From eef6a4834a8780037513d8fbe024671400fd70b8 Mon Sep 17 00:00:00 2001 From: Deokwoo Han Date: Fri, 29 Jul 2016 11:07:51 +0900 Subject: [PATCH] HBASE-16284 Unauthorized client can shutdown the cluster --- .../apache/hadoop/hbase/master/HMaster.java | 22 ++++++--------- .../hbase/master/MasterRpcServices.java | 15 ++++++++-- .../hadoop/hbase/util/JVMClusterUtil.java | 15 ++++++++-- .../security/access/TestAccessController.java | 28 +++++++++++++++++++ 4 files changed, 62 insertions(+), 18 deletions(-) diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java index 5f5cc3887a2..4e6952ae895 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java @@ -2176,7 +2176,11 @@ public class HMaster extends HRegionServer implements MasterServices { getLoadedCoprocessors()); } if (t != null) LOG.fatal(msg, t); - stopMaster(); + try { + stopMaster(); + } catch (IOException e) { + LOG.error("Exception occurred while stopping master", e); + } } @Override @@ -2218,13 +2222,9 @@ public class HMaster extends HRegionServer implements MasterServices { return rsFatals; } - public void shutdown() { + public void shutdown() throws IOException { if (cpHost != null) { - try { - cpHost.preShutdown(); - } catch (IOException ioe) { - LOG.error("Error call master coprocessor preShutdown()", ioe); - } + cpHost.preShutdown(); } if (this.serverManager != null) { @@ -2239,13 +2239,9 @@ public class HMaster extends HRegionServer implements MasterServices { } } - public void stopMaster() { + public void stopMaster() throws IOException { if (cpHost != null) { - try { - cpHost.preStopMaster(); - } catch (IOException ioe) { - LOG.error("Error call master coprocessor preStopMaster()", ioe); - } + cpHost.preStopMaster(); } stop("Stopped by " + Thread.currentThread().getName()); } diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java index 8974945ea96..ad1a3ca7667 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java @@ -92,6 +92,7 @@ import org.apache.hadoop.hbase.protobuf.generated.RegionServerStatusProtos.Repor import org.apache.hadoop.hbase.protobuf.generated.RegionServerStatusProtos.ReportRegionStateTransitionRequest; import org.apache.hadoop.hbase.protobuf.generated.RegionServerStatusProtos.ReportRegionStateTransitionResponse; import org.apache.hadoop.hbase.regionserver.RSRpcServices; +import org.apache.hadoop.hbase.security.AccessDeniedException; import org.apache.hadoop.hbase.security.User; import org.apache.hadoop.hbase.security.access.AccessController; import org.apache.hadoop.hbase.security.visibility.VisibilityController; @@ -1204,7 +1205,12 @@ public class MasterRpcServices extends RSRpcServices public ShutdownResponse shutdown(RpcController controller, ShutdownRequest request) throws ServiceException { LOG.info(master.getClientIdAuditPrefix() + " shutdown"); - master.shutdown(); + try { + master.shutdown(); + } catch (IOException e) { + LOG.error("Exception occurred in HMaster.shutdown()", e); + throw new ServiceException(e); + } return ShutdownResponse.newBuilder().build(); } @@ -1241,7 +1247,12 @@ public class MasterRpcServices extends RSRpcServices public StopMasterResponse stopMaster(RpcController controller, StopMasterRequest request) throws ServiceException { LOG.info(master.getClientIdAuditPrefix() + " stop"); - master.stopMaster(); + try { + master.stopMaster(); + } catch (IOException e) { + LOG.error("Exception occurred while stopping master", e); + throw new ServiceException(e); + } return StopMasterResponse.newBuilder().build(); } diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/util/JVMClusterUtil.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/util/JVMClusterUtil.java index 25ed63cc195..79865bb5a13 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/util/JVMClusterUtil.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/util/JVMClusterUtil.java @@ -249,14 +249,23 @@ public class JVMClusterUtil { JVMClusterUtil.MasterThread activeMaster = null; for (JVMClusterUtil.MasterThread t : masters) { if (!t.master.isActiveMaster()) { - t.master.stopMaster(); + try { + t.master.stopMaster(); + } catch (IOException e) { + LOG.error("Exception occurred while stopping master", e); + } } else { activeMaster = t; } } // Do active after. - if (activeMaster != null) - activeMaster.master.shutdown(); + if (activeMaster != null) { + try { + activeMaster.master.shutdown(); + } catch (IOException e) { + LOG.error("Exception occurred in HMaster.shutdown()", e); + } + } } boolean wasInterrupted = false; diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java index f58e24ed85c..20ff85ff704 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java @@ -94,6 +94,7 @@ import org.apache.hadoop.hbase.io.hfile.HFileContext; import org.apache.hadoop.hbase.io.hfile.HFileContextBuilder; import org.apache.hadoop.hbase.ipc.protobuf.generated.TestProcedureProtos; import org.apache.hadoop.hbase.mapreduce.LoadIncrementalHFiles; +import org.apache.hadoop.hbase.master.HMaster; import org.apache.hadoop.hbase.master.MasterCoprocessorHost; import org.apache.hadoop.hbase.master.procedure.MasterProcedureEnv; import org.apache.hadoop.hbase.master.procedure.TableProcedureInterface; @@ -331,6 +332,33 @@ public class TestAccessController extends SecureTestUtil { TEST_TABLE.getNamespaceAsString()).size()); } + @Test (timeout=180000) + public void testUnauthorizedShutdown() throws Exception { + AccessTestAction action = new AccessTestAction() { + @Override public Object run() throws Exception { + HMaster master = TEST_UTIL.getHBaseCluster().getMaster(); + master.shutdown(); + return null; + } + }; + verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ, + USER_GROUP_WRITE, USER_GROUP_CREATE); + } + + @Test (timeout=180000) + public void testUnauthorizedStopMaster() throws Exception { + AccessTestAction action = new AccessTestAction() { + @Override public Object run() throws Exception { + HMaster master = TEST_UTIL.getHBaseCluster().getMaster(); + master.stopMaster(); + return null; + } + }; + + verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ, + USER_GROUP_WRITE, USER_GROUP_CREATE); + } + @Test (timeout=180000) public void testSecurityCapabilities() throws Exception { List capabilities = TEST_UTIL.getConnection().getAdmin()