HBase
  1. HBase
  2. HBASE-10860

Insufficient AccessController covering permission check

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 0.98.0
    • Fix Version/s: 0.99.0, 0.98.2
    • Component/s: security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

        List<Cell> list = (List<Cell>)entry.getValue();
        if (list == null || list.isEmpty()) {
      	get.addFamily(col);
        } else {
      	for (Cell cell : list) {
      	  get.addColumn(col, CellUtil.cloneQualifier(cell));
      	}
        }
      

      When a delete family Mutation comes, a Cell will be added into the list with Qualifier as null. (See Delete#deleteFamily(byte[])). So it will miss getting added against the check list == null || list.isEmpty(). We will fail getting the cells under this cf for covering permission check.

      1. HBASE-10860.patch
        2 kB
        Anoop Sam John

        Activity

        Hide
        ramkrishna.s.vasudevan added a comment -

        so we will get an exception here?

        get.addColumn(col, CellUtil.cloneQualifier(cell));
        

        Because the cell has null qualifier? Patch looks good anyway. +1

        Show
        ramkrishna.s.vasudevan added a comment - so we will get an exception here? get.addColumn(col, CellUtil.cloneQualifier(cell)); Because the cell has null qualifier? Patch looks good anyway. +1
        Hide
        Anoop Sam John added a comment -

        No exceptions in the mentioned line Ram.. Just thing is that, it adds a column <cf>:<emptyQ> into the Get. Actually we have to get all the cells under the family (for the given row) as the delete is going to mask all.

        Show
        Anoop Sam John added a comment - No exceptions in the mentioned line Ram.. Just thing is that, it adds a column <cf>:<emptyQ> into the Get. Actually we have to get all the cells under the family (for the given row) as the delete is going to mask all.
        Hide
        ramkrishna.s.vasudevan added a comment -

        Got it.. Internally KV handles null qualifier so no Exception. +1 on patch.

        Show
        ramkrishna.s.vasudevan added a comment - Got it.. Internally KV handles null qualifier so no Exception. +1 on patch.
        Hide
        Hadoop QA added a comment -

        -1 overall. Here are the results of testing the latest attachment
        http://issues.apache.org/jira/secure/attachment/12637373/HBASE-10860.patch
        against trunk revision .
        ATTACHMENT ID: 12637373

        +1 @author. The patch does not contain any @author tags.

        +1 tests included. The patch appears to include 3 new or modified tests.

        -1 javadoc. The javadoc tool appears to have generated 6 warning messages.

        +1 javac. The applied patch does not increase the total number of javac compiler warnings.

        +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.

        +1 release audit. The applied patch does not increase the total number of release audit warnings.

        +1 lineLengths. The patch does not introduce lines longer than 100

        +1 site. The mvn site goal succeeds with this patch.

        +1 core tests. The patch passed unit tests in .

        Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/9125//testReport/
        Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9125//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-protocol.html
        Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9125//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-thrift.html
        Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9125//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-client.html
        Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9125//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop2-compat.html
        Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9125//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-examples.html
        Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9125//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-prefix-tree.html
        Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9125//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-common.html
        Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9125//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-server.html
        Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9125//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html
        Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/9125//console

        This message is automatically generated.

        Show
        Hadoop QA added a comment - -1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12637373/HBASE-10860.patch against trunk revision . ATTACHMENT ID: 12637373 +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 3 new or modified tests. -1 javadoc . The javadoc tool appears to have generated 6 warning messages. +1 javac . The applied patch does not increase the total number of javac compiler warnings. +1 findbugs . The patch does not introduce any new Findbugs (version 1.3.9) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. +1 lineLengths . The patch does not introduce lines longer than 100 +1 site . The mvn site goal succeeds with this patch. +1 core tests . The patch passed unit tests in . Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/9125//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9125//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-protocol.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9125//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-thrift.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9125//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-client.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9125//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop2-compat.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9125//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-examples.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9125//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-prefix-tree.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9125//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-common.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9125//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-server.html Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/9125//artifact/trunk/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/9125//console This message is automatically generated.
        Hide
        Andrew Purtell added a comment -

        +1 patch looks good

        Show
        Andrew Purtell added a comment - +1 patch looks good
        Hide
        Anoop Sam John added a comment -

        Committed to 98 and Trunk. Thanks for the reviews Andy & Ram.

        Show
        Anoop Sam John added a comment - Committed to 98 and Trunk. Thanks for the reviews Andy & Ram.
        Hide
        Hudson added a comment -

        FAILURE: Integrated in HBase-0.98 #257 (See https://builds.apache.org/job/HBase-0.98/257/)
        HBASE-10860 Insufficient AccessController covering permission check.(Anoop) (anoopsamjohn: rev 1582988)

        • /hbase/branches/0.98/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
        • /hbase/branches/0.98/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
        Show
        Hudson added a comment - FAILURE: Integrated in HBase-0.98 #257 (See https://builds.apache.org/job/HBase-0.98/257/ ) HBASE-10860 Insufficient AccessController covering permission check.(Anoop) (anoopsamjohn: rev 1582988) /hbase/branches/0.98/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java /hbase/branches/0.98/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
        Hide
        Hudson added a comment -

        FAILURE: Integrated in HBase-0.98-on-Hadoop-1.1 #241 (See https://builds.apache.org/job/HBase-0.98-on-Hadoop-1.1/241/)
        HBASE-10860 Insufficient AccessController covering permission check.(Anoop) (anoopsamjohn: rev 1582988)

        • /hbase/branches/0.98/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
        • /hbase/branches/0.98/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
        Show
        Hudson added a comment - FAILURE: Integrated in HBase-0.98-on-Hadoop-1.1 #241 (See https://builds.apache.org/job/HBase-0.98-on-Hadoop-1.1/241/ ) HBASE-10860 Insufficient AccessController covering permission check.(Anoop) (anoopsamjohn: rev 1582988) /hbase/branches/0.98/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java /hbase/branches/0.98/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
        Hide
        Hudson added a comment -

        SUCCESS: Integrated in HBase-TRUNK #5050 (See https://builds.apache.org/job/HBase-TRUNK/5050/)
        HBASE-10860 Insufficient AccessController covering permission check.(Anoop) (anoopsamjohn: rev 1582987)

        • /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
        • /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
        Show
        Hudson added a comment - SUCCESS: Integrated in HBase-TRUNK #5050 (See https://builds.apache.org/job/HBase-TRUNK/5050/ ) HBASE-10860 Insufficient AccessController covering permission check.(Anoop) (anoopsamjohn: rev 1582987) /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
        Hide
        Anoop Sam John added a comment -

        This has not gone into 98.1. Changed the fix version back to 98.2

        Show
        Anoop Sam John added a comment - This has not gone into 98.1. Changed the fix version back to 98.2
        Hide
        Enis Soztutar added a comment -

        Closing this issue after 0.99.0 release.

        Show
        Enis Soztutar added a comment - Closing this issue after 0.99.0 release.

          People

          • Assignee:
            Anoop Sam John
            Reporter:
            Anoop Sam John
          • Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development