You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ignite.apache.org by yz...@apache.org on 2015/07/31 12:32:44 UTC
[1/4] incubator-ignite git commit: #ignite-gg-10610: Security hole if
DataStreamer is used for populating the cache
Repository: incubator-ignite
Updated Branches:
refs/heads/ignite-752-2 5f921f62d -> f55a17f71
#ignite-gg-10610: Security hole if DataStreamer is used for populating the cache
Project: http://git-wip-us.apache.org/repos/asf/incubator-ignite/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ignite/commit/5288b2d8
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ignite/tree/5288b2d8
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ignite/diff/5288b2d8
Branch: refs/heads/ignite-752-2
Commit: 5288b2d8b882bbb86d69e1019821d51803685861
Parents: a127756
Author: ivasilinets <iv...@gridgain.com>
Authored: Wed Jul 29 15:27:31 2015 +0300
Committer: ivasilinets <iv...@gridgain.com>
Committed: Wed Jul 29 15:27:31 2015 +0300
----------------------------------------------------------------------
.../datastreamer/DataStreamerImpl.java | 22 ++++++++++++++++++++
.../datastreamer/DataStreamerUpdateJob.java | 20 +++++++++++++++++-
2 files changed, 41 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/5288b2d8/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java
index 605f478..5fae676 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java
@@ -39,6 +39,7 @@ import org.apache.ignite.internal.util.tostring.*;
import org.apache.ignite.internal.util.typedef.*;
import org.apache.ignite.internal.util.typedef.internal.*;
import org.apache.ignite.lang.*;
+import org.apache.ignite.plugin.security.*;
import org.apache.ignite.stream.*;
import org.jetbrains.annotations.*;
import org.jsr166.*;
@@ -413,6 +414,8 @@ public class DataStreamerImpl<K, V> implements IgniteDataStreamer<K, V>, Delayed
@Override public IgniteFuture<?> addData(Collection<? extends Map.Entry<K, V>> entries) {
A.notEmpty(entries, "entries");
+ checkSecurityPermission(SecurityPermission.CACHE_PUT);
+
enterBusy();
try {
@@ -520,6 +523,11 @@ public class DataStreamerImpl<K, V> implements IgniteDataStreamer<K, V>, Delayed
@Override public IgniteFuture<?> addData(K key, V val) {
A.notNull(key, "key");
+ if (val == null)
+ checkSecurityPermission(SecurityPermission.CACHE_REMOVE);
+ else
+ checkSecurityPermission(SecurityPermission.CACHE_PUT);
+
KeyCacheObject key0 = cacheObjProc.toCacheKeyObject(cacheObjCtx, key, true);
CacheObject val0 = cacheObjProc.toCacheObject(cacheObjCtx, val, true);
@@ -980,6 +988,20 @@ public class DataStreamerImpl<K, V> implements IgniteDataStreamer<K, V>, Delayed
}
/**
+ * Check permissions for streaming.
+ *
+ * @param perm Security permission.
+ * @throws org.apache.ignite.plugin.security.SecurityException If permissions are not enough for streaming.
+ */
+ private void checkSecurityPermission(SecurityPermission perm)
+ throws org.apache.ignite.plugin.security.SecurityException{
+ if (!ctx.security().enabled())
+ return;
+
+ ctx.security().authorize(cacheName, perm, null);
+ }
+
+ /**
*
*/
private class Buffer {
http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/5288b2d8/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerUpdateJob.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerUpdateJob.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerUpdateJob.java
index 21ba3ac..9e0703a 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerUpdateJob.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerUpdateJob.java
@@ -22,6 +22,7 @@ import org.apache.ignite.internal.*;
import org.apache.ignite.internal.processors.cache.*;
import org.apache.ignite.internal.util.lang.*;
import org.apache.ignite.internal.util.typedef.*;
+import org.apache.ignite.plugin.security.*;
import org.apache.ignite.stream.*;
import org.jetbrains.annotations.*;
@@ -106,8 +107,13 @@ class DataStreamerUpdateJob implements GridPlainCallable<Object> {
CacheObject val = e.getValue();
- if (val != null)
+ if (val != null) {
+ checkSecurityPermission(SecurityPermission.CACHE_PUT);
+
val.finishUnmarshal(cctx.cacheObjectContext(), cctx.deploy().globalLoader());
+ }
+ else
+ checkSecurityPermission(SecurityPermission.CACHE_REMOVE);
}
if (unwrapEntries()) {
@@ -139,4 +145,16 @@ class DataStreamerUpdateJob implements GridPlainCallable<Object> {
private boolean unwrapEntries() {
return !(rcvr instanceof DataStreamerCacheUpdaters.InternalUpdater);
}
+
+ /**
+ * @param perm Security permission.
+ * @throws org.apache.ignite.plugin.security.SecurityException If permission is not enough.
+ */
+ private void checkSecurityPermission(SecurityPermission perm)
+ throws org.apache.ignite.plugin.security.SecurityException {
+ if (!ctx.security().enabled())
+ return;
+
+ ctx.security().authorize(cacheName, perm, null);
+ }
}
[4/4] incubator-ignite git commit: review
Posted by yz...@apache.org.
review
Project: http://git-wip-us.apache.org/repos/asf/incubator-ignite/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ignite/commit/f55a17f7
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ignite/tree/f55a17f7
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ignite/diff/f55a17f7
Branch: refs/heads/ignite-752-2
Commit: f55a17f71ec97513a6968b1ea3c359bc6238cc5e
Parents: 58ca345
Author: Yakov Zhdanov <yz...@gridgain.com>
Authored: Fri Jul 31 13:32:32 2015 +0300
Committer: Yakov Zhdanov <yz...@gridgain.com>
Committed: Fri Jul 31 13:32:32 2015 +0300
----------------------------------------------------------------------
.../main/java/org/apache/ignite/spi/discovery/tcp/ServerImpl.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/f55a17f7/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ServerImpl.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ServerImpl.java b/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ServerImpl.java
index b2be5b3..47ba8e6 100644
--- a/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ServerImpl.java
+++ b/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ServerImpl.java
@@ -2313,7 +2313,7 @@ class ServerImpl extends TcpDiscoveryImpl {
// If node existed on connection initialization we should check
// whether it has not gone yet.
if (nextNodeExists)
- log.warning("Failed to send message to next node [msg=" + msg + ", next=" + next +
+ U.warn(log, "Failed to send message to next node [msg=" + msg + ", next=" + next +
", errMsg=" + (err != null ? err.getMessage() : "N/A") + ']');
else if (log.isDebugEnabled())
log.debug("Failed to send message to next node [msg=" + msg + ", next=" + next +
[2/4] incubator-ignite git commit: #ignite-1175: Add test for dht
local partition map.
Posted by yz...@apache.org.
#ignite-1175: Add test for dht local partition map.
Project: http://git-wip-us.apache.org/repos/asf/incubator-ignite/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ignite/commit/7ed4d15f
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ignite/tree/7ed4d15f
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ignite/diff/7ed4d15f
Branch: refs/heads/ignite-752-2
Commit: 7ed4d15f16c71e1683fd659865653a383d99259e
Parents: 5288b2d
Author: ivasilinets <iv...@gridgain.com>
Authored: Thu Jul 30 14:12:27 2015 +0300
Committer: ivasilinets <iv...@gridgain.com>
Committed: Thu Jul 30 14:12:27 2015 +0300
----------------------------------------------------------------------
...cheDhtLocalPartitionAfterRemoveSelfTest.java | 107 +++++++++++++++++++
1 file changed, 107 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/7ed4d15f/modules/core/src/test/java/org/apache/ignite/internal/processors/cache/CacheDhtLocalPartitionAfterRemoveSelfTest.java
----------------------------------------------------------------------
diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/cache/CacheDhtLocalPartitionAfterRemoveSelfTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/cache/CacheDhtLocalPartitionAfterRemoveSelfTest.java
new file mode 100644
index 0000000..b04e41a
--- /dev/null
+++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/cache/CacheDhtLocalPartitionAfterRemoveSelfTest.java
@@ -0,0 +1,107 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ignite.internal.processors.cache;
+
+import org.apache.ignite.*;
+import org.apache.ignite.cache.*;
+import org.apache.ignite.configuration.*;
+import org.apache.ignite.internal.processors.cache.distributed.dht.*;
+import org.apache.ignite.testframework.junits.common.*;
+
+/**
+ * Test for remove operation.
+ */
+public class CacheDhtLocalPartitionAfterRemoveSelfTest extends GridCommonAbstractTest {
+ /** {@inheritDoc} */
+ @Override protected IgniteConfiguration getConfiguration(String gridName) throws Exception {
+ IgniteConfiguration cfg = super.getConfiguration(gridName);
+
+ CacheConfiguration ccfg = new CacheConfiguration();
+
+ ccfg.setAtomicityMode(CacheAtomicityMode.TRANSACTIONAL);
+ ccfg.setEvictSynchronized(false);
+ ccfg.setNearConfiguration(null);
+
+ cfg.setCacheConfiguration(ccfg);
+
+ return cfg;
+ }
+
+ /** {@inheritDoc} */
+ @Override protected void beforeTestsStarted() throws Exception {
+ startGrids(1);
+ }
+
+ /** {@inheritDoc} */
+ @Override protected void afterTestsStopped() throws Exception {
+ stopAllGrids();
+ }
+
+ /**
+ * @throws Exception If failed.
+ */
+ public void testMemoryUsage() throws Exception {
+ IgniteCache<TestKey, Integer> cache = grid(0).cache(null);
+
+ for (int i = 0; i < 1000; ++i)
+ cache.put(new TestKey("" + i), i);
+
+ for (int i = 0; i < 1000; ++i)
+ assert cache.getAndRemove(new TestKey("" + i)).equals(i);
+
+ assertEquals(0, cache.size());
+
+ int size = 0;
+
+ for (GridDhtLocalPartition p : dht(cache).topology().localPartitions()) {
+ int pSize = p.size();
+
+ size += pSize;
+ }
+
+ System.out.println("All size: " + size);
+ }
+
+ /**
+ * Test key.
+ */
+ private static class TestKey {
+ /** Key. */
+ private String key;
+
+ /**
+ * @param key Key.
+ */
+ public TestKey(String key) {
+ this.key = key;
+ }
+
+ /** {@inheritDoc} */
+ @Override public int hashCode() {
+ return key.hashCode();
+ }
+
+ /** {@inheritDoc} */
+ @Override public boolean equals(Object obj) {
+ if (obj == null || !(obj instanceof TestKey))
+ return false;
+
+ return key.equals(((TestKey)obj).key);
+ }
+ }
+}
[3/4] incubator-ignite git commit: Merge branches 'ignite-752-2' and
'master' of https://git-wip-us.apache.org/repos/asf/incubator-ignite into
ignite-752-2
Posted by yz...@apache.org.
Merge branches 'ignite-752-2' and 'master' of https://git-wip-us.apache.org/repos/asf/incubator-ignite into ignite-752-2
Project: http://git-wip-us.apache.org/repos/asf/incubator-ignite/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ignite/commit/58ca345f
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ignite/tree/58ca345f
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ignite/diff/58ca345f
Branch: refs/heads/ignite-752-2
Commit: 58ca345f622dbadfba7ef2d3dce850c4baa1f319
Parents: 5f921f6 7ed4d15
Author: Yakov Zhdanov <yz...@gridgain.com>
Authored: Fri Jul 31 13:24:51 2015 +0300
Committer: Yakov Zhdanov <yz...@gridgain.com>
Committed: Fri Jul 31 13:24:51 2015 +0300
----------------------------------------------------------------------
.../datastreamer/DataStreamerImpl.java | 22 ++++
.../datastreamer/DataStreamerUpdateJob.java | 20 +++-
...cheDhtLocalPartitionAfterRemoveSelfTest.java | 107 +++++++++++++++++++
3 files changed, 148 insertions(+), 1 deletion(-)
----------------------------------------------------------------------