[jira] [Updated] (HBASE-25432) we should add security checks for list_namespace_tables

Mon, 21 Dec 2020 23:54:34 -0800 


     [ 
https://issues.apache.org/jira/browse/HBASE-25432?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

lujie updated HBASE-25432:
--------------------------
    Description:     (was: list_namespace_tables miss security check. 

listTableDescriptorsByNamespace has security check, but it is useless.

code of listTableDescriptorsByNamespace is

 
{code:java}
  public List<TableDescriptor> listTableDescriptorsByNamespace(String name) 
throws IOException {
    checkInitialized();
    return listTableDescriptors(name, null, null, true);
 }
{code}
listTableDescriptors code is
{code:java}
  public List<TableDescriptor> listTableDescriptors(final String namespace, 
final String regex,
      final List<TableName> tableNameList, final boolean includeSysTables)
  throws IOException {
    List<TableDescriptor> htds = new ArrayList<>();
    if (cpHost != null) {
      cpHost.preGetTableDescriptors(tableNameList, htds, regex);
    }
    htds = getTableDescriptors(htds, namespace, regex, tableNameList, 
includeSysTables);
    if (cpHost != null) {
      cpHost.postGetTableDescriptors(tableNameList, htds, regex);
    }
    return htds;
  }
{code}
 we can see that tableNameList is empty.

in the AccessController, empty tableNameList is empty:
{code:java}
 public void 
preGetTableDescriptors(ObserverContext<MasterCoprocessorEnvironment> ctx,
       List<TableName> tableNamesList, List<TableDescriptor> descriptors,
       String regex) throws IOException {
    // We are delegating the authorization check to postGetTableDescriptors as 
we don't have
    // any concrete set of table names when a regex is present or the full list 
is requested.
    if (regex == null && tableNamesList != null && !tableNamesList.isEmpty()) {
      // Otherwise, if the requestor has ADMIN or CREATE privs for all listed 
tables, the
      // request can be granted.
      try (Admin admin = ctx.getEnvironment().getConnection().getAdmin()) {
        for (TableName tableName : tableNamesList) {
          // Skip checks for a table that does not exist
          if (!admin.tableExists(tableName)) {
            continue;
          }
          requirePermission(ctx, "getTableDescriptors", tableName, null, null, 
Action.ADMIN,
            Action.CREATE);
        }
      }
    }
  }
{code}
 

 )

> we should add security checks for list_namespace_tables
> -------------------------------------------------------
>
>                 Key: HBASE-25432
>                 URL: https://issues.apache.org/jira/browse/HBASE-25432
>             Project: HBase
>          Issue Type: Bug
>            Reporter: lujie
>            Priority: Major
>




--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to