HDFS-14915. Move Superuser Check Before Taking Lock For Encryption API. Contributed by Ayush Saxena.
This commit is contained in:
parent
19f35cfd57
commit
6020505943
@ -7437,10 +7437,10 @@ void createEncryptionZone(final String src, final String keyName,
|
|||||||
Metadata metadata = FSDirEncryptionZoneOp.ensureKeyIsInitialized(dir,
|
Metadata metadata = FSDirEncryptionZoneOp.ensureKeyIsInitialized(dir,
|
||||||
keyName, src);
|
keyName, src);
|
||||||
final FSPermissionChecker pc = getPermissionChecker();
|
final FSPermissionChecker pc = getPermissionChecker();
|
||||||
|
checkSuperuserPrivilege(pc);
|
||||||
checkOperation(OperationCategory.WRITE);
|
checkOperation(OperationCategory.WRITE);
|
||||||
writeLock();
|
writeLock();
|
||||||
try {
|
try {
|
||||||
checkSuperuserPrivilege(pc);
|
|
||||||
checkOperation(OperationCategory.WRITE);
|
checkOperation(OperationCategory.WRITE);
|
||||||
checkNameNodeSafeMode("Cannot create encryption zone on " + src);
|
checkNameNodeSafeMode("Cannot create encryption zone on " + src);
|
||||||
resultingStat = FSDirEncryptionZoneOp.createEncryptionZone(dir, src,
|
resultingStat = FSDirEncryptionZoneOp.createEncryptionZone(dir, src,
|
||||||
@ -7496,10 +7496,10 @@ BatchedListEntries<EncryptionZone> listEncryptionZones(long prevId)
|
|||||||
boolean success = false;
|
boolean success = false;
|
||||||
checkOperation(OperationCategory.READ);
|
checkOperation(OperationCategory.READ);
|
||||||
final FSPermissionChecker pc = getPermissionChecker();
|
final FSPermissionChecker pc = getPermissionChecker();
|
||||||
|
checkSuperuserPrivilege(pc);
|
||||||
readLock();
|
readLock();
|
||||||
try {
|
try {
|
||||||
checkOperation(OperationCategory.READ);
|
checkOperation(OperationCategory.READ);
|
||||||
checkSuperuserPrivilege(pc);
|
|
||||||
final BatchedListEntries<EncryptionZone> ret =
|
final BatchedListEntries<EncryptionZone> ret =
|
||||||
FSDirEncryptionZoneOp.listEncryptionZones(dir, prevId);
|
FSDirEncryptionZoneOp.listEncryptionZones(dir, prevId);
|
||||||
success = true;
|
success = true;
|
||||||
@ -7533,10 +7533,10 @@ BatchedListEntries<ZoneReencryptionStatus> listReencryptionStatus(
|
|||||||
boolean success = false;
|
boolean success = false;
|
||||||
checkOperation(OperationCategory.READ);
|
checkOperation(OperationCategory.READ);
|
||||||
final FSPermissionChecker pc = getPermissionChecker();
|
final FSPermissionChecker pc = getPermissionChecker();
|
||||||
|
checkSuperuserPrivilege(pc);
|
||||||
readLock();
|
readLock();
|
||||||
try {
|
try {
|
||||||
checkOperation(OperationCategory.READ);
|
checkOperation(OperationCategory.READ);
|
||||||
checkSuperuserPrivilege(pc);
|
|
||||||
final BatchedListEntries<ZoneReencryptionStatus> ret =
|
final BatchedListEntries<ZoneReencryptionStatus> ret =
|
||||||
FSDirEncryptionZoneOp.listReencryptionStatus(dir, prevId);
|
FSDirEncryptionZoneOp.listReencryptionStatus(dir, prevId);
|
||||||
success = true;
|
success = true;
|
||||||
@ -7567,7 +7567,6 @@ private void reencryptEncryptionZoneInt(final FSPermissionChecker pc,
|
|||||||
}
|
}
|
||||||
writeLock();
|
writeLock();
|
||||||
try {
|
try {
|
||||||
checkSuperuserPrivilege(pc);
|
|
||||||
checkOperation(OperationCategory.WRITE);
|
checkOperation(OperationCategory.WRITE);
|
||||||
checkNameNodeSafeMode("NameNode in safemode, cannot " + action
|
checkNameNodeSafeMode("NameNode in safemode, cannot " + action
|
||||||
+ " re-encryption on zone " + zone);
|
+ " re-encryption on zone " + zone);
|
||||||
|
Loading…
Reference in New Issue
Block a user