Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.0.3
    • Fix Version/s: 1.2.0
    • Component/s: mrv1
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      The class that does view-based checks, JSPUtil.JobWithViewAccessCheck, has the following internal member:

      private boolean isViewAllowed = true;

      Note that its true.

      Now, in the method that sets proper view-allowed rights, has:

      if (user != null && job != null && jt.areACLsEnabled()) {
            final UserGroupInformation ugi =
              UserGroupInformation.createRemoteUser(user);
            try {
              ugi.doAs(new PrivilegedExceptionAction<Void>() {
                public Void run() throws IOException, ServletException {
      
                  // checks job view permission
                  jt.getACLsManager().checkAccess(job, ugi,
                      Operation.VIEW_JOB_DETAILS);
                  return null;
                }
              });
            } catch (AccessControlException e) {
              String errMsg = "User " + ugi.getShortUserName() +
                  " failed to view " + jobid + "!<br><br>" + e.getMessage() +
                  "<hr><a href=\"jobtracker.jsp\">Go back to JobTracker</a><br>";
              JSPUtil.setErrorAndForward(errMsg, request, response);
              myJob.setViewAccess(false);
            } catch (InterruptedException e) {
              String errMsg = " Interrupted while trying to access " + jobid +
              "<hr><a href=\"jobtracker.jsp\">Go back to JobTracker</a><br>";
              JSPUtil.setErrorAndForward(errMsg, request, response);
              myJob.setViewAccess(false);
            }
          }
          return myJob;
      

      In the above snippet, you can notice that if user==null, which can happen if user is not http-authenticated (as its got via request.getRemoteUser()), can lead to the view being visible since the default is true and we didn't toggle the view to false for user == null case.

      Ideally the default of the view job ACL must be false, or we need an else clause that sets the view rights to false in case of a failure to find the user ID.

      1. MR-4317.patch
        6 kB
        Karthik Kambatla
      2. MR-4317.patch
        6 kB
        Karthik Kambatla

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            Karthik Kambatla
            Reporter:
            Harsh J
          • Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development