hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From omal...@apache.org
Subject svn commit: r1077138 - in /hadoop/common/branches/branch-0.20-security-patches/src: core/org/apache/hadoop/security/UserGroupInformation.java test/org/apache/hadoop/security/TestUserGroupInformation.java
Date Fri, 04 Mar 2011 03:45:02 GMT
Author: omalley
Date: Fri Mar  4 03:45:01 2011
New Revision: 1077138

URL: http://svn.apache.org/viewvc?rev=1077138&view=rev
Log:
commit ab50124ad890fd340c6fe94095d53a4280a97aba
Author: Jitendra Nath Pandey <jitendra@yahoo-inc.com>
Date:   Sun Jan 31 22:53:34 2010 -0800

    HADOOP-6517, HADOOP-6518 from https://issues.apache.org/jira/secure/attachment/12434368/HADOOP-6518-0_20.1.patch
    
    +++ b/YAHOO-CHANGES.txt
    +    HADOOP-6517, HADOOP-6518. Ability to add/get tokens from
    +    UserGroupInformation & Kerberos login in UGI should honor KRB5CCNAME
    +    (jitendra)
    +

Modified:
    hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/UserGroupInformation.java
    hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/security/TestUserGroupInformation.java

Modified: hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/UserGroupInformation.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/UserGroupInformation.java?rev=1077138&r1=1077137&r2=1077138&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/UserGroupInformation.java
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/UserGroupInformation.java
Fri Mar  4 03:45:01 2011
@@ -193,8 +193,6 @@ public class UserGroupInformation {
   private static String keytabFile = null;
 
   private final Subject subject;
-  private final Set<Token<? extends TokenIdentifier>> tokens =
-                  new LinkedHashSet<Token<? extends TokenIdentifier>>();
   
   private static final String OS_LOGIN_MODULE_NAME;
   private static final Class<? extends Principal> OS_PRINCIPAL_CLASS;
@@ -235,6 +233,10 @@ public class UserGroupInformation {
     static {
       USER_KERBEROS_OPTIONS.put("doNotPrompt", "true");
       USER_KERBEROS_OPTIONS.put("useTicketCache", "true");
+      String ticketCache = System.getenv("KRB5CCNAME");
+      if (ticketCache != null) {
+        USER_KERBEROS_OPTIONS.put("ticketCache", ticketCache);
+      }
     }
     private static final AppConfigurationEntry USER_KERBEROS_LOGIN =
       new AppConfigurationEntry(Krb5LoginModule.class.getName(),
@@ -437,7 +439,7 @@ public class UserGroupInformation {
    * @return true on successful add of new token
    */
   public synchronized boolean addToken(Token<? extends TokenIdentifier> token) {
-    return tokens.add(token);
+    return subject.getPrivateCredentials().add(token);
   }
   
   /**
@@ -445,8 +447,17 @@ public class UserGroupInformation {
    * 
    * @return an unmodifiable collection of tokens associated with user
    */
-  public synchronized Collection<Token<? extends TokenIdentifier>> getTokens()
{
-    return Collections.unmodifiableSet(tokens);
+  @SuppressWarnings("unchecked")
+  public synchronized <Ident extends TokenIdentifier>
+  Collection<Token<Ident>> getTokens() {
+    Set<Object> creds = subject.getPrivateCredentials();
+    List<Token<Ident>> result = new ArrayList<Token<Ident>>(creds.size());
+    for(Object o: creds) {
+      if (o instanceof Token) {
+        result.add((Token<Ident>) o);
+      }
+    }
+    return Collections.unmodifiableList(result);
   }
 
   /**

Modified: hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/security/TestUserGroupInformation.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/security/TestUserGroupInformation.java?rev=1077138&r1=1077137&r2=1077138&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/security/TestUserGroupInformation.java
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/security/TestUserGroupInformation.java
Fri Mar  4 03:45:01 2011
@@ -27,6 +27,7 @@ import static org.mockito.Mockito.mock;
 import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.InputStreamReader;
+import java.security.PrivilegedAction;
 import java.security.PrivilegedExceptionAction;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -164,17 +165,17 @@ public class TestUserGroupInformation {
   
   @SuppressWarnings("unchecked") // from Mockito mocks
   @Test
-  public void testUGITokens() {
+  public <T extends TokenIdentifier> void testUGITokens() throws Exception {
     UserGroupInformation ugi = 
       UserGroupInformation.createUserForTesting("TheDoctor", 
                                                 new String [] { "TheTARDIS"});
-    Token t1 = mock(Token.class);
-    Token t2 = mock(Token.class);
+    Token<T> t1 = mock(Token.class);
+    Token<T> t2 = mock(Token.class);
     
     ugi.addToken(t1);
     ugi.addToken(t2);
     
-    Collection<Token<? extends TokenIdentifier>> z = ugi.getTokens();
+    Collection<Token<T>> z = ugi.getTokens();
     assertTrue(z.contains(t1));
     assertTrue(z.contains(t2));
     assertEquals(2, z.size());
@@ -185,5 +186,15 @@ public class TestUserGroupInformation {
     } catch(UnsupportedOperationException uoe) {
       // Can't modify tokens
     }
+    
+    // ensure that the tokens are passed through doAs
+    Collection<Token<T>> otherSet = 
+      ugi.doAs(new PrivilegedExceptionAction<Collection<Token<T>>>(){
+        public Collection<Token<T>> run() throws IOException {
+          return UserGroupInformation.getCurrentUser().getTokens();
+        }
+      });
+    assertTrue(otherSet.contains(t1));
+    assertTrue(otherSet.contains(t2));
   }
 }



Mime
View raw message