Details
-
Bug
-
Status: Open
-
Critical
-
Resolution: Unresolved
-
None
-
None
-
None
Description
BackupNode and QJournal lack Permission check, as BackupNode will be removed in the future, will not fix it.
below is origin description.
I have some doubt when i configurate secure HDFS. I know we have Service Level Authorization for protocols like NamenodeProtocol,DatanodeProtocol and so on.
But i do not find such Authorization for JournalProtocol after reading the code in HDFSPolicyProvider. And if we have, how can i configurate such Authorization?
Besides even NamenodeProtocol has Service Level Authorization, its methods still have Permission check. Take startCheckpoint in NameNodeRpcServer who implemented NamenodeProtocol for example:
public NamenodeCommand startCheckpoint(NamenodeRegistration registration)
throws IOException {
String operationName = "startCheckpoint";
checkNNStartup();
_namesystem.checkSuperuserPrivilege(operationName);_
......
I found that the methods in BackupNodeRpcServer who implemented JournalProtocol lack of such Permission check. See below:
public void startLogSegment(JournalInfo journalInfo, long epoch,
long txid) throws IOException {
namesystem.checkOperation(OperationCategory.JOURNAL);
verifyJournalRequest(journalInfo);
getBNImage().namenodeStartedLogSegment(txid);
}
@Override
public void journal(JournalInfo journalInfo, long epoch, long firstTxId,
int numTxns, byte[] records) throws IOException {
namesystem.checkOperation(OperationCategory.JOURNAL);
verifyJournalRequest(journalInfo);
getBNImage().journal(firstTxId, numTxns, records);
}
Do we need add Permission check for them?
Please point out my mistakes if i am wrong or miss something.
Attachments
Issue Links
- relates to
-
HDFS-4114 Remove the BackupNode and CheckpointNode from trunk
- Patch Available
- links to