accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Josh Elser (JIRA)" <>
Subject [jira] [Commented] (ACCUMULO-3568) du shell command uses ServerClient incorrectly
Date Wed, 11 Feb 2015 00:49:13 GMT


Josh Elser commented on ACCUMULO-3568:

After much cursing, finally figured it out. The problem was not the client doing something
bad, but the server *using* the clients credentials instead of its own.

  public List<TDiskUsage> getDiskUsage(Set<String> tables, TCredentials credentials)
throws ThriftTableOperationException, ThriftSecurityException, TException {
    try {
      final Credentials creds = Credentials.fromThrift(credentials);
      Connector conn = instance.getConnector(creds.getPrincipal(), creds.getToken());

That explains why I couldn't figure out what was seemingly different on the client side --
it was nothing. The server should be using its own connector and enforcing proper permissions
to keep users from {{du}}'ing tables which they have no access to.

> du shell command uses ServerClient incorrectly
> ----------------------------------------------
>                 Key: ACCUMULO-3568
>                 URL:
>             Project: Accumulo
>          Issue Type: Bug
>          Components: shell
>         Environment: kerberos
>            Reporter: Josh Elser
>            Assignee: Josh Elser
>            Priority: Critical
>             Fix For: 1.7.0
> {{TableOperationsImpl.getDiskUsage}} uses the {{ServerClient}} class which is meant for
Accumulo services to use to communicate with each other. This results in the authentication
performed for this method being performed (incorrectly) as the system instead of the client.

This message was sent by Atlassian JIRA

View raw message