Return-Path: <notifications-return-37783-archive-asf-public=cust-asf.ponee.io@accumulo.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 1433B200BD2
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Sat, 19 Nov 2016 03:10:00 +0100 (CET)
Received: by cust-asf.ponee.io (Postfix)
	id 12A90160B16; Sat, 19 Nov 2016 02:10:00 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 5BC98160B04
	for <archive-asf-public@cust-asf.ponee.io>; Sat, 19 Nov 2016 03:09:59 +0100 (CET)
Received: (qmail 51328 invoked by uid 500); 19 Nov 2016 02:09:58 -0000
Mailing-List: contact notifications-help@accumulo.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:notifications-help@accumulo.apache.org>
List-Unsubscribe: <mailto:notifications-unsubscribe@accumulo.apache.org>
List-Post: <mailto:notifications@accumulo.apache.org>
List-Id: <notifications.accumulo.apache.org>
Reply-To: jira@apache.org
Delivered-To: mailing list notifications@accumulo.apache.org
Received: (qmail 51313 invoked by uid 99); 19 Nov 2016 02:09:58 -0000
Received: from arcas.apache.org (HELO arcas) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 19 Nov 2016 02:09:58 +0000
Received: from arcas.apache.org (localhost [127.0.0.1])
	by arcas (Postfix) with ESMTP id 6F5412C4C72
	for <notifications@accumulo.apache.org>; Sat, 19 Nov 2016 02:09:58 +0000 (UTC)
Date: Sat, 19 Nov 2016 02:09:58 +0000 (UTC)
From: "Yudong Wu (JIRA)" <jira@apache.org>
To: notifications@accumulo.apache.org
Message-ID: <JIRA.13020057.1478855399000.318592.1479521398453@Atlassian.JIRA>
In-Reply-To: <JIRA.13020057.1478855399000@Atlassian.JIRA>
References: <JIRA.13020057.1478855399000@Atlassian.JIRA> <JIRA.13020057.1478855399889@arcas>
Subject: [jira] [Updated] (ACCUMULO-4519) System permission bug in Thrift
 Proxy
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394
archived-at: Sat, 19 Nov 2016 02:10:00 -0000


     [ https://issues.apache.org/jira/browse/ACCUMULO-4519?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Yudong Wu updated ACCUMULO-4519:
--------------------------------
    Attachment:     (was: ACCUMULO-4519.0000.patch)

> System permission bug in Thrift Proxy
> -------------------------------------
>
>                 Key: ACCUMULO-4519
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-4519
>             Project: Accumulo
>          Issue Type: Bug
>          Components: proxy
>    Affects Versions: 1.8.0
>            Reporter: Yudong Wu
>             Fix For: 1.7.3, 1.8.1, 2.0.0
>
>
> The system permission list between core and Thrift proxy is inconsistent. The proxy lacks the support for some of the newly added system permissions, including:
> {{System.CREATE_NAMESPACE}}
> {{System.DROP_NAMESPACE}}
> {{System.ALTER_NAMESPACE}}
> {{System.OBTAIN_DELEGATION_TOKEN}}
> Currently, when connecting through Thrift proxy, we can't grant, check or revoke the above 4 System permissions. When a proxy client sends permissions (i.e., {{System.CREATE_NAMESPACE}}), it will receive {{AccumuloException}} wrapping around {{java.lang.NullPointerException}}:
> {code:borderStyle=solid}
> Traceback (most recent call last):
>   File "Client.py", line 32, in <module>
>     client.grantSystemPermission(login, username, CREATE_NAMESPACE_PERM)
>   File "***AccumuloProxy.py", line 2980, in grantSystemPermission
>     self.recv_grantSystemPermission()
>   File "***AccumuloProxy.py", line 3006, in recv_grantSystemPermission
>     raise result.ouch1
> accumulo.ttypes.AccumuloException: AccumuloException(msg='java.lang.NullPointerException')
> {code}
> The bug is in the Thrift proxy file
> {code:title=accumulo/proxy/src/main/thrift/proxy/thrift|borderStyle=solid}
> enum SystemPermission {
>   GRANT = 0,
>   CREATE_TABLE = 1,
>   DROP_TABLE = 2,
>   ALTER_TABLE = 3,
>   CREATE_USER = 4,
>   DROP_USER = 5,
>   ALTER_USER = 6,
>   SYSTEM = 7,
> }
> {code}
> The {{SystemPermission}} enum clearly misses Permission #8--#11 defined in Accumulo core:
> {code:title=accumulo/core/.../SystemPermission.java|borderStyle=solid}
> public enum SystemPermission {
>   /*
>    * One may add new permissions, but new permissions must use new numbers. Current numbers in use must not be changed.
>    */
>   GRANT((byte) 0),
>   CREATE_TABLE((byte) 1),
>   DROP_TABLE((byte) 2),
>   ALTER_TABLE((byte) 3),
>   CREATE_USER((byte) 4),
>   DROP_USER((byte) 5),
>   ALTER_USER((byte) 6),
>   SYSTEM((byte) 7),
>   CREATE_NAMESPACE((byte) 8),
>   DROP_NAMESPACE((byte) 9),
>   ALTER_NAMESPACE((byte) 10),
>   OBTAIN_DELEGATION_TOKEN((byte) 11);
> }
> {code}
> The fix should be straightforward---just add the corresponding permissions into the Thrift proxy file. 
> Let me know if you need any more info, or want a patch for this. 
> Thanks!



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)