hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jgho...@apache.org
Subject svn commit: r953896 - in /hadoop/common/trunk: ./ src/java/org/apache/hadoop/security/token/delegation/ src/test/core/org/apache/hadoop/security/token/delegation/
Date Fri, 11 Jun 2010 22:48:15 GMT
Author: jghoman
Date: Fri Jun 11 22:48:15 2010
New Revision: 953896

URL: http://svn.apache.org/viewvc?rev=953896&view=rev
Log:
HADOOP-6620. NPE if renewer is passed as null in getDelegationToken. Contributed by Jitendra
Pandey.

Modified:
    hadoop/common/trunk/CHANGES.txt
    hadoop/common/trunk/src/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenIdentifier.java
    hadoop/common/trunk/src/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java
    hadoop/common/trunk/src/test/core/org/apache/hadoop/security/token/delegation/TestDelegationToken.java

Modified: hadoop/common/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/CHANGES.txt?rev=953896&r1=953895&r2=953896&view=diff
==============================================================================
--- hadoop/common/trunk/CHANGES.txt (original)
+++ hadoop/common/trunk/CHANGES.txt Fri Jun 11 22:48:15 2010
@@ -81,6 +81,9 @@ Trunk (unreleased changes)
     HADOOP-6603. Provide workaround for issue with Kerberos not resolving 
     cross-realm principal (Kan Zhang and Jitendra Pandey via jghoman)
 
+    HADOOP-6620. NPE if renewer is passed as null in getDelegationToken.
+    (Jitendra Pandey via jghoman)
+
 Release 0.21.0 - Unreleased
 
   INCOMPATIBLE CHANGES

Modified: hadoop/common/trunk/src/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenIdentifier.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/src/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenIdentifier.java?rev=953896&r1=953895&r2=953896&view=diff
==============================================================================
--- hadoop/common/trunk/src/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenIdentifier.java
(original)
+++ hadoop/common/trunk/src/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenIdentifier.java
Fri Jun 11 22:48:15 2010
@@ -49,8 +49,16 @@ extends TokenIdentifier {
   }
   
   public AbstractDelegationTokenIdentifier(Text owner, Text renewer, Text realUser) {
-    this.owner = owner;
-    this.renewer = renewer;
+    if (owner == null) {
+      this.owner = new Text();
+    } else {
+      this.owner = owner;
+    }
+    if (renewer == null) {
+      this.renewer = new Text();
+    } else {
+      this.renewer = renewer;
+    }
     if (realUser == null) {
       this.realUser = new Text();
     } else {
@@ -170,4 +178,14 @@ extends TokenIdentifier {
     WritableUtils.writeVInt(out, sequenceNumber);
     WritableUtils.writeVInt(out, masterKeyId);
   }
+  
+  public String toString() {
+    StringBuilder buffer = new StringBuilder();
+    buffer
+        .append("owner=" + owner + ", renewer=" + renewer + ", realUser="
+            + realUser + ", issueDate=" + issueDate + ", maxDate=" + maxDate
+            + ", sequenceNumber=" + sequenceNumber + ", masterKeyId="
+            + masterKeyId);
+    return buffer.toString();
+  }
 }

Modified: hadoop/common/trunk/src/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/src/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java?rev=953896&r1=953895&r2=953896&view=diff
==============================================================================
--- hadoop/common/trunk/src/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java
(original)
+++ hadoop/common/trunk/src/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java
Fri Jun 11 22:48:15 2010
@@ -178,6 +178,7 @@ extends AbstractDelegationTokenIdentifie
   
   @Override
   protected synchronized byte[] createPassword(TokenIdent identifier) {
+    LOG.info("Creating password for identifier: "+identifier);
     int sequenceNum;
     long now = System.currentTimeMillis();
     sequenceNum = ++delegationTokenSequenceNumber;
@@ -220,12 +221,13 @@ extends AbstractDelegationTokenIdentifie
     DataInputStream in = new DataInputStream(buf);
     TokenIdent id = createIdentifier();
     id.readFields(in);
-
+    LOG.info("Token renewal requested for identifier: "+id);
+    
     if (id.getMaxDate() < now) {
       throw new InvalidToken("User " + renewer + 
                              " tried to renew an expired token");
     }
-    if (id.getRenewer() == null) {
+    if ((id.getRenewer() == null) || ("".equals(id.getRenewer().toString()))) {
       throw new AccessControlException("User " + renewer + 
                                        " tried to renew a token without " +
                                        "a renewer");
@@ -271,13 +273,16 @@ extends AbstractDelegationTokenIdentifie
     DataInputStream in = new DataInputStream(buf);
     TokenIdent id = createIdentifier();
     id.readFields(in);
+    LOG.info("Token cancelation requested for identifier: "+id);
+    
     if (id.getUser() == null) {
       throw new InvalidToken("Token with no owner");
     }
     String owner = id.getUser().getUserName();
     Text renewer = id.getRenewer();
     if (!canceller.equals(owner)
-        && (renewer == null || !canceller.equals(renewer.toString()))) {
+        && (renewer == null || "".equals(renewer.toString()) || !canceller
+            .equals(renewer.toString()))) {
       throw new AccessControlException(canceller
           + " is not authorized to cancel the token");
     }

Modified: hadoop/common/trunk/src/test/core/org/apache/hadoop/security/token/delegation/TestDelegationToken.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/src/test/core/org/apache/hadoop/security/token/delegation/TestDelegationToken.java?rev=953896&r1=953895&r2=953896&view=diff
==============================================================================
--- hadoop/common/trunk/src/test/core/org/apache/hadoop/security/token/delegation/TestDelegationToken.java
(original)
+++ hadoop/common/trunk/src/test/core/org/apache/hadoop/security/token/delegation/TestDelegationToken.java
Fri Jun 11 22:48:15 2010
@@ -365,4 +365,24 @@ public class TestDelegationToken {
       dtSecretManager.stopThreads();
     }
   }
+  
+  @Test 
+  public void testDelegationTokenNullRenewer() throws Exception {
+    TestDelegationTokenSecretManager dtSecretManager = 
+      new TestDelegationTokenSecretManager(24*60*60*1000,
+        10*1000,1*1000,3600000);
+    dtSecretManager.startThreads();
+    TestDelegationTokenIdentifier dtId = new TestDelegationTokenIdentifier(new Text(
+        "theuser"), null, null);
+    Token<TestDelegationTokenIdentifier> token = new Token<TestDelegationTokenIdentifier>(
+        dtId, dtSecretManager);
+    Assert.assertTrue(token != null);
+    try {
+      dtSecretManager.renewToken(token, "");
+      Assert.fail("Renewal must not succeed");
+    } catch (IOException e) {
+      //PASS
+    }
+  }
+
 }



Mime
View raw message