Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-2540

Authorization failures on exactly-once RPCs cause FATAL

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.3.1, 1.4.0, 1.5.0, 1.6.0, 1.7.1
    • Fix Version/s: 1.6.1, 1.8.0, 1.7.2
    • Component/s: rpc, security
    • Labels:
      None
    • Target Version/s:

      Description

      If authorization fails on an RPC with result-tracking enabled (eg TabletService.Write) then the ResultTracker will FATAL. The issue is that the authz method is called prior to registering the request on the ResultTracker, and the authz method then tries to call RespondFailure(). This triggers code in the ResultTracker which tries to look up the RPC and fails because it wasn't registered. The error is something like "couldn't find ClientState for request"

      One fix would be for the authz method to be called after registering the request tracker, but Dan Burkert had some concerns about that back in the review https://gerrit.cloudera.org/c/4897/ . Another fix might be to remember in the RpcContext whether the RPC has been registered yet, and if not, short-circuit the call back into ResultTracker.

        Attachments

          Activity

            People

            • Assignee:
              danburkert Dan Burkert
              Reporter:
              tlipcon Todd Lipcon
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: