Repository: accumulo Updated Branches: refs/heads/1.6 cc25f5135 -> 9a4dd3000 refs/heads/1.7 d71e5ee4c -> 99c734c8c refs/heads/master 8c059437d -> fba068b7b
ACCUMULO-3880 Remove halt on bad SystemToken. While incorrect SystemTokens might sometimes be the product of inconsistent system configuration, it can also be used as an attack vector by malicious parties. We need to treat invalid authentications for the system user the same as regular users (deny them and keep going). Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/9a4dd300 Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/9a4dd300 Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/9a4dd300 Branch: refs/heads/1.6 Commit: 9a4dd3000ce5c8e1ebb884810b7ad3195bb1fa43 Parents: cc25f51 Author: Josh Elser <els...@apache.org> Authored: Mon Jun 1 18:34:47 2015 -0400 Committer: Josh Elser <els...@apache.org> Committed: Mon Jun 1 18:34:47 2015 -0400 ---------------------------------------------------------------------- .../java/org/apache/accumulo/tserver/TabletServer.java | 11 ----------- 1 file changed, 11 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/accumulo/blob/9a4dd300/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java ---------------------------------------------------------------------- diff --git a/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java b/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java index c502166..128aaa9 100644 --- a/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java +++ b/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java @@ -2206,7 +2206,6 @@ public class TabletServer extends AbstractMetricsImpl implements org.apache.accu private ZooCache masterLockCache = new ZooCache(); private void checkPermission(TCredentials credentials, String lock, final String request) throws ThriftSecurityException { - boolean fatal = false; try { log.debug("Got " + request + " message from user: " + credentials.getPrincipal()); if (!security.canPerformSystemActions(credentials)) { @@ -2217,18 +2216,8 @@ public class TabletServer extends AbstractMetricsImpl implements org.apache.accu log.warn("Got " + request + " message from unauthenticatable user: " + e.getUser()); if (SystemCredentials.get().getToken().getClass().getName().equals(credentials.getTokenClassName())) { log.fatal("Got message from a service with a mismatched configuration. Please ensure a compatible configuration.", e); - fatal = true; } throw e; - } finally { - if (fatal) { - Halt.halt(1, new Runnable() { - @Override - public void run() { - logGCInfo(getSystemConfiguration()); - } - }); - } } if (tabletServerLock == null || !tabletServerLock.wasLockAcquired()) {
