accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vi...@apache.org
Subject svn commit: r1404782 - in /accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server: security/ test/randomwalk/ test/randomwalk/security/
Date Thu, 01 Nov 2012 21:49:45 GMT
Author: vines
Date: Thu Nov  1 21:49:44 2012
New Revision: 1404782

URL: http://svn.apache.org/viewvc?rev=1404782&view=rev
Log:
ACCUMULO-259 - it seems very happy right now

Modified:
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/Module.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/State.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/ChangePass.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/TableOp.java
    accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/WalkingSecurity.java

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java?rev=1404782&r1=1404781&r2=1404782&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
(original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
Thu Nov  1 21:49:44 2012
@@ -143,7 +143,7 @@ public class SecurityOperation {
   
   private void authenticate(String user, ByteBuffer password, String instance) throws ThriftSecurityException
{
     if (!instance.equals(HdfsZooInstance.getInstance().getInstanceID()))
-      throw new ThriftSecurityException(user + '_' + instance + '_' + HdfsZooInstance.getInstance().getInstanceID(),
SecurityErrorCode.INVALID_INSTANCEID);
+      throw new ThriftSecurityException(user, SecurityErrorCode.INVALID_INSTANCEID);
     
     if (user.equals(SecurityConstants.SYSTEM_USERNAME)) {
       if (Arrays.equals(SecurityConstants.getSystemCredentials().password.array(), password.array())
@@ -154,7 +154,6 @@ public class SecurityOperation {
     }
     
     if (!authenticator.authenticateUser(user, password, instance)) {
-      log.debug("It appears that " + user + " password isn't " + new String(password.array()));
       throw new ThriftSecurityException(user, SecurityErrorCode.BAD_CREDENTIALS);
     }
   }

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/Module.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/Module.java?rev=1404782&r1=1404781&r2=1404782&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/Module.java
(original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/Module.java
Thu Nov  1 21:49:44 2012
@@ -162,7 +162,7 @@ public class Module extends Node {
     this.xmlFile = xmlFile;
     loadFromXml();
   }
-
+  
   @Override
   public void visit(State state, Properties props) throws Exception {
     int maxHops, maxSec;
@@ -200,7 +200,7 @@ public class Module extends Node {
     initNode.visit(state, getProps(initNodeId));
     if (test)
       stopTimer(initNode);
-
+    
     state.visitedNode();
     // update aliases
     Set<String> aliases;
@@ -256,6 +256,11 @@ public class Module extends Node {
         for (Entry<Object,Object> entry : nodeProps.entrySet()) {
           log.debug("  " + entry.getKey() + ": " + entry.getValue());
         }
+        log.debug("State information: ");
+        for (String key : new TreeSet<String>(state.getMap().keySet()))  {
+          Object value = state.getMap().get(key);
+          log.debug("  " + key + ": " + value + ' ' + (value != null && ! (value
instanceof String)? ((value.getClass().equals(byte[].class))? new String((byte[]) value):value.getClass()
+ " - " + value):""));
+        }
         throw new Exception("Error running node " + nextNodeId, e);
       }
       state.visitedNode();
@@ -279,7 +284,7 @@ public class Module extends Node {
   final int time = 5 * 1000 * 60;
   AtomicBoolean runningLong = new AtomicBoolean(false);
   long systemTime;
-
+  
   /**
    * 
    */
@@ -321,7 +326,7 @@ public class Module extends Node {
     if (runningLong.get())
       log.warn("Node " + nextNode + ", which was running long, has now completed after "
+ (System.currentTimeMillis() - systemTime) / 1000.0 + " seconds");
   }
-
+  
   @Override
   public String toString() {
     return xmlFile.toString();

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/State.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/State.java?rev=1404782&r1=1404781&r2=1404782&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/State.java
(original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/State.java
Thu Nov  1 21:49:44 2012
@@ -77,6 +77,10 @@ public class State {
     return stateMap.get(key);
   }
   
+  public HashMap<String, Object> getMap() {
+    return stateMap;
+  }
+  
   public String getString(String key) {
     return (String) stateMap.get(key);
   }

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/ChangePass.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/ChangePass.java?rev=1404782&r1=1404781&r2=1404782&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/ChangePass.java
(original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/ChangePass.java
Thu Nov  1 21:49:44 2012
@@ -16,7 +16,6 @@
  */
 package org.apache.accumulo.server.test.randomwalk.security;
 
-import java.math.BigInteger;
 import java.util.Properties;
 import java.util.Random;
 
@@ -56,9 +55,8 @@ public class ChangePass extends Test {
     Random r = new Random();
     
     byte[] newPass = new byte[r.nextInt(50) + 1];
-    r.nextBytes(newPass);
-    BigInteger bi = new BigInteger(newPass);
-    newPass = bi.toString(36).getBytes();
+    for (int i =0; i < newPass.length; i++)
+      newPass[i] = (byte) ((r.nextInt(26)+65) & 0xFF);
     
     try {
       log.debug("Changing password for user " + target + " to " + new String(newPass));

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java?rev=1404782&r1=1404781&r2=1404782&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java
(original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java
Thu Nov  1 21:49:44 2012
@@ -17,6 +17,7 @@
 package org.apache.accumulo.server.test.randomwalk.security;
 
 import java.net.InetAddress;
+import java.util.Set;
 
 import org.apache.accumulo.core.client.Connector;
 import org.apache.accumulo.core.security.Authorizations;
@@ -34,13 +35,22 @@ public class SecurityFixture extends Fix
     
     String hostname = InetAddress.getLocalHost().getHostName().replaceAll("[-.]", "_");
     
-    systemUserName = String.format("system_%s_%s_%d", hostname, state.getPid(), System.currentTimeMillis());
-    tableUserName = String.format("table_%s_%s_%d", hostname, state.getPid(), System.currentTimeMillis());
-    secTableName = String.format("security_%s_%s_%d", hostname, state.getPid(), System.currentTimeMillis());
+    systemUserName = String.format("system_%s", hostname);
+    tableUserName = String.format("table_%s", hostname);
+    secTableName = String.format("security_%s", hostname);
+    
+    if (conn.tableOperations().exists(secTableName))
+      conn.tableOperations().delete(secTableName);
+    Set<String> users = conn.securityOperations().listUsers();
+    if (users.contains(tableUserName))
+      conn.securityOperations().dropUser(tableUserName);
+    if (users.contains(systemUserName))
+      conn.securityOperations().dropUser(systemUserName);
     
     byte[] sysUserPass = "sysUser".getBytes();
     conn.securityOperations().createUser(systemUserName, sysUserPass, new Authorizations());
     
+    WalkingSecurity.get(state).setTableName(secTableName);
     state.set("rootUserPass", state.getAuthInfo().password.array());
     
     WalkingSecurity.get(state).setSysUserName(systemUserName);
@@ -48,7 +58,6 @@ public class SecurityFixture extends Fix
     
     WalkingSecurity.get(state).changePassword(tableUserName, new byte[0]);
     
-    WalkingSecurity.get(state).setTableName(secTableName);
     WalkingSecurity.get(state).setTabUserName(tableUserName);
     
     for (TablePermission tp : TablePermission.values()) {

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/TableOp.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/TableOp.java?rev=1404782&r1=1404781&r2=1404782&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/TableOp.java
(original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/TableOp.java
Thu Nov  1 21:49:44 2012
@@ -54,7 +54,7 @@ public class TableOp extends Test {
   @Override
   public void visit(State state, Properties props) throws Exception {
     Connector conn = state.getInstance().getConnector(WalkingSecurity.get(state).getTabAuthInfo());
-
+    
     String action = props.getProperty("action", "_random");
     TablePermission tp;
     if ("_random".equalsIgnoreCase(action)) {
@@ -72,7 +72,7 @@ public class TableOp extends Test {
         boolean canRead = WalkingSecurity.get(state).canScan(WalkingSecurity.get(state).getTabAuthInfo(),
tableName);
         Authorizations auths = WalkingSecurity.get(state).getUserAuthorizations(WalkingSecurity.get(state).getTabAuthInfo());
         boolean ambiguousZone = WalkingSecurity.get(state).inAmbiguousZone(conn.whoami(),
tp);
-
+        
         try {
           Scanner scan = conn.createScanner(tableName, conn.securityOperations().getUserAuthorizations(conn.whoami()));
           int seen = 0;
@@ -118,9 +118,9 @@ public class TableOp extends Test {
         break;
       }
       case WRITE:
-        // boolean canWrite = WalkingSecurity.get(state).canWrite(WalkingSecurity.get(state).getTabAuthInfo(),
tableName);
+        boolean canWrite = WalkingSecurity.get(state).canWrite(WalkingSecurity.get(state).getTabAuthInfo(),
tableName);
         boolean ambiguousZone = WalkingSecurity.get(state).inAmbiguousZone(conn.whoami(),
tp);
-
+        
         String key = WalkingSecurity.get(state).getLastKey() + "1";
         Mutation m = new Mutation(new Text(key));
         for (String s : WalkingSecurity.get(state).getAuthsArray()) {
@@ -140,8 +140,10 @@ public class TableOp extends Test {
           writer.close();
         } catch (MutationsRejectedException mre) {
           // Currently no method for detecting reason for mre. Waiting on ACCUMULO-670
-          // For now, just wait a second and go again!
-
+          // For now, just wait a second and go again if they can write!
+          if (!canWrite)
+            return;
+          
           if (ambiguousZone) {
             Thread.sleep(1000);
             try {
@@ -195,7 +197,7 @@ public class TableOp extends Test {
           WalkingSecurity.get(state).increaseAuthMap(s, 1);
         fs.delete(dir, true);
         fs.delete(fail, true);
-
+        
         if (!WalkingSecurity.get(state).canBulkImport(WalkingSecurity.get(state).getTabAuthInfo(),
tableName))
           throw new AccumuloException("Bulk Import succeeded when it should have failed:
" + dir + " table " + tableName);
         break;

Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/WalkingSecurity.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/WalkingSecurity.java?rev=1404782&r1=1404781&r2=1404782&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/WalkingSecurity.java
(original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/WalkingSecurity.java
Thu Nov  1 21:49:44 2012
@@ -30,6 +30,8 @@ import org.apache.accumulo.core.security
 import org.apache.accumulo.core.security.SystemPermission;
 import org.apache.accumulo.core.security.TablePermission;
 import org.apache.accumulo.core.security.thrift.AuthInfo;
+import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
+import org.apache.accumulo.core.security.thrift.ThriftSecurityException;
 import org.apache.accumulo.core.util.CachedConfiguration;
 import org.apache.accumulo.server.security.SecurityOperation;
 import org.apache.accumulo.server.security.handler.Authenticator;
@@ -46,14 +48,14 @@ public class WalkingSecurity extends Sec
   State state = null;
   protected final static Logger log = Logger.getLogger(WalkingSecurity.class);
   
-  private static final String tableName = "secTableName";
+  private static final String tableName = "SecurityTableName";
   private static final String userName = "UserName";
   
   private static final String userPass = "UserPass";
   private static final String userExists = "UserExists";
   private static final String tableExists = "TableExists";
   
-  private static final String connector = "UserConn";
+  private static final String connector = "UserConnection";
   
   private static final String authsMap = "authorizationsCountMap";
   private static final String lastKey = "lastMutationKey";
@@ -137,8 +139,6 @@ public class WalkingSecurity extends Sec
   public boolean authenticateUser(String user, ByteBuffer password, String instanceId) {
     byte[] pass = (byte[]) state.get(user + userPass);
     boolean ret = Arrays.equals(pass, password.array());
-    if (!ret)
-      log.debug("auTHENTIcAtION IssuE- " + user + " user's password is not " + new String(password.array())
+ " to the state, it is " + new String(pass));
     return ret;
   }
   
@@ -146,6 +146,7 @@ public class WalkingSecurity extends Sec
   public void createUser(String user, byte[] pass) throws AccumuloSecurityException {
     state.set(user + userExists, Boolean.toString(true));
     changePassword(user, pass);
+    cleanUser(user);
   }
   
   @Override
@@ -169,8 +170,7 @@ public class WalkingSecurity extends Sec
   
   @Override
   public boolean hasSystemPermission(String user, SystemPermission permission) throws AccumuloSecurityException
{
-    boolean res = Boolean.parseBoolean(state.getString("Sys" + user + permission.name()));
-    log.debug("Sys"+user+permission.name() + " is the key; user " + user + " for " + permission
+ " is " + res);
+    boolean res = Boolean.parseBoolean(state.getString("Sys-" + user +'-'+ permission.name()));
     return res;
   }
   
@@ -181,7 +181,7 @@ public class WalkingSecurity extends Sec
   
   @Override
   public boolean hasTablePermission(String user, String table, TablePermission permission)
throws AccumuloSecurityException, TableNotFoundException {
-    return Boolean.parseBoolean(state.getString("Tab" + table + user + permission.name()));
+    return Boolean.parseBoolean(state.getString("Tab-" + user + '-'+ permission.name()));
   }
   
   @Override
@@ -206,15 +206,16 @@ public class WalkingSecurity extends Sec
   
   private static void setSysPerm(State state, String userName, SystemPermission tp, boolean
value) {
     log.debug((value ? "Gave" : "Took") + " the system permission " + tp.name() + (value
? " to" : " from") + " user " + userName);
-    log.debug("Seriously, Sys" + userName+tp.name() + " is being set to " + Boolean.toString(value));
-    state.set("Sys" + userName + tp.name(), Boolean.toString(value));
+    state.set("Sys-" + userName +'-'+ tp.name(), Boolean.toString(value));
   }
   
   private void setTabPerm(State state, String userName, TablePermission tp, String table,
boolean value) {
+    if (table.equals(userName))
+      throw new RuntimeException("This is also fucked up");
     log.debug((value ? "Gave" : "Took") + " the table permission " + tp.name() + (value ?
" to" : " from") + " user " + userName);
-    state.set("Tab" + table + userName + tp.name(), Boolean.toString(value));
+    state.set("Tab-" + userName +'-'+ tp.name(), Boolean.toString(value));
     if (tp.equals(TablePermission.READ) || tp.equals(TablePermission.WRITE))
-      state.set("Tab" + table + userName + tp.name() + "time", System.currentTimeMillis());
+      state.set("Tab-" + userName +'-'+ tp.name() +'-'+ "time", System.currentTimeMillis());
   }
   
   @Override
@@ -226,7 +227,7 @@ public class WalkingSecurity extends Sec
   public void cleanTablePermissions(String table) throws AccumuloSecurityException, TableNotFoundException
{
     for (String user : new String[] {getSysUserName(), getTabUserName()}) {
       for (TablePermission tp : TablePermission.values()) {
-        revokeTablePermission(user, null, tp);
+        revokeTablePermission(user, table, tp);
       }
     }
     state.set(tableExists, Boolean.toString(false));
@@ -312,7 +313,9 @@ public class WalkingSecurity extends Sec
   
   public boolean inAmbiguousZone(String userName, TablePermission tp) {
     if (tp.equals(TablePermission.READ) || tp.equals(TablePermission.WRITE)) {
-      Long setTime = state.getLong("Tab" + userName + tp.name() + "time");
+      Long setTime = state.getLong("Tab-" + userName +'-'+ tp.name() +'-'+ "time");
+      if (setTime == null)
+        throw new RuntimeException("WTF? Tab-" + userName +'-'+ tp.name() +'-'+ "time is
null");
       if (System.currentTimeMillis() < (setTime + 1000))
         return true;
     }
@@ -354,4 +357,14 @@ public class WalkingSecurity extends Sec
     }
     return fs;
   }
+  
+  public boolean canAskAboutUser(AuthInfo credentials, String user) throws ThriftSecurityException
{
+    try {
+      return super.canAskAboutUser(credentials, user);
+    } catch (ThriftSecurityException tse) {
+      if (tse.getCode().equals(SecurityErrorCode.PERMISSION_DENIED))
+        return false;
+      throw tse;
+    }
+  }
 }



Mime
View raw message