From 0e1d1f7e86bd7b1a65160b8844c8b8f925a87112 Mon Sep 17 00:00:00 2001 From: Deokwoo Han Date: Tue, 2 Aug 2016 17:34:32 +0900 Subject: [PATCH] Unauthorized client can shutdown the cluster --- .../org/apache/hadoop/hbase/master/HMaster.java | 22 +++++++++------------- .../hadoop/hbase/master/MasterRpcServices.java | 15 +++++++++++++-- .../apache/hadoop/hbase/util/JVMClusterUtil.java | 15 ++++++++++++--- .../security/access/TestAccessController.java | 21 +++++++++++---------- 4 files changed, 45 insertions(+), 28 deletions(-) diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java index 5f5cc38..4e6952a 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java @@ -2176,7 +2176,11 @@ public class HMaster extends HRegionServer implements MasterServices { getLoadedCoprocessors()); } if (t != null) LOG.fatal(msg, t); - stopMaster(); + try { + stopMaster(); + } catch (IOException e) { + LOG.error("Exception occurred while stopping master", e); + } } @Override @@ -2218,13 +2222,9 @@ public class HMaster extends HRegionServer implements MasterServices { return rsFatals; } - public void shutdown() { + public void shutdown() throws IOException { if (cpHost != null) { - try { - cpHost.preShutdown(); - } catch (IOException ioe) { - LOG.error("Error call master coprocessor preShutdown()", ioe); - } + cpHost.preShutdown(); } if (this.serverManager != null) { @@ -2239,13 +2239,9 @@ public class HMaster extends HRegionServer implements MasterServices { } } - public void stopMaster() { + public void stopMaster() throws IOException { if (cpHost != null) { - try { - cpHost.preStopMaster(); - } catch (IOException ioe) { - LOG.error("Error call master coprocessor preStopMaster()", ioe); - } + cpHost.preStopMaster(); } stop("Stopped by " + Thread.currentThread().getName()); } diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java index 8974945..ad1a3ca 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java @@ -92,6 +92,7 @@ import org.apache.hadoop.hbase.protobuf.generated.RegionServerStatusProtos.Repor import org.apache.hadoop.hbase.protobuf.generated.RegionServerStatusProtos.ReportRegionStateTransitionRequest; import org.apache.hadoop.hbase.protobuf.generated.RegionServerStatusProtos.ReportRegionStateTransitionResponse; import org.apache.hadoop.hbase.regionserver.RSRpcServices; +import org.apache.hadoop.hbase.security.AccessDeniedException; import org.apache.hadoop.hbase.security.User; import org.apache.hadoop.hbase.security.access.AccessController; import org.apache.hadoop.hbase.security.visibility.VisibilityController; @@ -1204,7 +1205,12 @@ public class MasterRpcServices extends RSRpcServices public ShutdownResponse shutdown(RpcController controller, ShutdownRequest request) throws ServiceException { LOG.info(master.getClientIdAuditPrefix() + " shutdown"); - master.shutdown(); + try { + master.shutdown(); + } catch (IOException e) { + LOG.error("Exception occurred in HMaster.shutdown()", e); + throw new ServiceException(e); + } return ShutdownResponse.newBuilder().build(); } @@ -1241,7 +1247,12 @@ public class MasterRpcServices extends RSRpcServices public StopMasterResponse stopMaster(RpcController controller, StopMasterRequest request) throws ServiceException { LOG.info(master.getClientIdAuditPrefix() + " stop"); - master.stopMaster(); + try { + master.stopMaster(); + } catch (IOException e) { + LOG.error("Exception occurred while stopping master", e); + throw new ServiceException(e); + } return StopMasterResponse.newBuilder().build(); } diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/util/JVMClusterUtil.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/util/JVMClusterUtil.java index 25ed63c..79865bb 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/util/JVMClusterUtil.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/util/JVMClusterUtil.java @@ -249,14 +249,23 @@ public class JVMClusterUtil { JVMClusterUtil.MasterThread activeMaster = null; for (JVMClusterUtil.MasterThread t : masters) { if (!t.master.isActiveMaster()) { - t.master.stopMaster(); + try { + t.master.stopMaster(); + } catch (IOException e) { + LOG.error("Exception occurred while stopping master", e); + } } else { activeMaster = t; } } // Do active after. - if (activeMaster != null) - activeMaster.master.shutdown(); + if (activeMaster != null) { + try { + activeMaster.master.shutdown(); + } catch (IOException e) { + LOG.error("Exception occurred in HMaster.shutdown()", e); + } + } } boolean wasInterrupted = false; diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java index f58e24e..ef4be75 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java @@ -94,6 +94,7 @@ import org.apache.hadoop.hbase.io.hfile.HFileContext; import org.apache.hadoop.hbase.io.hfile.HFileContextBuilder; import org.apache.hadoop.hbase.ipc.protobuf.generated.TestProcedureProtos; import org.apache.hadoop.hbase.mapreduce.LoadIncrementalHFiles; +import org.apache.hadoop.hbase.master.HMaster; import org.apache.hadoop.hbase.master.MasterCoprocessorHost; import org.apache.hadoop.hbase.master.procedure.MasterProcedureEnv; import org.apache.hadoop.hbase.master.procedure.TableProcedureInterface; @@ -754,14 +755,14 @@ public class TestAccessController extends SecureTestUtil { @Test (timeout=180000) public void testShutdown() throws Exception { AccessTestAction action = new AccessTestAction() { - @Override - public Object run() throws Exception { - ACCESS_CONTROLLER.preShutdown(ObserverContext.createAndPrepare(CP_ENV, null)); + @Override public Object run() throws Exception { + HMaster master = TEST_UTIL.getHBaseCluster().getMaster(); + master.shutdown(); return null; } }; - - verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN); + // If verifyAllowed run, miniCluster was shutting down. + // verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_CREATE); verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE); } @@ -769,14 +770,14 @@ public class TestAccessController extends SecureTestUtil { @Test (timeout=180000) public void testStopMaster() throws Exception { AccessTestAction action = new AccessTestAction() { - @Override - public Object run() throws Exception { - ACCESS_CONTROLLER.preStopMaster(ObserverContext.createAndPrepare(CP_ENV, null)); + @Override public Object run() throws Exception { + HMaster master = TEST_UTIL.getHBaseCluster().getMaster(); + master.stopMaster(); return null; } }; - - verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN); + // If verifyAllowed run, miniCluster was shutting down. + // verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_GROUP_CREATE); verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE); } -- 2.7.0