hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sur...@apache.org
Subject svn commit: r1125086 - in /hadoop/common/branches/yahoo-merge: ./ src/contrib/ec2/ src/docs/ src/java/ src/java/org/apache/hadoop/ipc/ src/java/org/apache/hadoop/net/ src/java/org/apache/hadoop/security/ src/test/core/ src/test/core/org/apache/hadoop/n...
Date Thu, 19 May 2011 20:29:09 GMT
Author: suresh
Date: Thu May 19 20:29:08 2011
New Revision: 1125086

URL: http://svn.apache.org/viewvc?rev=1125086&view=rev
Log:
Merging change r1087844 for HADOOP-7215 from trunk

Modified:
    hadoop/common/branches/yahoo-merge/   (props changed)
    hadoop/common/branches/yahoo-merge/CHANGES.txt   (contents, props changed)
    hadoop/common/branches/yahoo-merge/src/contrib/ec2/   (props changed)
    hadoop/common/branches/yahoo-merge/src/docs/   (props changed)
    hadoop/common/branches/yahoo-merge/src/java/   (props changed)
    hadoop/common/branches/yahoo-merge/src/java/org/apache/hadoop/ipc/Client.java
    hadoop/common/branches/yahoo-merge/src/java/org/apache/hadoop/net/NetUtils.java
    hadoop/common/branches/yahoo-merge/src/java/org/apache/hadoop/security/SecurityUtil.java
    hadoop/common/branches/yahoo-merge/src/test/core/   (props changed)
    hadoop/common/branches/yahoo-merge/src/test/core/org/apache/hadoop/net/TestNetUtils.java
    hadoop/common/branches/yahoo-merge/src/test/core/org/apache/hadoop/security/TestSecurityUtil.java

Propchange: hadoop/common/branches/yahoo-merge/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu May 19 20:29:08 2011
@@ -1,2 +1,2 @@
-/hadoop/common/trunk:1043117,1080396,1091618,1092565,1100026
+/hadoop/common/trunk:1043117,1080396,1087844,1091618,1092565,1100026
 /hadoop/core/branches/branch-0.19/core:713112

Modified: hadoop/common/branches/yahoo-merge/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/branches/yahoo-merge/CHANGES.txt?rev=1125086&r1=1125085&r2=1125086&view=diff
==============================================================================
--- hadoop/common/branches/yahoo-merge/CHANGES.txt (original)
+++ hadoop/common/branches/yahoo-merge/CHANGES.txt Thu May 19 20:29:08 2011
@@ -28,6 +28,10 @@ Trunk (unreleased changes)
     (suresh)
 
 
+    HADOOP-7215. RPC clients must use network interface corresponding to 
+    the host in the client's kerberos principal key. (suresh)
+
+>>>>>>> .r1087843
 Release 0.22.0 - Unreleased
 
   INCOMPATIBLE CHANGES

Propchange: hadoop/common/branches/yahoo-merge/CHANGES.txt
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu May 19 20:29:08 2011
@@ -1,4 +1,4 @@
-/hadoop/common/trunk/CHANGES.txt:1043117,1080396,1091618,1092565,1092832,1100026
+/hadoop/common/trunk/CHANGES.txt:1043117,1080396,1087844,1091618,1092565,1092832,1100026
 /hadoop/core/branches/branch-0.18/CHANGES.txt:727226
 /hadoop/core/branches/branch-0.19/CHANGES.txt:713112
 /hadoop/core/trunk/CHANGES.txt:776175-785643,785929-786278

Propchange: hadoop/common/branches/yahoo-merge/src/contrib/ec2/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu May 19 20:29:08 2011
@@ -1,3 +1,3 @@
-/hadoop/common/trunk/src/contrib/ec2:1043117,1091618,1092565,1100026
+/hadoop/common/trunk/src/contrib/ec2:1043117,1087844,1091618,1092565,1100026
 /hadoop/core/branches/branch-0.19/core/src/contrib/ec2:713112
 /hadoop/core/trunk/src/contrib/ec2:776175-784663

Propchange: hadoop/common/branches/yahoo-merge/src/docs/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu May 19 20:29:08 2011
@@ -1,2 +1,2 @@
-/hadoop/common/trunk/src/docs:1043117,1080396,1091618,1092565,1100026
+/hadoop/common/trunk/src/docs:1043117,1080396,1087844,1091618,1092565,1100026
 /hadoop/core/branches/branch-0.19/src/docs:713112

Propchange: hadoop/common/branches/yahoo-merge/src/java/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu May 19 20:29:08 2011
@@ -1,3 +1,3 @@
-/hadoop/common/trunk/src/java:1043117,1080396,1091618,1092565,1100026
+/hadoop/common/trunk/src/java:1043117,1080396,1087844,1091618,1092565,1100026
 /hadoop/core/branches/branch-0.19/core/src/java:713112
 /hadoop/core/trunk/src/core:776175-785643,785929-786278

Modified: hadoop/common/branches/yahoo-merge/src/java/org/apache/hadoop/ipc/Client.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/yahoo-merge/src/java/org/apache/hadoop/ipc/Client.java?rev=1125086&r1=1125085&r2=1125086&view=diff
==============================================================================
--- hadoop/common/branches/yahoo-merge/src/java/org/apache/hadoop/ipc/Client.java (original)
+++ hadoop/common/branches/yahoo-merge/src/java/org/apache/hadoop/ipc/Client.java Thu May
19 20:29:08 2011
@@ -18,8 +18,11 @@
 
 package org.apache.hadoop.ipc;
 
+import java.net.InetAddress;
+import java.net.NetworkInterface;
 import java.net.Socket;
 import java.net.InetSocketAddress;
+import java.net.SocketException;
 import java.net.SocketTimeoutException;
 import java.net.UnknownHostException;
 import java.net.ConnectException;
@@ -420,6 +423,27 @@ public class Client {
         try {
           this.socket = socketFactory.createSocket();
           this.socket.setTcpNoDelay(tcpNoDelay);
+          
+          /*
+           * Bind the socket to the host specified in the principal name of the
+           * client, to ensure Server matching address of the client connection
+           * to host name in principal passed.
+           */
+          if (UserGroupInformation.isSecurityEnabled()) {
+            KerberosInfo krbInfo = 
+              remoteId.getProtocol().getAnnotation(KerberosInfo.class);
+            if (krbInfo != null && krbInfo.clientPrincipal() != null) {
+              String host = 
+                SecurityUtil.getHostFromPrincipal(remoteId.getTicket().getUserName());
+              
+              // If host name is a valid local address then bind socket to it
+              InetAddress localAddr = NetUtils.getLocalInetAddress(host);
+              if (localAddr != null) {
+                this.socket.bind(new InetSocketAddress(localAddr, 0));
+              }
+            }
+          }
+          
           // connection time out is 20s
           NetUtils.connect(this.socket, remoteId.getAddress(), 20000);
           if (rpcTimeout > 0) {

Modified: hadoop/common/branches/yahoo-merge/src/java/org/apache/hadoop/net/NetUtils.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/yahoo-merge/src/java/org/apache/hadoop/net/NetUtils.java?rev=1125086&r1=1125085&r2=1125086&view=diff
==============================================================================
--- hadoop/common/branches/yahoo-merge/src/java/org/apache/hadoop/net/NetUtils.java (original)
+++ hadoop/common/branches/yahoo-merge/src/java/org/apache/hadoop/net/NetUtils.java Thu May
19 20:29:08 2011
@@ -22,8 +22,10 @@ import java.io.InputStream;
 import java.io.OutputStream;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
+import java.net.NetworkInterface;
 import java.net.Socket;
 import java.net.SocketAddress;
+import java.net.SocketException;
 import java.net.URI;
 import java.net.UnknownHostException;
 import java.net.ConnectException;
@@ -250,7 +252,7 @@ public class NetUtils {
    * case, the timeout argument is ignored and the timeout set with 
    * {@link Socket#setSoTimeout(int)} applies for reads.<br><br>
    *
-   * Any socket created using socket factories returned by {@link #NetUtils},
+   * Any socket created using socket factories returned by {@link NetUtils},
    * must use this interface instead of {@link Socket#getInputStream()}.
    *     
    * @see #getInputStream(Socket, long)
@@ -272,7 +274,7 @@ public class NetUtils {
    * case, the timeout argument is ignored and the timeout set with 
    * {@link Socket#setSoTimeout(int)} applies for reads.<br><br>
    * 
-   * Any socket created using socket factories returned by {@link #NetUtils},
+   * Any socket created using socket factories returned by {@link NetUtils},
    * must use this interface instead of {@link Socket#getInputStream()}.
    *     
    * @see Socket#getChannel()
@@ -301,7 +303,7 @@ public class NetUtils {
    * case, the timeout argument is ignored and the write will wait until 
    * data is available.<br><br>
    * 
-   * Any socket created using socket factories returned by {@link #NetUtils},
+   * Any socket created using socket factories returned by {@link NetUtils},
    * must use this interface instead of {@link Socket#getOutputStream()}.
    * 
    * @see #getOutputStream(Socket, long)
@@ -323,7 +325,7 @@ public class NetUtils {
    * case, the timeout argument is ignored and the write will wait until 
    * data is available.<br><br>
    * 
-   * Any socket created using socket factories returned by {@link #NetUtils},
+   * Any socket created using socket factories returned by {@link NetUtils},
    * must use this interface instead of {@link Socket#getOutputStream()}.
    * 
    * @see Socket#getChannel()
@@ -426,6 +428,9 @@ public class NetUtils {
     return hostNames;
   }
 
+  private static final Pattern ipPattern = // Pattern for matching hostname to ip:port
+    Pattern.compile("\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}:?\\d*");
+  
   /**
    * Attempt to obtain the host name of a name specified by ip address.  
    * Check that the node name is an ip addr and if so, attempt to determine
@@ -434,8 +439,6 @@ public class NetUtils {
    * 
    * @return Host name or null
    */
-  private static final Pattern ipPattern = // Pattern for matching hostname to ip:port
-    Pattern.compile("\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}:?\\d*");
   public static String getHostNameOfIP(String ip) {
     // If name is not an ip addr, don't bother looking it up
     if(!ipPattern.matcher(ip).matches())
@@ -460,4 +463,27 @@ public class NetUtils {
     try {return "" + InetAddress.getLocalHost();}
     catch(UnknownHostException uhe) {return "" + uhe;}
   }
+  
+  /**
+   * Checks if {@code host} is a local host name and return {@link InetAddress}
+   * corresponding to that address.
+   * 
+   * @param host the specified host
+   * @return a valid local {@link InetAddress} or null
+   * @throws SocketException if an I/O error occurs
+   */
+  public static InetAddress getLocalInetAddress(String host)
+      throws SocketException {
+    if (host == null) {
+      return null;
+    }
+    InetAddress addr = null;
+    try {
+      addr = InetAddress.getByName(host);
+      if (NetworkInterface.getByInetAddress(addr) == null) {
+        addr = null; // Not a local address
+      }
+    } catch (UnknownHostException ignore) { }
+    return addr;
+  }
 }

Modified: hadoop/common/branches/yahoo-merge/src/java/org/apache/hadoop/security/SecurityUtil.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/yahoo-merge/src/java/org/apache/hadoop/security/SecurityUtil.java?rev=1125086&r1=1125085&r2=1125086&view=diff
==============================================================================
--- hadoop/common/branches/yahoo-merge/src/java/org/apache/hadoop/security/SecurityUtil.java
(original)
+++ hadoop/common/branches/yahoo-merge/src/java/org/apache/hadoop/security/SecurityUtil.java
Thu May 19 20:29:08 2011
@@ -303,4 +303,13 @@ public class SecurityUtil {
     }
   }
 
+  
+  /**
+   * Get the host name from the principal name of format <service>/host@realm.
+   * @param principalName principal name of format as described above
+   * @return host name if the the string conforms to the above format, else null
+   */
+  public static String getHostFromPrincipal(String principalName) {
+    return new KerberosName(principalName).getHostName();
+  }
 }

Propchange: hadoop/common/branches/yahoo-merge/src/test/core/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu May 19 20:29:08 2011
@@ -1,3 +1,3 @@
-/hadoop/common/trunk/src/test/core:1043117,1080396,1091618,1092565,1100026
+/hadoop/common/trunk/src/test/core:1043117,1080396,1087844,1091618,1092565,1100026
 /hadoop/core/branches/branch-0.19/core/src/test/core:713112
 /hadoop/core/trunk/src/test/core:776175-785643,785929-786278

Modified: hadoop/common/branches/yahoo-merge/src/test/core/org/apache/hadoop/net/TestNetUtils.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/yahoo-merge/src/test/core/org/apache/hadoop/net/TestNetUtils.java?rev=1125086&r1=1125085&r2=1125086&view=diff
==============================================================================
--- hadoop/common/branches/yahoo-merge/src/test/core/org/apache/hadoop/net/TestNetUtils.java
(original)
+++ hadoop/common/branches/yahoo-merge/src/test/core/org/apache/hadoop/net/TestNetUtils.java
Thu May 19 20:29:08 2011
@@ -24,6 +24,8 @@ import java.net.Socket;
 import java.net.ConnectException;
 import java.net.SocketException;
 import java.net.InetSocketAddress;
+import java.net.UnknownHostException;
+
 import org.apache.hadoop.conf.Configuration;
 
 public class TestNetUtils {
@@ -58,4 +60,16 @@ public class TestNetUtils {
       assertTrue(se.getMessage().contains("Invalid argument"));
     }
   }
+  
+  /**
+   * Test for {
+   * @throws UnknownHostException @link NetUtils#getLocalInetAddress(String)
+   * @throws SocketException 
+   */
+  @Test
+  public void testGetLocalInetAddress() throws Exception {
+    assertNotNull(NetUtils.getLocalInetAddress("127.0.0.1"));
+    assertNull(NetUtils.getLocalInetAddress("invalid-address-for-test"));
+    assertNull(NetUtils.getLocalInetAddress(null));
+  }
 }

Modified: hadoop/common/branches/yahoo-merge/src/test/core/org/apache/hadoop/security/TestSecurityUtil.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/yahoo-merge/src/test/core/org/apache/hadoop/security/TestSecurityUtil.java?rev=1125086&r1=1125085&r2=1125086&view=diff
==============================================================================
--- hadoop/common/branches/yahoo-merge/src/test/core/org/apache/hadoop/security/TestSecurityUtil.java
(original)
+++ hadoop/common/branches/yahoo-merge/src/test/core/org/apache/hadoop/security/TestSecurityUtil.java
Thu May 19 20:29:08 2011
@@ -113,4 +113,12 @@ public class TestSecurityUtil {
     }
     assertTrue("Exception for empty keytabfile name was expected", gotException);
   }
+  
+  @Test
+  public void testGetHostFromPrincipal() {
+    assertEquals("host", 
+        SecurityUtil.getHostFromPrincipal("service/host@realm"));
+    assertEquals(null,
+        SecurityUtil.getHostFromPrincipal("service@realm"));
+  }
 }



Mime
View raw message