d0} Please point out my mistakes if i am wrong or miss something. 
> {color}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org