[jira] [Updated] (HDFS-11924) FSPermissionChecker.checkTraverse doesn't pass FsAction access properly

2017-09-10 Thread Gavin (JIRA) 

 [ 
https://issues.apache.org/jira/browse/HDFS-11924?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Gavin updated HDFS-11924:
-
Reporter: Zsombor Gegesy  (was: Zsombor Gegesy)

> FSPermissionChecker.checkTraverse doesn't pass FsAction access properly
> ---
>
> Key: HDFS-11924
> URL: https://issues.apache.org/jira/browse/HDFS-11924
> Project: Hadoop HDFS
>  Issue Type: Bug
>  Components: security
>Affects Versions: 2.8.0
>Reporter: Zsombor Gegesy
>  Labels: hdfs, hdfspermission
> Attachments: 
> 0001-HDFS-11924-Pass-FsAction-to-the-external-AccessContr.patch
>
>
> In 2.7.1, during file access check, the AccessControlEnforcer is called with 
> the access parameter filled with FsAction values.
> A thread dump in this case:
> {code}
>   FSPermissionChecker.checkPermission(INodesInPath, boolean, FsAction, 
> FsAction, FsAction, FsAction, boolean) line: 189   
>   FSDirectory.checkPermission(FSPermissionChecker, INodesInPath, boolean, 
> FsAction, FsAction, FsAction, FsAction, boolean) line: 1698 
>   FSDirectory.checkPermission(FSPermissionChecker, INodesInPath, boolean, 
> FsAction, FsAction, FsAction, FsAction) line: 1682  
>   FSDirectory.checkPathAccess(FSPermissionChecker, INodesInPath, 
> FsAction) line: 1656 
>   FSNamesystem.appendFileInternal(FSPermissionChecker, INodesInPath, 
> String, String, boolean, boolean) line: 2668 
>   FSNamesystem.appendFileInt(String, String, String, boolean, boolean) 
> line: 2985 
>   FSNamesystem.appendFile(String, String, String, EnumSet, 
> boolean) line: 2952
>   NameNodeRpcServer.append(String, String, EnumSetWritable) 
> line: 653 
>   ClientNamenodeProtocolServerSideTranslatorPB.append(RpcController, 
> ClientNamenodeProtocolProtos$AppendRequestProto) line: 421   
>   
> ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod(Descriptors$MethodDescriptor,
>  RpcController, Message) line: not available  
>   ProtobufRpcEngine$Server$ProtoBufRpcInvoker.call(RPC$Server, String, 
> Writable, long) line: 616  
>   ProtobufRpcEngine$Server(RPC$Server).call(RPC$RpcKind, String, 
> Writable, long) line: 969
>   Server$Handler$1.run() line: 2049   
>   Server$Handler$1.run() line: 2045   
>   AccessController.doPrivileged(PrivilegedExceptionAction, 
> AccessControlContext) line: not available [native method]   
>   Subject.doAs(Subject, PrivilegedExceptionAction) line: 422   
>   UserGroupInformation.doAs(PrivilegedExceptionAction) line: 1657  
> {code}
> However, in 2.8.0 this value is changed to null, because in 
> FSPermissionChecker.checkTraverse(FSPermissionChecker pc, INodesInPath iip, 
> boolean resolveLink) couldn't pass the required information, so it's simply 
> use 'null'.
> This is a regression between 2.7.1 and 2.8.0, because external 
> AccessControlEnforcer couldn't work properly



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

[jira] [Updated] (HDFS-11924) FSPermissionChecker.checkTraverse doesn't pass FsAction access properly

2017-06-07 Thread Vinod Kumar Vavilapalli (JIRA) 

 [ 
https://issues.apache.org/jira/browse/HDFS-11924?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vinod Kumar Vavilapalli updated HDFS-11924:
---
Target Version/s: 2.8.2
   Fix Version/s: (was: 2.8.1)

Please leave the fix-version field alone for a committer to set it at commit 
time. Updating it myself for now.

> FSPermissionChecker.checkTraverse doesn't pass FsAction access properly
> ---
>
> Key: HDFS-11924
> URL: https://issues.apache.org/jira/browse/HDFS-11924
> Project: Hadoop HDFS
>  Issue Type: Bug
>  Components: security
>Affects Versions: 2.8.0
>Reporter: Zsombor Gegesy
>  Labels: hdfs, hdfspermission
> Attachments: 
> 0001-HDFS-11924-Pass-FsAction-to-the-external-AccessContr.patch
>
>
> In 2.7.1, during file access check, the AccessControlEnforcer is called with 
> the access parameter filled with FsAction values.
> A thread dump in this case:
> {code}
>   FSPermissionChecker.checkPermission(INodesInPath, boolean, FsAction, 
> FsAction, FsAction, FsAction, boolean) line: 189   
>   FSDirectory.checkPermission(FSPermissionChecker, INodesInPath, boolean, 
> FsAction, FsAction, FsAction, FsAction, boolean) line: 1698 
>   FSDirectory.checkPermission(FSPermissionChecker, INodesInPath, boolean, 
> FsAction, FsAction, FsAction, FsAction) line: 1682  
>   FSDirectory.checkPathAccess(FSPermissionChecker, INodesInPath, 
> FsAction) line: 1656 
>   FSNamesystem.appendFileInternal(FSPermissionChecker, INodesInPath, 
> String, String, boolean, boolean) line: 2668 
>   FSNamesystem.appendFileInt(String, String, String, boolean, boolean) 
> line: 2985 
>   FSNamesystem.appendFile(String, String, String, EnumSet, 
> boolean) line: 2952
>   NameNodeRpcServer.append(String, String, EnumSetWritable) 
> line: 653 
>   ClientNamenodeProtocolServerSideTranslatorPB.append(RpcController, 
> ClientNamenodeProtocolProtos$AppendRequestProto) line: 421   
>   
> ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod(Descriptors$MethodDescriptor,
>  RpcController, Message) line: not available  
>   ProtobufRpcEngine$Server$ProtoBufRpcInvoker.call(RPC$Server, String, 
> Writable, long) line: 616  
>   ProtobufRpcEngine$Server(RPC$Server).call(RPC$RpcKind, String, 
> Writable, long) line: 969
>   Server$Handler$1.run() line: 2049   
>   Server$Handler$1.run() line: 2045   
>   AccessController.doPrivileged(PrivilegedExceptionAction, 
> AccessControlContext) line: not available [native method]   
>   Subject.doAs(Subject, PrivilegedExceptionAction) line: 422   
>   UserGroupInformation.doAs(PrivilegedExceptionAction) line: 1657  
> {code}
> However, in 2.8.0 this value is changed to null, because in 
> FSPermissionChecker.checkTraverse(FSPermissionChecker pc, INodesInPath iip, 
> boolean resolveLink) couldn't pass the required information, so it's simply 
> use 'null'.
> This is a regression between 2.7.1 and 2.8.0, because external 
> AccessControlEnforcer couldn't work properly



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

[jira] [Updated] (HDFS-11924) FSPermissionChecker.checkTraverse doesn't pass FsAction access properly

2017-06-04 Thread Zsombor Gegesy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/HDFS-11924?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Zsombor Gegesy updated HDFS-11924:
--
Attachment: 0001-HDFS-11924-Pass-FsAction-to-the-external-AccessContr.patch

> FSPermissionChecker.checkTraverse doesn't pass FsAction access properly
> ---
>
> Key: HDFS-11924
> URL: https://issues.apache.org/jira/browse/HDFS-11924
> Project: Hadoop HDFS
>  Issue Type: Bug
>  Components: security
>Affects Versions: 2.8.0
>Reporter: Zsombor Gegesy
>  Labels: hdfs, hdfspermission
> Fix For: 2.8.1
>
> Attachments: 
> 0001-HDFS-11924-Pass-FsAction-to-the-external-AccessContr.patch
>
>
> In 2.7.1, during file access check, the AccessControlEnforcer is called with 
> the access parameter filled with FsAction values.
> A thread dump in this case:
> {code}
>   FSPermissionChecker.checkPermission(INodesInPath, boolean, FsAction, 
> FsAction, FsAction, FsAction, boolean) line: 189   
>   FSDirectory.checkPermission(FSPermissionChecker, INodesInPath, boolean, 
> FsAction, FsAction, FsAction, FsAction, boolean) line: 1698 
>   FSDirectory.checkPermission(FSPermissionChecker, INodesInPath, boolean, 
> FsAction, FsAction, FsAction, FsAction) line: 1682  
>   FSDirectory.checkPathAccess(FSPermissionChecker, INodesInPath, 
> FsAction) line: 1656 
>   FSNamesystem.appendFileInternal(FSPermissionChecker, INodesInPath, 
> String, String, boolean, boolean) line: 2668 
>   FSNamesystem.appendFileInt(String, String, String, boolean, boolean) 
> line: 2985 
>   FSNamesystem.appendFile(String, String, String, EnumSet, 
> boolean) line: 2952
>   NameNodeRpcServer.append(String, String, EnumSetWritable) 
> line: 653 
>   ClientNamenodeProtocolServerSideTranslatorPB.append(RpcController, 
> ClientNamenodeProtocolProtos$AppendRequestProto) line: 421   
>   
> ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod(Descriptors$MethodDescriptor,
>  RpcController, Message) line: not available  
>   ProtobufRpcEngine$Server$ProtoBufRpcInvoker.call(RPC$Server, String, 
> Writable, long) line: 616  
>   ProtobufRpcEngine$Server(RPC$Server).call(RPC$RpcKind, String, 
> Writable, long) line: 969
>   Server$Handler$1.run() line: 2049   
>   Server$Handler$1.run() line: 2045   
>   AccessController.doPrivileged(PrivilegedExceptionAction, 
> AccessControlContext) line: not available [native method]   
>   Subject.doAs(Subject, PrivilegedExceptionAction) line: 422   
>   UserGroupInformation.doAs(PrivilegedExceptionAction) line: 1657  
> {code}
> However, in 2.8.0 this value is changed to null, because in 
> FSPermissionChecker.checkTraverse(FSPermissionChecker pc, INodesInPath iip, 
> boolean resolveLink) couldn't pass the required information, so it's simply 
> use 'null'.
> This is a regression between 2.7.1 and 2.8.0, because external 
> AccessControlEnforcer couldn't work properly



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org