Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HDFS-14915. Move Superuser Check Before Taking Lock For Encryption API. Contributed by Ayush Saxena.

This commit is contained in:
Ayush Saxena 2019-10-22 18:44:22 +05:30
parent 2d1f3611cd
commit 8c74717720
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
View File

@ -7372,11 +7372,11 @@ public class FSNamesystem implements Namesystem, FSNamesystemMBean,
Metadata metadata = FSDirEncryptionZoneOp.ensureKeyIsInitialized(dir, Metadata metadata = FSDirEncryptionZoneOp.ensureKeyIsInitialized(dir,
keyName, src); keyName, src);
final FSPermissionChecker pc = getPermissionChecker(); final FSPermissionChecker pc = getPermissionChecker();
checkSuperuserPrivilege(pc);
checkOperation(OperationCategory.WRITE); checkOperation(OperationCategory.WRITE);
final FileStatus resultingStat; final FileStatus resultingStat;
writeLock(); writeLock();
try { try {
checkSuperuserPrivilege(pc);
checkOperation(OperationCategory.WRITE); checkOperation(OperationCategory.WRITE);
checkNameNodeSafeMode("Cannot create encryption zone on " + src); checkNameNodeSafeMode("Cannot create encryption zone on " + src);
resultingStat = FSDirEncryptionZoneOp.createEncryptionZone(dir, src, resultingStat = FSDirEncryptionZoneOp.createEncryptionZone(dir, src,
@ -7433,10 +7433,10 @@ public class FSNamesystem implements Namesystem, FSNamesystemMBean,
boolean success = false; boolean success = false;
checkOperation(OperationCategory.READ); checkOperation(OperationCategory.READ);
final FSPermissionChecker pc = getPermissionChecker(); final FSPermissionChecker pc = getPermissionChecker();
checkSuperuserPrivilege(pc);
readLock(); readLock();
try { try {
checkOperation(OperationCategory.READ); checkOperation(OperationCategory.READ);
checkSuperuserPrivilege(pc);
final BatchedListEntries<EncryptionZone> ret = final BatchedListEntries<EncryptionZone> ret =
FSDirEncryptionZoneOp.listEncryptionZones(dir, prevId); FSDirEncryptionZoneOp.listEncryptionZones(dir, prevId);
success = true; success = true;
@ -7470,10 +7470,10 @@ public class FSNamesystem implements Namesystem, FSNamesystemMBean,
boolean success = false; boolean success = false;
checkOperation(OperationCategory.READ); checkOperation(OperationCategory.READ);
final FSPermissionChecker pc = getPermissionChecker(); final FSPermissionChecker pc = getPermissionChecker();
checkSuperuserPrivilege(pc);
readLock(); readLock();
try { try {
checkOperation(OperationCategory.READ); checkOperation(OperationCategory.READ);
checkSuperuserPrivilege(pc);
final BatchedListEntries<ZoneReencryptionStatus> ret = final BatchedListEntries<ZoneReencryptionStatus> ret =
FSDirEncryptionZoneOp.listReencryptionStatus(dir, prevId); FSDirEncryptionZoneOp.listReencryptionStatus(dir, prevId);
success = true; success = true;
@ -7504,7 +7504,6 @@ public class FSNamesystem implements Namesystem, FSNamesystemMBean,
} }
writeLock(); writeLock();
try { try {
checkSuperuserPrivilege(pc);
checkOperation(OperationCategory.WRITE); checkOperation(OperationCategory.WRITE);
checkNameNodeSafeMode("NameNode in safemode, cannot " + action checkNameNodeSafeMode("NameNode in safemode, cannot " + action
+ " re-encryption on zone " + zone); + " re-encryption on zone " + zone);