Return-Path: X-Original-To: apmail-cassandra-commits-archive@www.apache.org Delivered-To: apmail-cassandra-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 63AFA11A74 for ; Tue, 19 Aug 2014 23:11:21 +0000 (UTC) Received: (qmail 39448 invoked by uid 500); 19 Aug 2014 23:11:21 -0000 Delivered-To: apmail-cassandra-commits-archive@cassandra.apache.org Received: (qmail 39406 invoked by uid 500); 19 Aug 2014 23:11:21 -0000 Mailing-List: contact commits-help@cassandra.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cassandra.apache.org Delivered-To: mailing list commits@cassandra.apache.org Received: (qmail 39365 invoked by uid 99); 19 Aug 2014 23:11:21 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 19 Aug 2014 23:11:21 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id EAB2A8C1305; Tue, 19 Aug 2014 23:11:20 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: aleksey@apache.org To: commits@cassandra.apache.org Date: Tue, 19 Aug 2014 23:11:20 -0000 Message-Id: <4ea05e13de4043558f806e1e24e6aa11@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [1/5] git commit: Improve PasswordAuthenticator default super user setup Repository: cassandra Updated Branches: refs/heads/cassandra-2.1 a37a03632 -> 07185567e Improve PasswordAuthenticator default super user setup patch by Aleksey Yeschenko; reviewed by Jeremiah Jordan for CASSANDRA-7788 Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/48d6950c Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/48d6950c Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/48d6950c Branch: refs/heads/cassandra-2.1 Commit: 48d6950c181987952a4b05e60f918646445d62f9 Parents: 22a4629 Author: Aleksey Yeschenko Authored: Wed Aug 20 02:01:14 2014 +0300 Committer: Aleksey Yeschenko Committed: Wed Aug 20 02:01:14 2014 +0300 ---------------------------------------------------------------------- CHANGES.txt | 1 + src/java/org/apache/cassandra/auth/Auth.java | 25 ++++++++---------- .../cassandra/auth/PasswordAuthenticator.java | 27 +++++++++----------- 3 files changed, 24 insertions(+), 29 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cassandra/blob/48d6950c/CHANGES.txt ---------------------------------------------------------------------- diff --git a/CHANGES.txt b/CHANGES.txt index 9fad7c9..db5fa3a 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,4 +1,5 @@ 1.2.19 + * Improve PasswordAuthenticator default super user setup (CASSANDRA-7788) * Remove duplicates from StorageService.getJoiningNodes (CASSANDRA-7478) * Clone token map outside of hot gossip loops (CASSANDRA-7758) * Add stop method to EmbeddedCassandraService (CASSANDRA-7595) http://git-wip-us.apache.org/repos/asf/cassandra/blob/48d6950c/src/java/org/apache/cassandra/auth/Auth.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/auth/Auth.java b/src/java/org/apache/cassandra/auth/Auth.java index 9cee12a..60c87d7 100644 --- a/src/java/org/apache/cassandra/auth/Auth.java +++ b/src/java/org/apache/cassandra/auth/Auth.java @@ -38,7 +38,6 @@ import org.apache.cassandra.locator.SimpleStrategy; import org.apache.cassandra.service.*; import org.apache.cassandra.transport.messages.ResultMessage; import org.apache.cassandra.utils.ByteBufferUtil; -import org.apache.cassandra.utils.FBUtilities; public class Auth { @@ -137,18 +136,15 @@ public class Auth // the delay is here to give the node some time to see its peers - to reduce // "Skipped default superuser setup: some nodes were not ready" log spam. // It's the only reason for the delay. - if (DatabaseDescriptor.getSeeds().contains(FBUtilities.getBroadcastAddress()) || !DatabaseDescriptor.isAutoBootstrap()) - { - StorageService.tasks.schedule(new Runnable() + StorageService.tasks.schedule(new Runnable() + { + public void run() { - public void run() - { - setupDefaultSuperuser(); - } - }, - SUPERUSER_SETUP_DELAY, - TimeUnit.MILLISECONDS); - } + setupDefaultSuperuser(); + } + }, + SUPERUSER_SETUP_DELAY, + TimeUnit.MILLISECONDS); try { @@ -213,7 +209,7 @@ public class Auth USERS_CF, DEFAULT_SUPERUSER_NAME, true), - ConsistencyLevel.QUORUM); + ConsistencyLevel.ONE); logger.info("Created default superuser '{}'", DEFAULT_SUPERUSER_NAME); } } @@ -228,7 +224,8 @@ public class Auth // Try looking up the 'cassandra' default super user first, to avoid the range query if possible. String defaultSUQuery = String.format("SELECT * FROM %s.%s WHERE name = '%s'", AUTH_KS, USERS_CF, DEFAULT_SUPERUSER_NAME); String allUsersQuery = String.format("SELECT * FROM %s.%s LIMIT 1", AUTH_KS, USERS_CF); - return !QueryProcessor.process(defaultSUQuery, ConsistencyLevel.QUORUM).isEmpty() + return !QueryProcessor.process(defaultSUQuery, ConsistencyLevel.ONE).isEmpty() + || !QueryProcessor.process(defaultSUQuery, ConsistencyLevel.QUORUM).isEmpty() || !QueryProcessor.process(allUsersQuery, ConsistencyLevel.QUORUM).isEmpty(); } http://git-wip-us.apache.org/repos/asf/cassandra/blob/48d6950c/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java b/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java index 9adbe4e..dfe7275 100644 --- a/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java +++ b/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java @@ -27,7 +27,6 @@ import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.apache.cassandra.config.DatabaseDescriptor; import org.apache.cassandra.config.Schema; import org.apache.cassandra.cql3.UntypedResultSet; import org.apache.cassandra.cql3.QueryProcessor; @@ -39,7 +38,6 @@ import org.apache.cassandra.service.QueryState; import org.apache.cassandra.service.StorageService; import org.apache.cassandra.transport.messages.ResultMessage; import org.apache.cassandra.utils.ByteBufferUtil; -import org.apache.cassandra.utils.FBUtilities; import org.mindrot.jbcrypt.BCrypt; /** @@ -169,18 +167,15 @@ public class PasswordAuthenticator implements IAuthenticator // the delay is here to give the node some time to see its peers - to reduce // "skipped default user setup: some nodes are were not ready" log spam. // It's the only reason for the delay. - if (DatabaseDescriptor.getSeeds().contains(FBUtilities.getBroadcastAddress()) || !DatabaseDescriptor.isAutoBootstrap()) - { - StorageService.tasks.schedule(new Runnable() + StorageService.tasks.schedule(new Runnable() + { + public void run() { - public void run() - { - setupDefaultUser(); - } - }, - Auth.SUPERUSER_SETUP_DELAY, - TimeUnit.MILLISECONDS); - } + setupDefaultUser(); + } + }, + Auth.SUPERUSER_SETUP_DELAY, + TimeUnit.MILLISECONDS); try { @@ -224,7 +219,7 @@ public class PasswordAuthenticator implements IAuthenticator CREDENTIALS_CF, DEFAULT_USER_NAME, escape(hashpw(DEFAULT_USER_PASSWORD))), - ConsistencyLevel.QUORUM); + ConsistencyLevel.ONE); logger.info("PasswordAuthenticator created default user '{}'", DEFAULT_USER_NAME); } } @@ -239,7 +234,9 @@ public class PasswordAuthenticator implements IAuthenticator // Try looking up the 'cassandra' default user first, to avoid the range query if possible. String defaultSUQuery = String.format("SELECT * FROM %s.%s WHERE username = '%s'", Auth.AUTH_KS, CREDENTIALS_CF, DEFAULT_USER_NAME); String allUsersQuery = String.format("SELECT * FROM %s.%s LIMIT 1", Auth.AUTH_KS, CREDENTIALS_CF); - return !process(defaultSUQuery, ConsistencyLevel.QUORUM).isEmpty() || !process(allUsersQuery, ConsistencyLevel.QUORUM).isEmpty(); + return !process(defaultSUQuery, ConsistencyLevel.ONE).isEmpty() + || !process(defaultSUQuery, ConsistencyLevel.QUORUM).isEmpty() + || !process(allUsersQuery, ConsistencyLevel.QUORUM).isEmpty(); } private static String hashpw(String password)