hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-11934) Use of JavaKeyStoreProvider in LdapGroupsMapping causes infinite loop
Date Thu, 14 May 2015 20:12:00 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-11934?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14544276#comment-14544276
] 

Hadoop QA commented on HADOOP-11934:
------------------------------------

\\
\\
| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | pre-patch |  14m 41s | Pre-patch trunk compilation is healthy. |
| {color:green}+1{color} | @author |   0m  0s | The patch does not contain any @author tags.
|
| {color:green}+1{color} | tests included |   0m  0s | The patch appears to include 1 new
or modified test files. |
| {color:green}+1{color} | javac |   7m 31s | There were no new javac warning messages. |
| {color:green}+1{color} | javadoc |   9m 33s | There were no new javadoc warning messages.
|
| {color:green}+1{color} | release audit |   0m 22s | The applied patch does not increase
the total number of release audit warnings. |
| {color:red}-1{color} | checkstyle |   1m  5s | The applied patch generated  12 new checkstyle
issues (total was 15, now 13). |
| {color:green}+1{color} | whitespace |   0m  0s | The patch has no lines that end in whitespace.
|
| {color:green}+1{color} | install |   1m 33s | mvn install still works. |
| {color:green}+1{color} | eclipse:eclipse |   0m 34s | The patch built with eclipse:eclipse.
|
| {color:green}+1{color} | findbugs |   1m 41s | The patch does not introduce any new Findbugs
(version 2.0.3) warnings. |
| {color:green}+1{color} | common tests |  23m 40s | Tests passed in hadoop-common. |
| | |  60m 44s | |
\\
\\
|| Subsystem || Report/Notes ||
| Patch URL | http://issues.apache.org/jira/secure/attachment/12732928/HADOOP-11934.006.patch
|
| Optional Tests | javadoc javac unit findbugs checkstyle |
| git revision | trunk / 15ccd96 |
| checkstyle |  https://builds.apache.org/job/PreCommit-HADOOP-Build/6692/artifact/patchprocess/diffcheckstylehadoop-common.txt
|
| hadoop-common test log | https://builds.apache.org/job/PreCommit-HADOOP-Build/6692/artifact/patchprocess/testrun_hadoop-common.txt
|
| Test Results | https://builds.apache.org/job/PreCommit-HADOOP-Build/6692/testReport/ |
| Java | 1.7.0_55 |
| uname | Linux asf909.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep
3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux |
| Console output | https://builds.apache.org/job/PreCommit-HADOOP-Build/6692/console |


This message was automatically generated.

> Use of JavaKeyStoreProvider in LdapGroupsMapping causes infinite loop
> ---------------------------------------------------------------------
>
>                 Key: HADOOP-11934
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11934
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.6.0
>            Reporter: Mike Yoder
>            Assignee: Larry McCay
>         Attachments: HADOOP-11934.001.patch, HADOOP-11934.002.patch, HADOOP-11934.003.patch,
HADOOP-11934.004.patch, HADOOP-11934.005.patch, HADOOP-11934.006.patch
>
>
> I was attempting to use the LdapGroupsMapping code and the JavaKeyStoreProvider at the
same time, and hit a really interesting, yet fatal, issue.  The code goes into what ought
to have been an infinite loop, were it not for it overflowing the stack and Java ending the
loop.  Here is a snippet of the stack; my annotations are at the bottom.
> {noformat}
> 	at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:370)
> 	at org.apache.hadoop.fs.Path.getFileSystem(Path.java:296)
> 	at org.apache.hadoop.security.alias.JavaKeyStoreProvider.<init>(JavaKeyStoreProvider.java:88)
> 	at org.apache.hadoop.security.alias.JavaKeyStoreProvider.<init>(JavaKeyStoreProvider.java:65)
> 	at org.apache.hadoop.security.alias.JavaKeyStoreProvider$Factory.createProvider(JavaKeyStoreProvider.java:291)
> 	at org.apache.hadoop.security.alias.CredentialProviderFactory.getProviders(CredentialProviderFactory.java:58)
> 	at org.apache.hadoop.conf.Configuration.getPasswordFromCredentialProviders(Configuration.java:1863)
> 	at org.apache.hadoop.conf.Configuration.getPassword(Configuration.java:1843)
> 	at org.apache.hadoop.security.LdapGroupsMapping.getPassword(LdapGroupsMapping.java:386)
> 	at org.apache.hadoop.security.LdapGroupsMapping.setConf(LdapGroupsMapping.java:349)
> 	at org.apache.hadoop.util.ReflectionUtils.setConf(ReflectionUtils.java:73)
> 	at org.apache.hadoop.util.ReflectionUtils.newInstance(ReflectionUtils.java:133)
> 	at org.apache.hadoop.security.Groups.<init>(Groups.java:70)
> 	at org.apache.hadoop.security.Groups.<init>(Groups.java:66)
> 	at org.apache.hadoop.security.Groups.getUserToGroupsMappingService(Groups.java:280)
> 	at org.apache.hadoop.security.UserGroupInformation.initialize(UserGroupInformation.java:283)
> 	at org.apache.hadoop.security.UserGroupInformation.ensureInitialized(UserGroupInformation.java:260)
> 	at org.apache.hadoop.security.UserGroupInformation.loginUserFromSubject(UserGroupInformation.java:804)
> 	at org.apache.hadoop.security.UserGroupInformation.getLoginUser(UserGroupInformation.java:774)
> 	at org.apache.hadoop.security.UserGroupInformation.getCurrentUser(UserGroupInformation.java:647)
> 	at org.apache.hadoop.fs.FileSystem$Cache$Key.<init>(FileSystem.java:2753)
> 	at org.apache.hadoop.fs.FileSystem$Cache$Key.<init>(FileSystem.java:2745)
> 	at org.apache.hadoop.fs.FileSystem$Cache.get(FileSystem.java:2611)
> 	at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:370)
> 	at org.apache.hadoop.fs.Path.getFileSystem(Path.java:296)
> 	at org.apache.hadoop.security.alias.JavaKeyStoreProvider.<init>(JavaKeyStoreProvider.java:88)
> 	at org.apache.hadoop.security.alias.JavaKeyStoreProvider.<init>(JavaKeyStoreProvider.java:65)
> 	at org.apache.hadoop.security.alias.JavaKeyStoreProvider$Factory.createProvider(JavaKeyStoreProvider.java:291)
> 	at org.apache.hadoop.security.alias.CredentialProviderFactory.getProviders(CredentialProviderFactory.java:58)
> 	at org.apache.hadoop.conf.Configuration.getPasswordFromCredentialProviders(Configuration.java:1863)
> 	at org.apache.hadoop.conf.Configuration.getPassword(Configuration.java:1843)
> 	at org.apache.hadoop.security.LdapGroupsMapping.getPassword(LdapGroupsMapping.java:386)
> 	at org.apache.hadoop.security.LdapGroupsMapping.setConf(LdapGroupsMapping.java:349)
> 	at org.apache.hadoop.util.ReflectionUtils.setConf(ReflectionUtils.java:73)
> 	at org.apache.hadoop.util.ReflectionUtils.newInstance(ReflectionUtils.java:133)
> 	at org.apache.hadoop.security.Groups.<init>(Groups.java:70)
> 	at org.apache.hadoop.security.Groups.<init>(Groups.java:66)
> 	at org.apache.hadoop.security.Groups.getUserToGroupsMappingService(Groups.java:280)
> 	at org.apache.hadoop.security.UserGroupInformation.initialize(UserGroupInformation.java:283)
> 	at org.apache.hadoop.security.UserGroupInformation.ensureInitialized(UserGroupInformation.java:260)
> 	at org.apache.hadoop.security.UserGroupInformation.loginUserFromSubject(UserGroupInformation.java:804)
> 	at org.apache.hadoop.security.UserGroupInformation.getLoginUser(UserGroupInformation.java:774)
> 	at org.apache.hadoop.security.UserGroupInformation.getCurrentUser(UserGroupInformation.java:647)
> 	at org.apache.hadoop.fs.FileSystem$Cache$Key.<init>(FileSystem.java:2753)
> 	at org.apache.hadoop.fs.FileSystem$Cache$Key.<init>(FileSystem.java:2745)
> 	at org.apache.hadoop.fs.FileSystem$Cache.get(FileSystem.java:2611)
> 	at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:370)
> 	at org.apache.hadoop.fs.Path.getFileSystem(Path.java:296){noformat}
> Here's my annotation, going from bottom to top.
> * Somehow we enter Path.getFileSystem()
> * This goes to FileSystem cache stuff, and then it wants the current user
> * So we get to UserGroupInformation.getCurrentUser(), which as you can imagine gets to
> * getUserToGroupsMappingService and thence to LdapGroupsMapping.setConf().
> * That code gets the needed passwords, and we're using the CredentialProvider, so unsurprisingly
we get to
> * getPasswordFromCredentialProviders() - which chooses the JavaKeyStoreProvider like
I told it to.
> * The JavaKeyStoreProvider, in its constructor, does "fs = path.getFileSystem(conf);"
> * And guess what, we're back in Path.getFileSystem, where we started at the beginning.
> Please let me know if I've somehow configured something incorrectly, but if I have I
can't figure out what it is...



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message