[GitHub] [accumulo] dlmarion commented on a diff in pull request #2994: Missing permission checks #2

Thu, 06 Oct 2022 04:44:39 -0700 


dlmarion commented on code in PR #2994:
URL: https://github.com/apache/accumulo/pull/2994#discussion_r988929488


##########
server/base/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java:
##########
@@ -308,6 +307,11 @@ private Map<String,String> conf(TCredentials credentials, 
AccumuloConfiguration
   @Override
   public Map<String,String> getConfiguration(TInfo tinfo, TCredentials 
credentials,
       ConfigurationType type) throws TException {
+    if (!(security.isSystemUser(credentials) || 
security.hasSystemPermission(credentials,
+        credentials.getPrincipal(), SystemPermission.SYSTEM))) {

Review Comment:
   > I'm not sure, but curious if this OR is necessary. I'd expect the system 
user to have system permission already. 
   
   To answer your original question, if I remove the 
`security.isSystemUser(credentials)` predicate, then I get the following error 
in the Admin log for DumpConfigIT.
   
   ```
   2022-10-06T11:23:06,542 [util.Admin] ERROR: Error USER_DOESNT_EXIST for user 
!SYSTEM - The user does not exist
   org.apache.accumulo.core.client.AccumuloSecurityException: Error 
USER_DOESNT_EXIST for user !SYSTEM - The user does not exist
           at 
org.apache.accumulo.core.rpc.clients.TServerClient.execute(TServerClient.java:110)
 ~[classes/:?]
           at 
org.apache.accumulo.core.rpc.clients.ClientServiceThriftClient.execute(ClientServiceThriftClient.java:52)
 ~[classes/:?]
           at 
org.apache.accumulo.core.clientImpl.InstanceOperationsImpl.getSiteConfiguration(InstanceOperationsImpl.java:164)
 ~[classes/:?]
           at org.apache.accumulo.server.util.Admin.printConfig(Admin.java:604) 
~[classes/:?]
           at org.apache.accumulo.server.util.Admin.execute(Admin.java:378) 
~[classes/:?]
           at org.apache.accumulo.server.util.Admin.main(Admin.java:259) 
~[classes/:?]
   ```
   
   A warning is printed in the tablet server log, but nothing else
   ```
   2022-10-06T11:23:06,519 [accumulo.audit] WARN : operation: failed; user: 
!SYSTEM; checking permission SYSTEM on !SYSTEM denied; exception: 
ThriftSecurityException(user:!SYSTEM, code:USER_DOESNT_EXIST)
   ```
   
   I'm not quite sure of the exact code path that is raising this exception on 
the server side. If we are able to resolve this and remove the 
`security.isSystemUser(credentials)` predicate, then the authenticate call is 
made as part of the SecurityOperation.hasSystemPermission() call.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to