HDFS-14915. Move Superuser Check Before Taking Lock For Encryption API. Contributed by Ayush Saxena.
This commit is contained in:
parent
362657c1a3
commit
4d4f5325bd
@ -7311,11 +7311,11 @@ void createEncryptionZone(final String src, final String keyName,
|
||||
Metadata metadata = FSDirEncryptionZoneOp.ensureKeyIsInitialized(dir,
|
||||
keyName, src);
|
||||
final FSPermissionChecker pc = getPermissionChecker();
|
||||
checkSuperuserPrivilege(pc);
|
||||
checkOperation(OperationCategory.WRITE);
|
||||
final FileStatus resultingStat;
|
||||
writeLock();
|
||||
try {
|
||||
checkSuperuserPrivilege(pc);
|
||||
checkOperation(OperationCategory.WRITE);
|
||||
checkNameNodeSafeMode("Cannot create encryption zone on " + src);
|
||||
resultingStat = FSDirEncryptionZoneOp.createEncryptionZone(dir, src,
|
||||
@ -7372,10 +7372,10 @@ BatchedListEntries<EncryptionZone> listEncryptionZones(long prevId)
|
||||
boolean success = false;
|
||||
checkOperation(OperationCategory.READ);
|
||||
final FSPermissionChecker pc = getPermissionChecker();
|
||||
checkSuperuserPrivilege(pc);
|
||||
readLock();
|
||||
try {
|
||||
checkOperation(OperationCategory.READ);
|
||||
checkSuperuserPrivilege(pc);
|
||||
final BatchedListEntries<EncryptionZone> ret =
|
||||
FSDirEncryptionZoneOp.listEncryptionZones(dir, prevId);
|
||||
success = true;
|
||||
@ -7409,10 +7409,10 @@ BatchedListEntries<ZoneReencryptionStatus> listReencryptionStatus(
|
||||
boolean success = false;
|
||||
checkOperation(OperationCategory.READ);
|
||||
final FSPermissionChecker pc = getPermissionChecker();
|
||||
checkSuperuserPrivilege(pc);
|
||||
readLock();
|
||||
try {
|
||||
checkOperation(OperationCategory.READ);
|
||||
checkSuperuserPrivilege(pc);
|
||||
final BatchedListEntries<ZoneReencryptionStatus> ret =
|
||||
FSDirEncryptionZoneOp.listReencryptionStatus(dir, prevId);
|
||||
success = true;
|
||||
@ -7443,7 +7443,6 @@ private void reencryptEncryptionZoneInt(final FSPermissionChecker pc,
|
||||
}
|
||||
writeLock();
|
||||
try {
|
||||
checkSuperuserPrivilege(pc);
|
||||
checkOperation(OperationCategory.WRITE);
|
||||
checkNameNodeSafeMode("NameNode in safemode, cannot " + action
|
||||
+ " re-encryption on zone " + zone);
|
||||
|
Loading…
x
Reference in New Issue
Block a user