Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-16958

NPE when hadoop.security.authorization is enabled but the input PolicyProvider for ZKFCRpcServer is NULL

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 3.2.1
    • 3.4.0
    • common, ha
    • None
    • Reviewed
    • ha,configuration,ZKFCRpcServer
    • Patch

    Description

      During initialization, ZKFCRpcServer refreshes the service authorization ACL for the service handled by this server if config hadoop.security.authorization is enabled, by calling refreshServiceAcl with the input PolicyProvider and Configuration.

      ZKFCRpcServer(Configuration conf,
       InetSocketAddress bindAddr,
       ZKFailoverController zkfc,
       PolicyProvider policy) throws IOException {
       this.server = ...
       
       // set service-level authorization security policy
       if (conf.getBoolean(
       CommonConfigurationKeys.HADOOP_SECURITY_AUTHORIZATION, false)) {
       server.refreshServiceAcl(conf, policy);
       }
      }

      refreshServiceAcl calls ServiceAuthorizationManager#refreshWithLoadedConfiguration which directly gets services from the provider with provider.getServices(). When the provider is NULL, the code throws NPE without an informative message. In addition, the default value of config `hadoop.security.authorization.policyprovider` (which controls PolicyProvider here) is NULL and the only usage of ZKFCRpcServer initializer provides only an abstract method getPolicyProvider which does not enforce that PolicyProvider should not be NULL.

      The suggestion here is to either add a guard check or exception handling with an informative logging message on ZKFCRpcServer to handle input PolicyProvider being NULL.

       

      I am very happy to provide a patch for it if the issue is confirmed

      Attachments

        1. HADOOP-16958.000.patch
          6 kB
          Ctest
        2. HADOOP-16958.001.patch
          6 kB
          Ctest
        3. HADOOP-16958.002.patch
          6 kB
          Ctest
        4. HADOOP-16958.003.patch
          5 kB
          Ctest
        5. HADOOP-16958.004.patch
          4 kB
          Ctest

        Activity

          People

            ctest.team Ctest
            ctest.team Ctest
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: