[jira] [Commented] (HBASE-27528) log duplication issues in MasterRpcServices

Fri, 20 Jan 2023 12:59:07 -0800 


    [ 
https://issues.apache.org/jira/browse/HBASE-27528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17679320#comment-17679320
 ] 

Hudson commented on HBASE-27528:
--------------------------------

Results for branch master
        [build #759 on 
builds.a.o|https://ci-hbase.apache.org/job/HBase%20Nightly/job/master/759/]: 
(/) *{color:green}+1 overall{color}*
----
details (if available):

(/) {color:green}+1 general checks{color}
-- For more information [see general 
report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/master/759/General_20Nightly_20Build_20Report/]




(/) {color:green}+1 jdk8 hadoop3 checks{color}
-- For more information [see jdk8 (hadoop3) 
report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/master/759/JDK8_20Nightly_20Build_20Report_20_28Hadoop3_29/]


(/) {color:green}+1 jdk11 hadoop3 checks{color}
-- For more information [see jdk11 
report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/master/759/JDK11_20Nightly_20Build_20Report_20_28Hadoop3_29/]


(/) {color:green}+1 source release artifact{color}
-- See build output for details.


(/) {color:green}+1 client integration test{color}


> log duplication issues in MasterRpcServices
> -------------------------------------------
>
>                 Key: HBASE-27528
>                 URL: https://issues.apache.org/jira/browse/HBASE-27528
>             Project: HBase
>          Issue Type: Bug
>          Components: logging, master, rpc, security
>            Reporter: Beibei Zhao
>            Assignee: Beibei Zhao
>            Priority: Major
>             Fix For: 2.6.0, 3.0.0-alpha-4
>
>
> MasterRpcServices record audit log in privileged operations (grant, revoke) 
> and vital apis like "execMasterService".
> {code:java}
>   public RevokeResponse revoke(RpcController controller, RevokeRequest 
> request)
>     throws ServiceException {
>     try {
>       ......
>         server.cpHost.preRevoke(userPermission); // has audit log in 
> AccessChecker
>        ...... // removeUserPermission
>         User caller = RpcServer.getRequestUser().orElse(null);
>         if (AUDITLOG.isTraceEnabled()) {
>           // audit log should record all permission changes
>           String remoteAddress = 
> RpcServer.getRemoteAddress().map(InetAddress::toString).orElse("");
>           AUDITLOG.trace("User {} (remote address: {}) revoked permission 
> {}", caller,
>             remoteAddress, userPermission);
>         }
>         ......
>   }
> {code}
> but I found a path from *server.cpHost.preRevoke(userPermission);* to 
> {*}AccessChecker audit log{*}, which caused {*}log duplication{*}.
> {code:java}
> public void requireGlobalPermission(User user, String request, Action perm, 
> String namespace)
>     throws IOException {
>     AuthResult authResult;
>     if (authManager.authorizeUserGlobal(user, perm)) {
>       authResult = AuthResult.allow(request, "Global check allowed", user, 
> perm, null);
>       authResult.getParams().setNamespace(namespace);
>       logResult(authResult);
>     } else {
>       authResult = AuthResult.deny(request, "Global check failed", user, 
> perm, null);
>       authResult.getParams().setNamespace(namespace);
>       logResult(authResult);
>       throw new AccessDeniedException(
>         "Insufficient permissions for user '" + (user != null ? 
> user.getShortName() : "null")
>           + "' (global, action=" + perm.toString() + ")");
>     }
>   }
>   public static void logResult(AuthResult result) {
>     if (AUDITLOG.isTraceEnabled()) {
>       User user = result.getUser();
>       UserGroupInformation ugi = user != null ? user.getUGI() : null;
>       AUDITLOG.trace(
>         "Access {} for user {}; reason: {}; remote address: {}; request: {}; 
> context: {};"
>           + "auth method: {}",
>         (result.isAllowed() ? "allowed" : "denied"),
>         (user != null ? user.getShortName() : "UNKNOWN"), result.getReason(),
>         RpcServer.getRemoteAddress().map(InetAddress::toString).orElse(""), 
> result.getRequest(),
>         result.toContextString(), ugi != null ? ugi.getAuthenticationMethod() 
> : "UNKNOWN");
>     }
>   }
> {code}
> Since *AccessChecker* integrates auditlogs for permission check, I'll delete 
> the log in MasterRpcServices.
> There must be more problems like this, I' ll check it later and commit the 
> code.
> -There are many "write" operations like "deleteTable", which may cause 
> security problems, should also record an audit log.-



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to