[jira] [Updated] (HBASE-6851) Race condition in TableAuthManager.updateGlobalCache()

Fri, 21 Sep 2012 15:06:10 -0700 

     [ 
https://issues.apache.org/jira/browse/HBASE-6851?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Gary Helmling updated HBASE-6851:
---------------------------------

    Attachment: HBASE-6851.patch

Attaching a patch for trunk, with the following changes:

# adds a new test to TestTablePermissions, which attempts to brute force the 
race condition
# encapsulates user and group permissions into a PermissionCache wrapper class. 
 This seemed to be a little cleaner in managing the changes.
# synchronizes TableAuthManager.updateGlobalCache() to serialize calls, and 
rebuilds and resets the whole cache

With the previous code, the added test will fail fairly reliably within 10 
runs.  With the patch the test reliably passes (I tried up to 30 runs).
                
> Race condition in TableAuthManager.updateGlobalCache()
> ------------------------------------------------------
>
>                 Key: HBASE-6851
>                 URL: https://issues.apache.org/jira/browse/HBASE-6851
>             Project: HBase
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.94.1, 0.96.0
>            Reporter: Gary Helmling
>            Assignee: Gary Helmling
>            Priority: Critical
>         Attachments: HBASE-6851.patch
>
>
> When new global permissions are assigned, there is a race condition, during 
> which further authorization checks relying on global permissions may fail.
> In TableAuthManager.updateGlobalCache(), we have:
> {code:java}
>     USER_CACHE.clear();
>     GROUP_CACHE.clear();
>     try {
>       initGlobal(conf);
>     } catch (IOException e) {
>       // Never happens
>       LOG.error("Error occured while updating the user cache", e);
>     }
>     for (Map.Entry<String,TablePermission> entry : userPerms.entries()) {
>       if (AccessControlLists.isGroupPrincipal(entry.getKey())) {
>         GROUP_CACHE.put(AccessControlLists.getGroupName(entry.getKey()),
>                         new Permission(entry.getValue().getActions()));
>       } else {
>         USER_CACHE.put(entry.getKey(), new 
> Permission(entry.getValue().getActions()));
>       }
>     }
> {code}
> If authorization checks come in following the .clear() but before 
> repopulating, they will fail.
> We should have some synchronization here to serialize multiple updates and 
> use a COW type rebuild and reassign of the new maps.
> This particular issue crept in with the fix in HBASE-6157, so I'm flagging 
> for 0.94 and 0.96.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to