From a14f08876bd01224250c2f672ef3ad4e64257af8 Mon Sep 17 00:00:00 2001 From: lujiefsi Date: Thu, 31 Dec 2020 02:55:49 +0800 Subject: [PATCH] HBASE-25441 : add security check for some APIs in RSRpcServices (#2830) (#2810) Signed-off-by: stack Signed-off-by: Viraj Jasani --- .../org/apache/hadoop/hbase/master/HMaster.java | 13 +++++++++++++ .../hadoop/hbase/regionserver/RSRpcServices.java | 9 +++++++-- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java index 39cb5bc5459..4d5af03e962 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java @@ -2761,6 +2761,19 @@ public class HMaster extends HRegionServer implements MasterServices { return initialized.isReady(); } + /** + * Report whether this master is started + * + * This method is used for testing. + * + * @return true if master is ready to go, false if not. + */ + + @Override + public boolean isOnline() { + return serviceStarted; + } + /** * Report whether this master is in maintenance mode. * diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java index 7862b93f018..d399fe7e3fa 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java @@ -2323,6 +2323,7 @@ public class RSRpcServices implements HBaseRPCErrorHandler, @QosPriority(priority=HConstants.ADMIN_QOS) public StopServerResponse stopServer(final RpcController controller, final StopServerRequest request) throws ServiceException { + rpcPreCheck("stopServer"); requestCount.increment(); String reason = request.getReason(); regionServer.stop(reason); @@ -2332,6 +2333,7 @@ public class RSRpcServices implements HBaseRPCErrorHandler, @Override public UpdateFavoredNodesResponse updateFavoredNodes(RpcController controller, UpdateFavoredNodesRequest request) throws ServiceException { + rpcPreCheck("updateFavoredNodes"); List openInfoList = request.getUpdateInfoList(); UpdateFavoredNodesResponse.Builder respBuilder = UpdateFavoredNodesResponse.newBuilder(); for (UpdateFavoredNodesRequest.RegionUpdateInfo regionUpdateInfo : openInfoList) { @@ -3693,6 +3695,7 @@ public class RSRpcServices implements HBaseRPCErrorHandler, RpcController controller, UpdateConfigurationRequest request) throws ServiceException { try { + requirePermission("updateConfiguration", Permission.Action.ADMIN); this.regionServer.updateConfiguration(); } catch (Exception e) { throw new ServiceException(e); @@ -3725,7 +3728,8 @@ public class RSRpcServices implements HBaseRPCErrorHandler, @Override public ClearRegionBlockCacheResponse clearRegionBlockCache(RpcController controller, - ClearRegionBlockCacheRequest request) { + ClearRegionBlockCacheRequest request) throws ServiceException { + rpcPreCheck("clearRegionBlockCache"); ClearRegionBlockCacheResponse.Builder builder = ClearRegionBlockCacheResponse.newBuilder(); CacheEvictionStatsBuilder stats = CacheEvictionStats.builder(); @@ -3878,7 +3882,8 @@ public class RSRpcServices implements HBaseRPCErrorHandler, @Override @QosPriority(priority = HConstants.ADMIN_QOS) public ClearSlowLogResponses clearSlowLogsResponses(final RpcController controller, - final ClearSlowLogResponseRequest request) { + final ClearSlowLogResponseRequest request) throws ServiceException { + rpcPreCheck("clearSlowLogsResponses"); final NamedQueueRecorder namedQueueRecorder = this.regionServer.getNamedQueueRecorder(); boolean slowLogsCleaned = Optional.ofNullable(namedQueueRecorder)