HDFS-16868. Fix audit log duplicate issue when an ACE occurs in FSNamesystem. (#5206). Contributed by Beibei Zhao.

Signed-off-by: Chris Nauroth <cnauroth@apache.org> Signed-off-by: He Xiaoqiao <hexiaoqiao@apache.org>
2022-12-13 12:24:51 +08:00 · 2022-12-13 12:24:51 +08:00 · fdcbc8b072
parent a71aaef9a9
commit fdcbc8b072
1 changed files with 8 additions and 8 deletions
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
@ -3621,10 +3621,10 @@ void setQuota(String src, long nsQuota, long ssQuota, StorageType type)
    final String operationName = getQuotaCommand(nsQuota, ssQuota);
    final FSPermissionChecker pc = getPermissionChecker();
    FSPermissionChecker.setOperationType(operationName);
+    if(!allowOwnerSetQuota) {
+      checkSuperuserPrivilege(operationName, src);
+    }
    try {
-      if(!allowOwnerSetQuota) {
-        checkSuperuserPrivilege(operationName, src);
-      }
      writeLock();
      try {
        checkOperation(OperationCategory.WRITE);
@ -7761,8 +7761,8 @@ void addCachePool(CachePoolInfo req, boolean logRetryCache)
    checkOperation(OperationCategory.WRITE);
    String poolInfoStr = null;
    String poolName = req == null ? null : req.getPoolName();
+    checkSuperuserPrivilege(operationName, poolName);
    try {
-      checkSuperuserPrivilege(operationName, poolName);
      writeLock();
      try {
        checkOperation(OperationCategory.WRITE);
@ -7788,8 +7788,8 @@ void modifyCachePool(CachePoolInfo req, boolean logRetryCache)
    checkOperation(OperationCategory.WRITE);
    String poolNameStr = "{poolName: " +
        (req == null ? null : req.getPoolName()) + "}";
+    checkSuperuserPrivilege(operationName, poolNameStr);
    try {
-      checkSuperuserPrivilege(operationName, poolNameStr);
      writeLock();
      try {
        checkOperation(OperationCategory.WRITE);
@ -7815,8 +7815,8 @@ void removeCachePool(String cachePoolName, boolean logRetryCache)
    final String operationName = "removeCachePool";
    checkOperation(OperationCategory.WRITE);
    String poolNameStr = "{poolName: " + cachePoolName + "}";
+    checkSuperuserPrivilege(operationName, poolNameStr);
    try {
-      checkSuperuserPrivilege(operationName, poolNameStr);
      writeLock();
      try {
        checkOperation(OperationCategory.WRITE);
@ -8017,11 +8017,11 @@ void createEncryptionZone(final String src, final String keyName,
          SafeModeException, AccessControlException {
    final String operationName = "createEncryptionZone";
    FileStatus resultingStat = null;
+    checkSuperuserPrivilege(operationName, src);
    try {
      Metadata metadata = FSDirEncryptionZoneOp.ensureKeyIsInitialized(dir,
          keyName, src);
      final FSPermissionChecker pc = getPermissionChecker();
-      checkSuperuserPrivilege(operationName, src);
      checkOperation(OperationCategory.WRITE);
      writeLock();
      try {
@ -8100,11 +8100,11 @@ void reencryptEncryptionZone(final String zone, final ReencryptAction action,
      final boolean logRetryCache) throws IOException {
    final String operationName = "reencryptEncryptionZone";
    boolean success = false;
+    checkSuperuserPrivilege(operationName, zone);
    try {
      Preconditions.checkNotNull(zone, "zone is null.");
      checkOperation(OperationCategory.WRITE);
      final FSPermissionChecker pc = dir.getPermissionChecker();
-      checkSuperuserPrivilege(operationName, zone);
      checkNameNodeSafeMode("NameNode in safemode, cannot " + action
          + " re-encryption on zone " + zone);
      reencryptEncryptionZoneInt(pc, zone, action, logRetryCache);