big-data/hadoop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HDFS-14915. Move Superuser Check Before Taking Lock For Encryption API. Contributed by Ayush Saxena.

Browse Source
This commit is contained in:
Ayush Saxena 2019-10-22 18:44:22 +05:30
parent 19f35cfd57
commit 6020505943
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
View File

@ -7437,10 +7437,10 @@ void createEncryptionZone(final String src, final String keyName,
Metadata metadata = FSDirEncryptionZoneOp.ensureKeyIsInitialized(dir,
keyName, src);
final FSPermissionChecker pc = getPermissionChecker();
checkSuperuserPrivilege(pc);
checkOperation(OperationCategory.WRITE);
writeLock();
try {
checkSuperuserPrivilege(pc);
checkOperation(OperationCategory.WRITE);
checkNameNodeSafeMode("Cannot create encryption zone on " + src);
resultingStat = FSDirEncryptionZoneOp.createEncryptionZone(dir, src,
@ -7496,10 +7496,10 @@ BatchedListEntries<EncryptionZone> listEncryptionZones(long prevId)
boolean success = false;
checkOperation(OperationCategory.READ);
final FSPermissionChecker pc = getPermissionChecker();
checkSuperuserPrivilege(pc);
readLock();
try {
checkOperation(OperationCategory.READ);
checkSuperuserPrivilege(pc);
final BatchedListEntries<EncryptionZone> ret =
FSDirEncryptionZoneOp.listEncryptionZones(dir, prevId);
success = true;
@ -7533,10 +7533,10 @@ BatchedListEntries<ZoneReencryptionStatus> listReencryptionStatus(
boolean success = false;
checkOperation(OperationCategory.READ);
final FSPermissionChecker pc = getPermissionChecker();
checkSuperuserPrivilege(pc);
readLock();
try {
checkOperation(OperationCategory.READ);
checkSuperuserPrivilege(pc);
final BatchedListEntries<ZoneReencryptionStatus> ret =
FSDirEncryptionZoneOp.listReencryptionStatus(dir, prevId);
success = true;
@ -7567,7 +7567,6 @@ private void reencryptEncryptionZoneInt(final FSPermissionChecker pc,
}
writeLock();
try {
checkSuperuserPrivilege(pc);
checkOperation(OperationCategory.WRITE);
checkNameNodeSafeMode("NameNode in safemode, cannot " + action
+ " re-encryption on zone " + zone);