hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From omal...@apache.org
Subject svn commit: r1077659 - in /hadoop/common/branches/branch-0.20-security-patches/src: contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ hdfs/org/apache/hadoop/hdfs/ hdfs/org/apache/hadoop/hdfs/server/namenode/ test/org/apache/hadoop/hdfs/server/nam...
Date Fri, 04 Mar 2011 04:41:17 GMT
Author: omalley
Date: Fri Mar  4 04:41:17 2011
New Revision: 1077659

URL: http://svn.apache.org/viewvc?rev=1077659&view=rev
Log:
commit 6456eca9abd0cea99764cc70814640f22cd18063
Author: Boris Shkolnik <borya@yahoo-inc.com>
Date:   Wed Aug 25 17:39:22 2010 -0700

    HDFS:1340 from https://issues.apache.org/jira/secure/attachment/12453094/HDFS-1340.y20.5.patch
    
    +++ b/YAHOO-CHANGES.txt
    +    HDFS-1340. A null delegation token is appended to the url if security is
    +    disabled when browsing filesystem.(boryas)
    +

Added:
    hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/server/namenode/TestJspHelper.java
Modified:
    hadoop/common/branches/branch-0.20-security-patches/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyFileDataServlet.java
    hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/HftpFileSystem.java
    hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/DfsServlet.java
    hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/FileDataServlet.java
    hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/JspHelper.java
    hadoop/common/branches/branch-0.20-security-patches/src/webapps/datanode/browseBlock.jsp
    hadoop/common/branches/branch-0.20-security-patches/src/webapps/datanode/browseDirectory.jsp
    hadoop/common/branches/branch-0.20-security-patches/src/webapps/hdfs/nn_browsedfscontent.jsp

Modified: hadoop/common/branches/branch-0.20-security-patches/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyFileDataServlet.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyFileDataServlet.java?rev=1077659&r1=1077658&r2=1077659&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyFileDataServlet.java
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyFileDataServlet.java
Fri Mar  4 04:41:17 2011
@@ -45,8 +45,7 @@ public class ProxyFileDataServlet extend
     
     String dtParam="";
     if (dt != null) {
-      StringBuilder sb = new StringBuilder(JspHelper.SET_DELEGATION).append(dt);
-      dtParam=sb.toString();
+      dtParam=JspHelper.getDelegationTokenUrlParam(dt);
     }
     
     return new URI(request.getScheme(), null, request.getServerName(), request

Modified: hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/HftpFileSystem.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/HftpFileSystem.java?rev=1077659&r1=1077658&r2=1077659&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/HftpFileSystem.java
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/HftpFileSystem.java
Fri Mar  4 04:41:17 2011
@@ -253,7 +253,7 @@ public class HftpFileSystem extends File
       synchronized (this) {
         if (delegationToken != null) {
           tokenString = delegationToken.encodeToUrlString();
-          return (query + JspHelper.SET_DELEGATION + tokenString);
+          return (query + JspHelper.getDelegationTokenUrlParam(tokenString));
         } // else we are talking to an insecure cluster
       }
     }

Modified: hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/DfsServlet.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/DfsServlet.java?rev=1077659&r1=1077658&r2=1077659&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/DfsServlet.java
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/DfsServlet.java
Fri Mar  4 04:41:17 2011
@@ -105,7 +105,7 @@ abstract class DfsServlet extends HttpSe
     final String filename = request.getPathInfo();
     String dt="";
     if(tokenString!=null) {
-      dt = JspHelper.SET_DELEGATION + tokenString;
+      dt = JspHelper.getDelegationTokenUrlParam(tokenString);
     }
     return new URI(scheme, null, hostname, port, servletpath,
         "filename=" + filename + "&ugi=" + ugi.getShortUserName() + dt, null);

Modified: hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/FileDataServlet.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/FileDataServlet.java?rev=1077659&r1=1077658&r2=1077659&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/FileDataServlet.java
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/FileDataServlet.java
Fri Mar  4 04:41:17 2011
@@ -54,8 +54,7 @@ public class FileDataServlet extends Dfs
     
     String dtParam="";
     if (dt != null) {
-      StringBuilder sb = new StringBuilder(JspHelper.SET_DELEGATION).append(dt);
-      dtParam=sb.toString();
+      dtParam = JspHelper.getDelegationTokenUrlParam(dt);
     }
     
     return new URI(scheme, null, hostname,

Modified: hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/JspHelper.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/JspHelper.java?rev=1077659&r1=1077658&r2=1077659&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/JspHelper.java
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/JspHelper.java
Fri Mar  4 04:41:17 2011
@@ -63,7 +63,7 @@ public class JspHelper {
   public static final String CURRENT_CONF = "current.conf";
   final static public String WEB_UGI_PROPERTY_NAME = "dfs.web.ugi";
   public static final String DELEGATION_PARAMETER_NAME = "delegation";
-  public static final String SET_DELEGATION = "&" + DELEGATION_PARAMETER_NAME +
+  static final String SET_DELEGATION = "&" + DELEGATION_PARAMETER_NAME +
                                               "=";
   private static final Log LOG = LogFactory.getLog(JspHelper.class);
 
@@ -358,15 +358,16 @@ public class JspHelper {
       String[] parts = dir.split(Path.SEPARATOR);
       StringBuilder tempPath = new StringBuilder(dir.length());
       out.print("<a href=\"browseDirectory.jsp" + "?dir="+ Path.SEPARATOR
-          + "&namenodeInfoPort=" + namenodeInfoPort + SET_DELEGATION
-          + tokenString + "\">" + Path.SEPARATOR + "</a>");
+          + "&namenodeInfoPort=" + namenodeInfoPort
+          + getDelegationTokenUrlParam(tokenString) + "\">" + Path.SEPARATOR
+          + "</a>");
       tempPath.append(Path.SEPARATOR);
       for (int i = 0; i < parts.length-1; i++) {
         if (!parts[i].equals("")) {
           tempPath.append(parts[i]);
           out.print("<a href=\"browseDirectory.jsp" + "?dir="
               + tempPath.toString() + "&namenodeInfoPort=" + namenodeInfoPort
-              + SET_DELEGATION + tokenString);
+              + getDelegationTokenUrlParam(tokenString));
           out.print("\">" + parts[i] + "</a>" + Path.SEPARATOR);
           tempPath.append(Path.SEPARATOR);
         }
@@ -390,8 +391,10 @@ public class JspHelper {
     out.print("<input name=\"go\" type=\"submit\" value=\"go\">");
     out.print("<input name=\"namenodeInfoPort\" type=\"hidden\" "
         + "value=\"" + namenodeInfoPort  + "\">");
-    out.print("<input name=\"" + DELEGATION_PARAMETER_NAME +
-              "\" type=\"hidden\" value=\"" + tokenString + "\">");
+    if (UserGroupInformation.isSecurityEnabled()) {
+      out.print("<input name=\"" + DELEGATION_PARAMETER_NAME
+          + "\" type=\"hidden\" value=\"" + tokenString + "\">");
+    }
     out.print("</form>");
   }
   
@@ -490,6 +493,22 @@ public class JspHelper {
         }
       });
   }
+  
+  /**
+   * Returns the url parameter for the given token string.
+   * @param tokenString
+   * @return url parameter
+   */
+  public static String getDelegationTokenUrlParam(String tokenString) {
+    if (tokenString == null ) {
+      return "";
+    }
+    if (UserGroupInformation.isSecurityEnabled()) {
+      return SET_DELEGATION + tokenString;
+    } else {
+      return "";
+    }
+  }
 
    /** Convert a String to chunk-size-to-view. */
    public static int string2ChunkSizeToView(String s, int defaultValue) {

Added: hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/server/namenode/TestJspHelper.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/server/namenode/TestJspHelper.java?rev=1077659&view=auto
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/server/namenode/TestJspHelper.java
(added)
+++ hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/server/namenode/TestJspHelper.java
Fri Mar  4 04:41:17 2011
@@ -0,0 +1,111 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hdfs.server.namenode;
+
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import java.io.IOException;
+import java.net.InetSocketAddress;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.hdfs.DFSConfigKeys;
+import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
+import org.apache.hadoop.hdfs.server.namenode.NameNode;
+import org.apache.hadoop.io.Text;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.hadoop.security.token.Token;
+import org.apache.hadoop.security.token.TokenIdentifier;
+import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class TestJspHelper {
+
+  private Configuration conf = new Configuration();
+
+  public static class DummySecretManager extends
+      AbstractDelegationTokenSecretManager<DelegationTokenIdentifier> {
+
+    public DummySecretManager(long delegationKeyUpdateInterval,
+        long delegationTokenMaxLifetime, long delegationTokenRenewInterval,
+        long delegationTokenRemoverScanInterval) {
+      super(delegationKeyUpdateInterval, delegationTokenMaxLifetime,
+          delegationTokenRenewInterval, delegationTokenRemoverScanInterval);
+    }
+
+    @Override
+    public DelegationTokenIdentifier createIdentifier() {
+      return null;
+    }
+
+    @Override
+    public byte[] createPassword(DelegationTokenIdentifier dtId) {
+      return new byte[1];
+    }
+  }
+
+  @Test
+  public void testGetUgi() throws IOException {
+    conf.set(DFSConfigKeys.FS_DEFAULT_NAME_KEY, "hdfs://localhost:4321/");
+    HttpServletRequest request = mock(HttpServletRequest.class);
+    String user = "TheDoctor";
+    Text userText = new Text(user);
+    DelegationTokenIdentifier dtId = new DelegationTokenIdentifier(userText,
+        userText, null);
+    Token<DelegationTokenIdentifier> token = new Token<DelegationTokenIdentifier>(
+        dtId, new DummySecretManager(0, 0, 0, 0));
+    String tokenString = token.encodeToUrlString();
+    when(request.getParameter(JspHelper.DELEGATION_PARAMETER_NAME)).thenReturn(
+        tokenString);
+    when(request.getRemoteUser()).thenReturn(user);
+
+    conf.set(DFSConfigKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
+    UserGroupInformation.setConfiguration(conf);
+
+    InetSocketAddress serviceAddr = NameNode.getAddress(conf);
+    Text tokenService = new Text(serviceAddr.getAddress().getHostAddress()
+        + ":" + serviceAddr.getPort());
+
+    UserGroupInformation ugi = JspHelper.getUGI(request, conf);
+    Token<? extends TokenIdentifier> tokenInUgi = ugi.getTokens().iterator()
+        .next();
+    Assert.assertEquals(tokenInUgi.getService(), tokenService);
+  }
+  
+  @Test
+  public void testDelegationTokenUrlParam() {
+    conf.set(DFSConfigKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
+    UserGroupInformation.setConfiguration(conf);
+    String tokenString = "xyzabc";
+    String delegationTokenParam = JspHelper
+        .getDelegationTokenUrlParam(tokenString);
+    //Security is enabled
+    Assert.assertEquals(JspHelper.SET_DELEGATION + "xyzabc",
+        delegationTokenParam);
+    conf.set(DFSConfigKeys.HADOOP_SECURITY_AUTHENTICATION, "simple");
+    UserGroupInformation.setConfiguration(conf);
+    delegationTokenParam = JspHelper
+        .getDelegationTokenUrlParam(tokenString);
+    //Empty string must be returned because security is disabled.
+    Assert.assertEquals("", delegationTokenParam);
+  }
+
+}

Modified: hadoop/common/branches/branch-0.20-security-patches/src/webapps/datanode/browseBlock.jsp
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/webapps/datanode/browseBlock.jsp?rev=1077659&r1=1077658&r2=1077659&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/webapps/datanode/browseBlock.jsp
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/webapps/datanode/browseBlock.jsp
Fri Mar  4 04:41:17 2011
@@ -116,7 +116,7 @@
                  "&referrer=" + 
           URLEncoder.encode(req.getRequestURL() + "?" + req.getQueryString(),
                             "UTF-8") +
-                 JspHelper.SET_DELEGATION + tokenString;
+                 JspHelper.getDelegationTokenUrlParam(tokenString);
     out.print("<a href=\"" + tailUrl + "\">Tail this file</a><br>");
 
     out.print("<form action=\"/browseBlock.jsp\" method=GET>");
@@ -330,7 +330,7 @@
                 "&chunkSizeToView=" + chunkSizeToView + 
                 "&datanodePort=" + nextDatanodePort +
                 "&namenodeInfoPort=" + namenodeInfoPort +
-                JspHelper.SET_DELEGATION + tokenString;
+                JspHelper.getDelegationTokenUrlParam(tokenString);
       out.print("<a href=\"" + nextUrl + "\">View Next chunk</a>&nbsp;&nbsp;");
       
     }
     //determine data for the prev link
@@ -387,7 +387,7 @@
                 "&genstamp=" + prevGenStamp +
                 "&datanodePort=" + prevDatanodePort +
                 "&namenodeInfoPort=" + namenodeInfoPort +
-                JspHelper.SET_DELEGATION + tokenString;
+                JspHelper.getDelegationTokenUrlParam(tokenString);
       out.print("<a href=\"" + prevUrl + "\">View Prev chunk</a>&nbsp;&nbsp;");
     }
     out.print("<hr>");

Modified: hadoop/common/branches/branch-0.20-security-patches/src/webapps/datanode/browseDirectory.jsp
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/webapps/datanode/browseDirectory.jsp?rev=1077659&r1=1077658&r2=1077659&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/webapps/datanode/browseDirectory.jsp
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/webapps/datanode/browseDirectory.jsp
Fri Mar  4 04:41:17 2011
@@ -79,7 +79,7 @@
             "&filename=" + URLEncoder.encode(dir, "UTF-8") + 
             "&datanodePort="
             + datanodePort + "&namenodeInfoPort=" + namenodeInfoPort
-            + JspHelper.SET_DELEGATION + tokenString;
+            + JspHelper.getDelegationTokenUrlParam(tokenString);
           resp.sendRedirect(redirectLocation);
         }
         return;
@@ -100,7 +100,7 @@
       if ((parent = f.getParent()) != null)
         out.print("<a href=\"" + req.getRequestURL() + "?dir=" + parent +
                   "&namenodeInfoPort=" + namenodeInfoPort +
-                  JspHelper.SET_DELEGATION + tokenString +
+                  JspHelper.getDelegationTokenUrlParam(tokenString) +
                   "\">Go to parent directory</a><br>");
 
       DirectoryListing thisListing = dfs.listPaths(target, HdfsFileStatus.EMPTY_NAME);
@@ -132,8 +132,8 @@
             }
             String datanodeUrl = req.getRequestURL()+"?dir="+
               URLEncoder.encode(files[i].getFullName(target), "UTF-8") + 
-              "&namenodeInfoPort=" + namenodeInfoPort + JspHelper.SET_DELEGATION + 
-              tokenString;
+              "&namenodeInfoPort=" + namenodeInfoPort + 
+              JspHelper.getDelegationTokenUrlParam(tokenString);
             cols[0] = "<a href=\""+datanodeUrl+"\">"+localname+"</a>";
             cols[5] = FsShell.dateForm.format(new Date((files[i].getModificationTime())));
             cols[6] = files[i].getPermission().toString();

Modified: hadoop/common/branches/branch-0.20-security-patches/src/webapps/hdfs/nn_browsedfscontent.jsp
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/webapps/hdfs/nn_browsedfscontent.jsp?rev=1077659&r1=1077658&r2=1077659&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/webapps/hdfs/nn_browsedfscontent.jsp
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/webapps/hdfs/nn_browsedfscontent.jsp
Fri Mar  4 04:41:17 2011
@@ -65,7 +65,7 @@
                        nn.getHttpAddress().getPort() +
                        "&dir=/" + 
                        (tokenString == null ? "" :
-                        JspHelper.SET_DELEGATION + tokenString);
+                        JspHelper.getDelegationTokenUrlParam(tokenString));
     resp.sendRedirect(redirectLocation);
   }
 %>



Mime
View raw message