[jira] [Commented] (HDDS-7454) OM to DN token verification should include Pipeline

Fri, 04 Nov 2022 18:07:04 -0700 


    [ 
https://issues.apache.org/jira/browse/HDDS-7454?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17629237#comment-17629237
 ] 

Sumit Agrawal commented on HDDS-7454:
-------------------------------------

[~swagle][~kerneltime]
Java Client can discover different pipeline using older request. Impact is 
higher if this happens.

Related to cost, its very minimal for adding extra 60 byte extra is used in 
signature payload.

Scope of security token: 
1) If only bugs, for well establish trusted client, only signature verification 
is enough with access mode. Other parameter is not required.
2) If request verification for untrusted client, It need verify for request 
parameter.
     In above case, pipeline and container mapping to DN is not present, and DN 
can not validate mapping.

So current scope is not well defined considering point "1" and "2", its not 
complete in either sense.

Please share your view point.

> OM to DN token verification should include Pipeline
> ---------------------------------------------------
>
>                 Key: HDDS-7454
>                 URL: https://issues.apache.org/jira/browse/HDDS-7454
>             Project: Apache Ozone
>          Issue Type: Bug
>            Reporter: Sumit Agrawal
>            Assignee: Sumit Agrawal
>            Priority: Minor
>              Labels: pull-request-available
>
> Client will request for block information to be used to write data, In this 
> process,
> - OM call allocateBlock to SCM, SCM will provide block information, pipeline 
> and related DN
> - OM also create token (when security enabled) with block information
> - Client will pass this information to DN
> - DN will verify token for block information and start write block
> Here, pipeline information is not verified for which request is created. As 
> security, this also needs to be verified.
> Pipeline and DN mapping is shared to DN which Pipeline command from SCM to 
> DNs, CreatePipelineCommand
> Impact (If client is not trustable):
> 1. Client can forward request with token to different DN with different 
> pipeline information.
> So DN since do not have information about SMC mapping of container to 
> pipeline, that DN can start operating over that.
> Having pipeline in token verification, it will ensure,
> - block write is done with correct pipeline (DNs)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to