[HADOOP-11322] key based ACL check in KMS always check KeyOpType.MANAGEMENT even actual KeyOpType is not MANAGEMENT - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.6.0
Fix Version/s: 2.7.0
Component/s: security
Labels:
None

Target Version/s:

2.7.0
Hadoop Flags:

Reviewed

Description

In the method checkAccess of class KeyAuthorizationKeyProvider, there is following code:

private void checkAccess(String aclName, UserGroupInformation ugi,
      KeyOpType opType) throws AuthorizationException {
    Preconditions.checkNotNull(aclName, "Key ACL name cannot be null");
    Preconditions.checkNotNull(ugi, "UserGroupInformation cannot be null");
    if (acls.isACLPresent(aclName, KeyOpType.MANAGEMENT) &&
        (acls.hasAccessToKey(aclName, ugi, opType)
            || acls.hasAccessToKey(aclName, ugi, KeyOpType.ALL))) {
      return;
    }
...
}

Seems that

acls.isACLPresent(aclName, KeyOpType.MANAGEMENT)

should be replaced with

acls.isACLPresent(aclName, opType)

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-11322.patch
20/Nov/14 06:33
1 kB
Dian Fu
HADOOP-11322.patch.2
22/Nov/14 06:51
4 kB
Dian Fu

Activity

People

Assignee:: Dian Fu

Reporter:: Dian Fu

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 20/Nov/14 06:29

Updated:: 10/Apr/15 20:04

Resolved:: 25/Nov/14 02:07