hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ste...@apache.org
Subject [1/2] hadoop git commit: HADOOP-10941. Proxy user verification NPEs if remote host is unresolvable (Benoy Antony via stevel).
Date Sun, 18 Oct 2015 13:05:38 GMT
Repository: hadoop
Updated Branches:
  refs/heads/branch-2 b390aae46 -> f7d746a81
  refs/heads/trunk e286512a7 -> 0ab3f9d56


HADOOP-10941. Proxy user verification NPEs if remote host is unresolvable (Benoy Antony via
stevel).


Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/f7d746a8
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/f7d746a8
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/f7d746a8

Branch: refs/heads/branch-2
Commit: f7d746a81bfdd73f8b1cee8e4e78eeee0a71d460
Parents: b390aae
Author: Steve Loughran <stevel@apache.org>
Authored: Sun Oct 18 14:05:17 2015 +0100
Committer: Steve Loughran <stevel@apache.org>
Committed: Sun Oct 18 14:05:17 2015 +0100

----------------------------------------------------------------------
 hadoop-common-project/hadoop-common/CHANGES.txt |  3 ++
 .../authorize/DefaultImpersonationProvider.java |  4 ++
 .../org/apache/hadoop/util/MachineList.java     |  5 ++-
 .../security/authorize/TestProxyUsers.java      | 39 ++++++++++++++++++++
 .../org/apache/hadoop/util/TestMachineList.java |  8 ++++
 5 files changed, 58 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hadoop/blob/f7d746a8/hadoop-common-project/hadoop-common/CHANGES.txt
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt
index 9cf5c0b..877513a 100644
--- a/hadoop-common-project/hadoop-common/CHANGES.txt
+++ b/hadoop-common-project/hadoop-common/CHANGES.txt
@@ -655,6 +655,9 @@ Release 2.8.0 - UNRELEASED
     HADOOP-11628. SPNEGO auth does not work with CNAMEs in JDK8.
     (Daryn Sharp via stevel).
 
+    HADOOP-10941. Proxy user verification NPEs if remote host is unresolvable.
+    (Benoy Antony via stevel).
+
   OPTIMIZATIONS
 
     HADOOP-12051. ProtobufRpcEngine.invoke() should use Exception.toString()

http://git-wip-us.apache.org/repos/asf/hadoop/blob/f7d746a8/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java
index b36ac80..26cd7ab 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/DefaultImpersonationProvider.java
@@ -108,6 +108,10 @@ public class DefaultImpersonationProvider implements ImpersonationProvider
{
   public void authorize(UserGroupInformation user, 
       String remoteAddress) throws AuthorizationException {
     
+    if (user == null) {
+      throw new IllegalArgumentException("user is null.");
+    }
+
     UserGroupInformation realUser = user.getRealUser();
     if (realUser == null) {
       return;

http://git-wip-us.apache.org/repos/asf/hadoop/blob/f7d746a8/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/MachineList.java
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/MachineList.java
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/MachineList.java
index d60d083..2e6c079 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/MachineList.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/MachineList.java
@@ -18,7 +18,6 @@
 package org.apache.hadoop.util;
 
 import java.net.InetAddress;
-
 import java.net.UnknownHostException;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -141,6 +140,10 @@ public class MachineList {
       return true;
     }
     
+    if (ipAddress == null) {
+      throw new IllegalArgumentException("ipAddress is null.");
+    }
+
     //check in the set of ipAddresses
     if ((ipAddresses != null) && ipAddresses.contains(ipAddress)) {
       return true;

http://git-wip-us.apache.org/repos/asf/hadoop/blob/f7d746a8/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java
b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java
index 8ff4bfb..577f11b 100644
--- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java
+++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java
@@ -334,6 +334,45 @@ public class TestProxyUsers {
     assertNotAuthorized(proxyUserUgi, "10.221.0.0");
   }
 
+  @Test(expected = IllegalArgumentException.class)
+  public void testNullUser() throws Exception {
+    Configuration conf = new Configuration();
+    conf.set(
+        DefaultImpersonationProvider.getTestProvider().
+            getProxySuperuserGroupConfKey(REAL_USER_NAME),
+        "*");
+    conf.set(
+        DefaultImpersonationProvider.getTestProvider().
+            getProxySuperuserIpConfKey(REAL_USER_NAME),
+        PROXY_IP_RANGE);
+    ProxyUsers.refreshSuperUserGroupsConfiguration(conf);
+    // user is null
+    ProxyUsers.authorize(null, "10.222.0.0");
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testNullIpAddress() throws Exception {
+    Configuration conf = new Configuration();
+    conf.set(
+        DefaultImpersonationProvider.getTestProvider().
+            getProxySuperuserGroupConfKey(REAL_USER_NAME),
+        "*");
+    conf.set(
+        DefaultImpersonationProvider.getTestProvider().
+            getProxySuperuserIpConfKey(REAL_USER_NAME),
+        PROXY_IP_RANGE);
+    ProxyUsers.refreshSuperUserGroupsConfiguration(conf);
+
+    // First try proxying a group that's allowed
+    UserGroupInformation realUserUgi = UserGroupInformation
+        .createRemoteUser(REAL_USER_NAME);
+    UserGroupInformation proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
+        PROXY_USER_NAME, realUserUgi, GROUP_NAMES);
+
+    // remote address is null
+    ProxyUsers.authorize(proxyUserUgi, null);
+  }
+
   @Test
   public void testWithDuplicateProxyGroups() throws Exception {
     Configuration conf = new Configuration();

http://git-wip-us.apache.org/repos/asf/hadoop/blob/f7d746a8/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/util/TestMachineList.java
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/util/TestMachineList.java
b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/util/TestMachineList.java
index 2aa61fe..d721c29 100644
--- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/util/TestMachineList.java
+++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/util/TestMachineList.java
@@ -176,7 +176,15 @@ public class TestMachineList {
 
     //test for exclusion with an unknown IP
     assertFalse(ml.includes("10.119.103.111"));
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testNullIpAddress() {
+    //create MachineList with a list of of ip ranges specified in CIDR format
+    MachineList ml = new MachineList(CIDR_LIST);
 
+    //test for exclusion with a null IP
+    assertFalse(ml.includes(null));
   }
 
   @Test


Mime
View raw message