You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by je...@apache.org on 2016/08/02 18:23:19 UTC
hbase git commit: HBASE-16284 Unauthorized client can shutdown the
cluster
Repository: hbase
Updated Branches:
refs/heads/master 379b86c5d -> eef6a4834
HBASE-16284 Unauthorized client can shutdown the cluster
Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/eef6a483
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/eef6a483
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/eef6a483
Branch: refs/heads/master
Commit: eef6a4834a8780037513d8fbe024671400fd70b8
Parents: 379b86c
Author: Deokwoo Han <it...@gmail.com>
Authored: Fri Jul 29 11:07:51 2016 +0900
Committer: Jerry He <je...@apache.org>
Committed: Tue Aug 2 11:21:31 2016 -0700
----------------------------------------------------------------------
.../org/apache/hadoop/hbase/master/HMaster.java | 22 +++++++--------
.../hadoop/hbase/master/MasterRpcServices.java | 15 +++++++++--
.../hadoop/hbase/util/JVMClusterUtil.java | 15 ++++++++---
.../security/access/TestAccessController.java | 28 ++++++++++++++++++++
4 files changed, 62 insertions(+), 18 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hbase/blob/eef6a483/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
index 5f5cc38..4e6952a 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
@@ -2176,7 +2176,11 @@ public class HMaster extends HRegionServer implements MasterServices {
getLoadedCoprocessors());
}
if (t != null) LOG.fatal(msg, t);
- stopMaster();
+ try {
+ stopMaster();
+ } catch (IOException e) {
+ LOG.error("Exception occurred while stopping master", e);
+ }
}
@Override
@@ -2218,13 +2222,9 @@ public class HMaster extends HRegionServer implements MasterServices {
return rsFatals;
}
- public void shutdown() {
+ public void shutdown() throws IOException {
if (cpHost != null) {
- try {
- cpHost.preShutdown();
- } catch (IOException ioe) {
- LOG.error("Error call master coprocessor preShutdown()", ioe);
- }
+ cpHost.preShutdown();
}
if (this.serverManager != null) {
@@ -2239,13 +2239,9 @@ public class HMaster extends HRegionServer implements MasterServices {
}
}
- public void stopMaster() {
+ public void stopMaster() throws IOException {
if (cpHost != null) {
- try {
- cpHost.preStopMaster();
- } catch (IOException ioe) {
- LOG.error("Error call master coprocessor preStopMaster()", ioe);
- }
+ cpHost.preStopMaster();
}
stop("Stopped by " + Thread.currentThread().getName());
}
http://git-wip-us.apache.org/repos/asf/hbase/blob/eef6a483/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java
index 8974945..ad1a3ca 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java
@@ -92,6 +92,7 @@ import org.apache.hadoop.hbase.protobuf.generated.RegionServerStatusProtos.Repor
import org.apache.hadoop.hbase.protobuf.generated.RegionServerStatusProtos.ReportRegionStateTransitionRequest;
import org.apache.hadoop.hbase.protobuf.generated.RegionServerStatusProtos.ReportRegionStateTransitionResponse;
import org.apache.hadoop.hbase.regionserver.RSRpcServices;
+import org.apache.hadoop.hbase.security.AccessDeniedException;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.security.access.AccessController;
import org.apache.hadoop.hbase.security.visibility.VisibilityController;
@@ -1204,7 +1205,12 @@ public class MasterRpcServices extends RSRpcServices
public ShutdownResponse shutdown(RpcController controller,
ShutdownRequest request) throws ServiceException {
LOG.info(master.getClientIdAuditPrefix() + " shutdown");
- master.shutdown();
+ try {
+ master.shutdown();
+ } catch (IOException e) {
+ LOG.error("Exception occurred in HMaster.shutdown()", e);
+ throw new ServiceException(e);
+ }
return ShutdownResponse.newBuilder().build();
}
@@ -1241,7 +1247,12 @@ public class MasterRpcServices extends RSRpcServices
public StopMasterResponse stopMaster(RpcController controller,
StopMasterRequest request) throws ServiceException {
LOG.info(master.getClientIdAuditPrefix() + " stop");
- master.stopMaster();
+ try {
+ master.stopMaster();
+ } catch (IOException e) {
+ LOG.error("Exception occurred while stopping master", e);
+ throw new ServiceException(e);
+ }
return StopMasterResponse.newBuilder().build();
}
http://git-wip-us.apache.org/repos/asf/hbase/blob/eef6a483/hbase-server/src/main/java/org/apache/hadoop/hbase/util/JVMClusterUtil.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/util/JVMClusterUtil.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/util/JVMClusterUtil.java
index 25ed63c..79865bb 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/util/JVMClusterUtil.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/util/JVMClusterUtil.java
@@ -249,14 +249,23 @@ public class JVMClusterUtil {
JVMClusterUtil.MasterThread activeMaster = null;
for (JVMClusterUtil.MasterThread t : masters) {
if (!t.master.isActiveMaster()) {
- t.master.stopMaster();
+ try {
+ t.master.stopMaster();
+ } catch (IOException e) {
+ LOG.error("Exception occurred while stopping master", e);
+ }
} else {
activeMaster = t;
}
}
// Do active after.
- if (activeMaster != null)
- activeMaster.master.shutdown();
+ if (activeMaster != null) {
+ try {
+ activeMaster.master.shutdown();
+ } catch (IOException e) {
+ LOG.error("Exception occurred in HMaster.shutdown()", e);
+ }
+ }
}
boolean wasInterrupted = false;
http://git-wip-us.apache.org/repos/asf/hbase/blob/eef6a483/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
index f58e24e..20ff85f 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
@@ -94,6 +94,7 @@ import org.apache.hadoop.hbase.io.hfile.HFileContext;
import org.apache.hadoop.hbase.io.hfile.HFileContextBuilder;
import org.apache.hadoop.hbase.ipc.protobuf.generated.TestProcedureProtos;
import org.apache.hadoop.hbase.mapreduce.LoadIncrementalHFiles;
+import org.apache.hadoop.hbase.master.HMaster;
import org.apache.hadoop.hbase.master.MasterCoprocessorHost;
import org.apache.hadoop.hbase.master.procedure.MasterProcedureEnv;
import org.apache.hadoop.hbase.master.procedure.TableProcedureInterface;
@@ -332,6 +333,33 @@ public class TestAccessController extends SecureTestUtil {
}
@Test (timeout=180000)
+ public void testUnauthorizedShutdown() throws Exception {
+ AccessTestAction action = new AccessTestAction() {
+ @Override public Object run() throws Exception {
+ HMaster master = TEST_UTIL.getHBaseCluster().getMaster();
+ master.shutdown();
+ return null;
+ }
+ };
+ verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,
+ USER_GROUP_WRITE, USER_GROUP_CREATE);
+ }
+
+ @Test (timeout=180000)
+ public void testUnauthorizedStopMaster() throws Exception {
+ AccessTestAction action = new AccessTestAction() {
+ @Override public Object run() throws Exception {
+ HMaster master = TEST_UTIL.getHBaseCluster().getMaster();
+ master.stopMaster();
+ return null;
+ }
+ };
+
+ verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ,
+ USER_GROUP_WRITE, USER_GROUP_CREATE);
+ }
+
+ @Test (timeout=180000)
public void testSecurityCapabilities() throws Exception {
List<SecurityCapability> capabilities = TEST_UTIL.getConnection().getAdmin()
.getSecurityCapabilities();