ZooKeeper
  1. ZooKeeper
  2. ZOOKEEPER-904

super digest is not actually acting as a full superuser

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 3.3.1
    • Fix Version/s: 3.3.2, 3.4.0
    • Component/s: server
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      The documentation states:
      New in 3.2: Enables a ZooKeeper ensemble administrator to access the znode hierarchy as a "super" user. In particular no ACL checking occurs for a user authenticated as super.

      However, if a super user does something like:
      zk.setACL("/", Ids.READ_ACL_UNSAFE, -1);

      the super user is now bound by read-only ACL. This is not what I would expect to see given the documentation. It can be fixed by moving the chec for the "super" authId in PrepRequestProcessor.checkACL to before the for(ACL a : acl) loop.

      1. ZOOKEEPER-904-332.patch
        2 kB
        Camille Fournier
      2. ZOOKEEPER-904.patch
        2 kB
        Camille Fournier

        Activity

        Camille Fournier created issue -
        Camille Fournier made changes -
        Field Original Value New Value
        Assignee Camille Fournier [ fournc ]
        Mahadev konar made changes -
        Fix Version/s 3.4.0 [ 12314469 ]
        Hide
        Camille Fournier added a comment -

        Fix for trunk

        Show
        Camille Fournier added a comment - Fix for trunk
        Camille Fournier made changes -
        Attachment ZOOKEEPER-904.patch [ 12457854 ]
        Hide
        Patrick Hunt added a comment -

        Thanks for the patch, feel free to click "submit patch" once you have a patch ready to go. It transitions the workflow and lets us (committers) know to review your patch.

        Show
        Patrick Hunt added a comment - Thanks for the patch, feel free to click "submit patch" once you have a patch ready to go. It transitions the workflow and lets us (committers) know to review your patch.
        Patrick Hunt made changes -
        Status Open [ 1 ] Patch Available [ 10002 ]
        Hide
        Patrick Hunt added a comment -

        We should consider this for 3.3.2 as well, or at least 3.3.3

        Show
        Patrick Hunt added a comment - We should consider this for 3.3.2 as well, or at least 3.3.3
        Patrick Hunt made changes -
        Fix Version/s 3.3.2 [ 12315108 ]
        Hide
        Camille Fournier added a comment -

        I would love it in 3.3.2, will upload a patch for that version.

        Show
        Camille Fournier added a comment - I would love it in 3.3.2, will upload a patch for that version.
        Hide
        Camille Fournier added a comment -

        for 3.3.2 release

        Show
        Camille Fournier added a comment - for 3.3.2 release
        Camille Fournier made changes -
        Attachment ZOOKEEPER-904-332.patch [ 12457991 ]
        Hide
        Mahadev konar added a comment -

        good catch. +1 for the patch. Ill run ant test and will commit to both 3.3.2 and 3.4.

        Show
        Mahadev konar added a comment - good catch. +1 for the patch. Ill run ant test and will commit to both 3.3.2 and 3.4.
        Hide
        Mahadev konar added a comment -

        Ran the tests, it passes. I just committed this to 3.3 and trunk.

        thanks Camille.

        Show
        Mahadev konar added a comment - Ran the tests, it passes. I just committed this to 3.3 and trunk. thanks Camille.
        Mahadev konar made changes -
        Status Patch Available [ 10002 ] Resolved [ 5 ]
        Hadoop Flags [Reviewed]
        Resolution Fixed [ 1 ]
        Hide
        Hudson added a comment -

        Integrated in ZooKeeper-trunk #981 (See https://hudson.apache.org/hudson/job/ZooKeeper-trunk/981/)
        ZOOKEEPER-904. super digest is not actually acting as a full superuser (Camille Fournier via mahadev)

        Show
        Hudson added a comment - Integrated in ZooKeeper-trunk #981 (See https://hudson.apache.org/hudson/job/ZooKeeper-trunk/981/ ) ZOOKEEPER-904 . super digest is not actually acting as a full superuser (Camille Fournier via mahadev)
        Mahadev konar made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open Patch Available Patch Available
        2d 22h 1m 1 Patrick Hunt 22/Oct/10 19:45
        Patch Available Patch Available Resolved Resolved
        4d 3h 45m 1 Mahadev konar 26/Oct/10 23:31
        Resolved Resolved Closed Closed
        392d 20h 51m 1 Mahadev konar 23/Nov/11 19:22

          People

          • Assignee:
            Camille Fournier
            Reporter:
            Camille Fournier
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development