hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From omal...@apache.org
Subject svn commit: r1077425 - in /hadoop/common/branches/branch-0.20-security-patches/src: core/org/apache/hadoop/security/ hdfs/org/apache/hadoop/hdfs/ mapred/org/apache/hadoop/mapreduce/security/ test/org/apache/hadoop/mapreduce/security/
Date Fri, 04 Mar 2011 04:13:37 GMT
Author: omalley
Date: Fri Mar  4 04:13:37 2011
New Revision: 1077425

URL: http://svn.apache.org/viewvc?rev=1077425&view=rev
Log:
commit 371c4581461a92874030a38c4a01fe2c211bcfac
Author: Devaraj Das <ddas@yahoo-inc.com>
Date:   Sat Apr 24 09:23:55 2010 -0700

    MAPREDUCE:1718 from https://issues.apache.org/jira/secure/attachment/12442726/MAPREDUCE-1718-BP20-2.patch
    
    +++ b/YAHOO-CHANGES.txt
    +    MAPREDUCE-1718. Fixes a problem to do with correctly constructing
    +    service name for the delegation token lookup in HftpFileSystem
    +    (borya via ddas)
    +

Modified:
    hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/SecurityUtil.java
    hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/HftpFileSystem.java
    hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapreduce/security/TokenCache.java
    hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapreduce/security/TestTokenCache.java

Modified: hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/SecurityUtil.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/SecurityUtil.java?rev=1077425&r1=1077424&r2=1077425&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/SecurityUtil.java
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/SecurityUtil.java
Fri Mar  4 04:13:37 2011
@@ -18,6 +18,7 @@ package org.apache.hadoop.security;
 
 import java.io.IOException;
 import java.net.InetAddress;
+import java.net.URI;
 import java.net.URL;
 import java.net.UnknownHostException;
 import java.security.AccessController;
@@ -29,7 +30,7 @@ import javax.security.auth.kerberos.Kerb
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.hadoop.net.NetUtils;
 
 import sun.security.jgss.krb5.Krb5Util;
 import sun.security.krb5.Credentials;
@@ -195,4 +196,22 @@ public class SecurityUtil {
         hostname);
     UserGroupInformation.loginUserFromKeytab(principalName, keytabFilename);
   }
+  
+  /**
+   * create service name for Delegation token ip:port
+   * @param uri
+   * @return "ip:port"
+   */
+  public static String buildDTServiceName(URI uri, int defPort) {
+    int port = uri.getPort();
+    if(port == -1) 
+      port = defPort;
+    
+    // build the service name string "/ip:port"
+    // for whatever reason using NetUtils.createSocketAddr(target).toString()
+    // returns "localhost/ip:port"
+    StringBuffer sb = new StringBuffer();
+    sb.append(NetUtils.normalizeHostName(uri.getHost())).append(":").append(port);
+    return sb.toString();
+  }
 }

Modified: hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/HftpFileSystem.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/HftpFileSystem.java?rev=1077425&r1=1077424&r2=1077425&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/HftpFileSystem.java
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/HftpFileSystem.java
Fri Mar  4 04:13:37 2011
@@ -46,11 +46,13 @@ import org.apache.hadoop.fs.MD5MD5CRC32F
 import org.apache.hadoop.fs.Path;
 import org.apache.hadoop.fs.permission.FsPermission;
 import org.apache.hadoop.hdfs.server.namenode.JspHelper;
+import org.apache.hadoop.hdfs.server.namenode.NameNode;
 import org.apache.hadoop.hdfs.tools.DelegationTokenFetcher;
 import org.apache.hadoop.io.Text;
 import org.apache.hadoop.ipc.RemoteException;
 import org.apache.hadoop.net.NetUtils;
 import org.apache.hadoop.security.Credentials;
+import org.apache.hadoop.security.SecurityUtil;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.security.token.Token;
 import org.apache.hadoop.security.token.TokenIdentifier;
@@ -105,17 +107,16 @@ public class HftpFileSystem extends File
     nnAddr = NetUtils.createSocketAddr(name.toString());
     
     if (UserGroupInformation.isSecurityEnabled()) {
-      StringBuffer sb = new StringBuffer(HFTP_SERVICE_NAME_KEY);
       // configuration has the actual service name for this url. Build the key 
       // and get it.
-      final String key = sb.append(NetUtils.normalizeHostName(name.getHost())).
-        append(".").append(name.getPort()).toString();
-      
-      LOG.debug("Trying to find DT for " + name + " using key=" + key + "; conf=" + conf.get(key,
""));
+      final String key = HftpFileSystem.HFTP_SERVICE_NAME_KEY+
+      SecurityUtil.buildDTServiceName(name, NameNode.DEFAULT_PORT);
+
+      LOG.debug("Trying to find DT for " + name + " using key=" + key + 
+          "; conf=" + conf.get(key, ""));
       Text nnServiceNameText = new Text(conf.get(key, ""));
       
-      Collection<Token<? extends TokenIdentifier>> tokens =
-        ugi.getTokens();
+      Collection<Token<? extends TokenIdentifier>> tokens = ugi.getTokens();
       //try finding a token for this namenode (esp applicable for tasks
       //using hftp). If there exists one, just set the delegationField
       for (Token<? extends TokenIdentifier> t : tokens) {

Modified: hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapreduce/security/TokenCache.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapreduce/security/TokenCache.java?rev=1077425&r1=1077424&r2=1077425&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapreduce/security/TokenCache.java
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapreduce/security/TokenCache.java
Fri Mar  4 04:13:37 2011
@@ -34,9 +34,9 @@ import org.apache.hadoop.io.Text;
 import org.apache.hadoop.mapred.JobConf;
 import org.apache.hadoop.mapred.JobTracker;
 import org.apache.hadoop.mapreduce.security.token.JobTokenIdentifier;
-import org.apache.hadoop.net.NetUtils;
 import org.apache.hadoop.security.Credentials;
 import org.apache.hadoop.security.KerberosName;
+import org.apache.hadoop.security.SecurityUtil;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.security.token.Token;
 import org.apache.hadoop.security.token.TokenIdentifier;
@@ -93,7 +93,8 @@ public class TokenCache {
       if(fs instanceof DistributedFileSystem) {
         DistributedFileSystem dfs = (DistributedFileSystem)fs;
         URI uri = fs.getUri();
-        String fs_addr = buildDTServiceName(uri);
+        String fs_addr = 
+            SecurityUtil.buildDTServiceName(uri, NameNode.DEFAULT_PORT);
 
         // see if we already have the token
         Token<DelegationTokenIdentifier> token = 
@@ -129,7 +130,8 @@ public class TokenCache {
         LOG.info("Got dt for " + p + ";uri="+ fs_addr + 
             ";t.service="+token.getService());
       } else if (fs instanceof HftpFileSystem) {
-        String fs_addr = buildDTServiceName(fs.getUri());
+        String fs_addr = 
+          SecurityUtil.buildDTServiceName(fs.getUri(), NameNode.DEFAULT_PORT);
         Token<DelegationTokenIdentifier> token = 
           TokenCache.getDelegationToken(credentials, fs_addr); 
         if(token != null) {
@@ -146,9 +148,11 @@ public class TokenCache {
         // to find the correct DT we need to know the mapping between Hftp port 
         // and RPC one. hence this new setting in the conf.
         URI uri = ((HftpFileSystem) fs).getUri();
-        String key = HftpFileSystem.HFTP_SERVICE_NAME_KEY+uri.getHost() + "." + uri.getPort();
+        String key = HftpFileSystem.HFTP_SERVICE_NAME_KEY+
+           SecurityUtil.buildDTServiceName(uri, NameNode.DEFAULT_PORT);
         conf.set(key, t.getService().toString());
-        LOG.info("GOT dt for " + p + " and stored in conf as " + key + "=" + t.getService());
+        LOG.info("GOT dt for " + p + " and stored in conf as " + key + "=" 
+            + t.getService());
       }
     }
   }
@@ -218,22 +222,4 @@ public class TokenCache {
   public static Token<JobTokenIdentifier> getJobToken(Credentials credentials) {
     return (Token<JobTokenIdentifier>) credentials.getToken(JOB_TOKEN);
   }
-
-  /**
-   * create service name for Delegation token ip:port
-   * @param uri
-   * @return "ip:port"
-   */
-  public static String buildDTServiceName(URI uri) {
-    int port = uri.getPort();
-    if(port == -1) 
-      port = NameNode.DEFAULT_PORT;
-    
-    // build the service name string "/ip:port"
-    // for whatever reason using NetUtils.createSocketAddr(target).toString()
-    // returns "localhost/ip:port"
-    StringBuffer sb = new StringBuffer();
-    sb.append(NetUtils.normalizeHostName(uri.getHost())).append(":").append(port);
-    return sb.toString();
-  }
 }

Modified: hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapreduce/security/TestTokenCache.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapreduce/security/TestTokenCache.java?rev=1077425&r1=1077424&r2=1077425&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapreduce/security/TestTokenCache.java
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/mapreduce/security/TestTokenCache.java
Fri Mar  4 04:13:37 2011
@@ -18,7 +18,10 @@
 package org.apache.hadoop.mapreduce.security;
 
 
-import static org.junit.Assert.*;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
 
 import java.io.File;
 import java.io.IOException;
@@ -49,12 +52,10 @@ import org.apache.hadoop.mapred.MiniMRCl
 import org.apache.hadoop.mapred.OutputCollector;
 import org.apache.hadoop.mapred.Reporter;
 import org.apache.hadoop.mapreduce.JobContext;
-import org.apache.hadoop.mapreduce.security.TokenCache;
 import org.apache.hadoop.security.Credentials;
-import org.apache.hadoop.net.NetUtils;
+import org.apache.hadoop.security.SecurityUtil;
 import org.apache.hadoop.security.token.Token;
 import org.apache.hadoop.security.token.TokenIdentifier;
-import org.apache.hadoop.util.StringUtils;
 import org.apache.hadoop.util.ToolRunner;
 import org.codehaus.jackson.map.ObjectMapper;
 import org.junit.AfterClass;
@@ -265,7 +266,8 @@ public class TestTokenCache {
     TokenCache.obtainTokensForNamenodesInternal(credentials, new Path [] {p1, p2},
                                         jConf);
     // this token is keyed by hostname:port key.
-    String fs_addr = TokenCache.buildDTServiceName(p1.toUri()); 
+    String fs_addr = 
+      SecurityUtil.buildDTServiceName(p1.toUri(), NameNode.DEFAULT_PORT); 
     Token<DelegationTokenIdentifier> nnt =
       TokenCache.getDelegationToken(credentials, fs_addr);
 



Mime
View raw message