You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@accumulo.apache.org by el...@apache.org on 2015/06/02 00:41:47 UTC

[2/6] accumulo git commit: ACCUMULO-3880 Remove halt on bad SystemToken.

ACCUMULO-3880 Remove halt on bad SystemToken.

While incorrect SystemTokens might sometimes be
the product of inconsistent system configuration,
it can also be used as an attack vector by
malicious parties. We need to treat invalid
authentications for the system user the same
as regular users (deny them and keep going).


Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/9a4dd300
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/9a4dd300
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/9a4dd300

Branch: refs/heads/1.7
Commit: 9a4dd3000ce5c8e1ebb884810b7ad3195bb1fa43
Parents: cc25f51
Author: Josh Elser <el...@apache.org>
Authored: Mon Jun 1 18:34:47 2015 -0400
Committer: Josh Elser <el...@apache.org>
Committed: Mon Jun 1 18:34:47 2015 -0400

----------------------------------------------------------------------
 .../java/org/apache/accumulo/tserver/TabletServer.java   | 11 -----------
 1 file changed, 11 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/accumulo/blob/9a4dd300/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java
----------------------------------------------------------------------
diff --git a/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java b/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java
index c502166..128aaa9 100644
--- a/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java
+++ b/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java
@@ -2206,7 +2206,6 @@ public class TabletServer extends AbstractMetricsImpl implements org.apache.accu
     private ZooCache masterLockCache = new ZooCache();
 
     private void checkPermission(TCredentials credentials, String lock, final String request) throws ThriftSecurityException {
-      boolean fatal = false;
       try {
         log.debug("Got " + request + " message from user: " + credentials.getPrincipal());
         if (!security.canPerformSystemActions(credentials)) {
@@ -2217,18 +2216,8 @@ public class TabletServer extends AbstractMetricsImpl implements org.apache.accu
         log.warn("Got " + request + " message from unauthenticatable user: " + e.getUser());
         if (SystemCredentials.get().getToken().getClass().getName().equals(credentials.getTokenClassName())) {
           log.fatal("Got message from a service with a mismatched configuration. Please ensure a compatible configuration.", e);
-          fatal = true;
         }
         throw e;
-      } finally {
-        if (fatal) {
-          Halt.halt(1, new Runnable() {
-            @Override
-            public void run() {
-              logGCInfo(getSystemConfiguration());
-            }
-          });
-        }
       }
 
       if (tabletServerLock == null || !tabletServerLock.wasLockAcquired()) {