Description
When new global permissions are assigned, there is a race condition, during which further authorization checks relying on global permissions may fail.
In TableAuthManager.updateGlobalCache(), we have:
USER_CACHE.clear(); GROUP_CACHE.clear(); try { initGlobal(conf); } catch (IOException e) { // Never happens LOG.error("Error occured while updating the user cache", e); } for (Map.Entry<String,TablePermission> entry : userPerms.entries()) { if (AccessControlLists.isGroupPrincipal(entry.getKey())) { GROUP_CACHE.put(AccessControlLists.getGroupName(entry.getKey()), new Permission(entry.getValue().getActions())); } else { USER_CACHE.put(entry.getKey(), new Permission(entry.getValue().getActions())); } }
If authorization checks come in following the .clear() but before repopulating, they will fail.
We should have some synchronization here to serialize multiple updates and use a COW type rebuild and reassign of the new maps.
This particular issue crept in with the fix in HBASE-6157, so I'm flagging for 0.94 and 0.96.