HDFS-14915. Move Superuser Check Before Taking Lock For Encryption API. Contributed by Ayush Saxena.

This commit is contained in:
Ayush Saxena 2019-10-22 18:44:22 +05:30
parent 19f35cfd57
commit 6020505943

View File

@ -7437,10 +7437,10 @@ void createEncryptionZone(final String src, final String keyName,
Metadata metadata = FSDirEncryptionZoneOp.ensureKeyIsInitialized(dir, Metadata metadata = FSDirEncryptionZoneOp.ensureKeyIsInitialized(dir,
keyName, src); keyName, src);
final FSPermissionChecker pc = getPermissionChecker(); final FSPermissionChecker pc = getPermissionChecker();
checkSuperuserPrivilege(pc);
checkOperation(OperationCategory.WRITE); checkOperation(OperationCategory.WRITE);
writeLock(); writeLock();
try { try {
checkSuperuserPrivilege(pc);
checkOperation(OperationCategory.WRITE); checkOperation(OperationCategory.WRITE);
checkNameNodeSafeMode("Cannot create encryption zone on " + src); checkNameNodeSafeMode("Cannot create encryption zone on " + src);
resultingStat = FSDirEncryptionZoneOp.createEncryptionZone(dir, src, resultingStat = FSDirEncryptionZoneOp.createEncryptionZone(dir, src,
@ -7496,10 +7496,10 @@ BatchedListEntries<EncryptionZone> listEncryptionZones(long prevId)
boolean success = false; boolean success = false;
checkOperation(OperationCategory.READ); checkOperation(OperationCategory.READ);
final FSPermissionChecker pc = getPermissionChecker(); final FSPermissionChecker pc = getPermissionChecker();
checkSuperuserPrivilege(pc);
readLock(); readLock();
try { try {
checkOperation(OperationCategory.READ); checkOperation(OperationCategory.READ);
checkSuperuserPrivilege(pc);
final BatchedListEntries<EncryptionZone> ret = final BatchedListEntries<EncryptionZone> ret =
FSDirEncryptionZoneOp.listEncryptionZones(dir, prevId); FSDirEncryptionZoneOp.listEncryptionZones(dir, prevId);
success = true; success = true;
@ -7533,10 +7533,10 @@ BatchedListEntries<ZoneReencryptionStatus> listReencryptionStatus(
boolean success = false; boolean success = false;
checkOperation(OperationCategory.READ); checkOperation(OperationCategory.READ);
final FSPermissionChecker pc = getPermissionChecker(); final FSPermissionChecker pc = getPermissionChecker();
checkSuperuserPrivilege(pc);
readLock(); readLock();
try { try {
checkOperation(OperationCategory.READ); checkOperation(OperationCategory.READ);
checkSuperuserPrivilege(pc);
final BatchedListEntries<ZoneReencryptionStatus> ret = final BatchedListEntries<ZoneReencryptionStatus> ret =
FSDirEncryptionZoneOp.listReencryptionStatus(dir, prevId); FSDirEncryptionZoneOp.listReencryptionStatus(dir, prevId);
success = true; success = true;
@ -7567,7 +7567,6 @@ private void reencryptEncryptionZoneInt(final FSPermissionChecker pc,
} }
writeLock(); writeLock();
try { try {
checkSuperuserPrivilege(pc);
checkOperation(OperationCategory.WRITE); checkOperation(OperationCategory.WRITE);
checkNameNodeSafeMode("NameNode in safemode, cannot " + action checkNameNodeSafeMode("NameNode in safemode, cannot " + action
+ " re-encryption on zone " + zone); + " re-encryption on zone " + zone);