HDFS-14915. Move Superuser Check Before Taking Lock For Encryption API. Contributed by Ayush Saxena.

2019-10-22 18:44:22 +05:30 · 2019-10-22 18:44:22 +05:30 · 8c74717720
parent 2d1f3611cd
commit 8c74717720
1 changed files with 3 additions and 4 deletions
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
@ -7372,11 +7372,11 @@ public class FSNamesystem implements Namesystem, FSNamesystemMBean,
      Metadata metadata = FSDirEncryptionZoneOp.ensureKeyIsInitialized(dir,
          keyName, src);
      final FSPermissionChecker pc = getPermissionChecker();
+      checkSuperuserPrivilege(pc);
      checkOperation(OperationCategory.WRITE);
      final FileStatus resultingStat;
      writeLock();
      try {
-        checkSuperuserPrivilege(pc);
        checkOperation(OperationCategory.WRITE);
        checkNameNodeSafeMode("Cannot create encryption zone on " + src);
        resultingStat = FSDirEncryptionZoneOp.createEncryptionZone(dir, src,
@ -7433,10 +7433,10 @@ public class FSNamesystem implements Namesystem, FSNamesystemMBean,
    boolean success = false;
    checkOperation(OperationCategory.READ);
    final FSPermissionChecker pc = getPermissionChecker();
+    checkSuperuserPrivilege(pc);
    readLock();
    try {
      checkOperation(OperationCategory.READ);
-      checkSuperuserPrivilege(pc);
      final BatchedListEntries<EncryptionZone> ret =
          FSDirEncryptionZoneOp.listEncryptionZones(dir, prevId);
      success = true;
@ -7470,10 +7470,10 @@ public class FSNamesystem implements Namesystem, FSNamesystemMBean,
    boolean success = false;
    checkOperation(OperationCategory.READ);
    final FSPermissionChecker pc = getPermissionChecker();
+    checkSuperuserPrivilege(pc);
    readLock();
    try {
      checkOperation(OperationCategory.READ);
-      checkSuperuserPrivilege(pc);
      final BatchedListEntries<ZoneReencryptionStatus> ret =
          FSDirEncryptionZoneOp.listReencryptionStatus(dir, prevId);
      success = true;
@ -7504,7 +7504,6 @@ public class FSNamesystem implements Namesystem, FSNamesystemMBean,
    }
    writeLock();
    try {
-      checkSuperuserPrivilege(pc);
      checkOperation(OperationCategory.WRITE);
      checkNameNodeSafeMode("NameNode in safemode, cannot " + action
          + " re-encryption on zone " + zone);