From issues-return-1010-archive-asf-public=cust-asf.ponee.io@zookeeper.apache.org Fri Sep 6 15:43:27 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id 62D27180674 for ; Fri, 6 Sep 2019 17:43:27 +0200 (CEST) Received: (qmail 17898 invoked by uid 500); 7 Sep 2019 03:21:14 -0000 Mailing-List: contact issues-help@zookeeper.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@zookeeper.apache.org Delivered-To: mailing list issues@zookeeper.apache.org Received: (qmail 17505 invoked by uid 99); 7 Sep 2019 03:21:13 -0000 Received: from mailrelay1-us-west.apache.org (HELO mailrelay1-us-west.apache.org) (209.188.14.139) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 07 Sep 2019 03:21:13 +0000 Received: from jira-he-de.apache.org (static.172.67.40.188.clients.your-server.de [188.40.67.172]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 080DAE3137 for ; Fri, 6 Sep 2019 15:43:19 +0000 (UTC) Received: from jira-he-de.apache.org (localhost.localdomain [127.0.0.1]) by jira-he-de.apache.org (ASF Mail Server at jira-he-de.apache.org) with ESMTP id D4F8878235E for ; Fri, 6 Sep 2019 15:43:11 +0000 (UTC) Date: Fri, 6 Sep 2019 15:43:11 +0000 (UTC) From: "Enrico Olivelli (Jira)" To: issues@zookeeper.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (ZOOKEEPER-1881) Shutdown server immediately upon PrivilegedActionException MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/ZOOKEEPER-1881?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Enrico Olivelli updated ZOOKEEPER-1881: --------------------------------------- Fix Version/s: 3.5.7 > Shutdown server immediately upon PrivilegedActionException > ---------------------------------------------------------- > > Key: ZOOKEEPER-1881 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1881 > Project: ZooKeeper > Issue Type: Improvement > Components: server > Affects Versions: 3.4.5 > Reporter: Ding Yuan > Assignee: Ding Yuan > Priority: Major > Fix For: 3.6.0, 3.5.6, 3.5.7 > > Attachments: zookeeper-1881.patch > > > It seems when an SaslServer cannot be created due to a PriviledgedActionException, it is better to shutdown the server immediately instead of letting it to propagate. The current behaviour will just set ServerCncx.zooKeeperSaslServer to null, and later every time when an SASL request comes in it will be rejected. If we already detect the loophole early, we should just reject it early. > {noformat} > private SaslServer createSaslServer(final Login login) { > catch (PrivilegedActionException e) { > // TODO: exit server at this point(?) > LOG.error("Zookeeper Quorum member experienced a PrivilegedActionException exception while creating a SaslServer using a JAAS principal context:" + e); > e.printStackTrace(); > } > {noformat} > For what it is worth, attaching an attempt to patch it. The idea of the patch is to propagate this PrivilegedActionException to ServerCnxnFactory and shut down all the connections and server. Not sure if this is the right way to solve it. Any comments are appreciated! > Also in the patch are two additional logging on two unlogged exceptions. -- This message was sent by Atlassian Jira (v8.3.2#803003)