From common-issues-return-147670-archive-asf-public=cust-asf.ponee.io@hadoop.apache.org  Wed Feb  7 10:13:13 2018
Return-Path: <common-issues-return-147670-archive-asf-public=cust-asf.ponee.io@hadoop.apache.org>
X-Original-To: archive-asf-public@eu.ponee.io
Delivered-To: archive-asf-public@eu.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by mx-eu-01.ponee.io (Postfix) with ESMTP id A74D418065B
	for <archive-asf-public@eu.ponee.io>; Wed,  7 Feb 2018 10:13:13 +0100 (CET)
Received: by cust-asf.ponee.io (Postfix)
	id 963B5160C5B; Wed,  7 Feb 2018 09:13:13 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id DD077160C3C
	for <archive-asf-public@cust-asf.ponee.io>; Wed,  7 Feb 2018 10:13:12 +0100 (CET)
Received: (qmail 41812 invoked by uid 500); 7 Feb 2018 09:13:11 -0000
Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:common-issues-help@hadoop.apache.org>
List-Unsubscribe: <mailto:common-issues-unsubscribe@hadoop.apache.org>
List-Post: <mailto:common-issues@hadoop.apache.org>
List-Id: <common-issues.hadoop.apache.org>
Delivered-To: mailing list common-issues@hadoop.apache.org
Received: (qmail 41799 invoked by uid 99); 7 Feb 2018 09:13:11 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 07 Feb 2018 09:13:11 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 74B4DC2BC8
	for <common-issues@hadoop.apache.org>; Wed,  7 Feb 2018 09:13:11 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -109.511
X-Spam-Level:
X-Spam-Status: No, score=-109.511 tagged_above=-999 required=6.31
	tests=[ENV_AND_HDR_SPF_MATCH=-0.5, KAM_ASCII_DIVIDERS=0.8,
	RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01,
	USER_IN_DEF_SPF_WL=-7.5, USER_IN_WHITELIST=-100] autolearn=disabled
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024)
	with ESMTP id 4G81b5QLgA44 for <common-issues@hadoop.apache.org>;
	Wed,  7 Feb 2018 09:13:04 +0000 (UTC)
Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139])
	by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id 1C5B35F17D
	for <common-issues@hadoop.apache.org>; Wed,  7 Feb 2018 09:13:03 +0000 (UTC)
Received: from jira-lw-us.apache.org (unknown [207.244.88.139])
	by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 32594E0230
	for <common-issues@hadoop.apache.org>; Wed,  7 Feb 2018 09:13:02 +0000 (UTC)
Received: from jira-lw-us.apache.org (localhost [127.0.0.1])
	by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 46F3F24112
	for <common-issues@hadoop.apache.org>; Wed,  7 Feb 2018 09:13:00 +0000 (UTC)
Date: Wed, 7 Feb 2018 09:13:00 +0000 (UTC)
From: "Dhirendra Khanka (JIRA)" <jira@apache.org>
To: common-issues@hadoop.apache.org
Message-ID: <JIRA.13136783.1517993821000.141789.1517994780288@Atlassian.JIRA>
In-Reply-To: <JIRA.13136783.1517993821000@Atlassian.JIRA>
References: <JIRA.13136783.1517993821000@Atlassian.JIRA> <JIRA.13136783.1517993821343@jira-lw-us.apache.org>
Subject: [jira] [Updated] (HADOOP-15213)
 JniBasedUnixGroupsNetgroupMapping.java and
 ShellBasedUnixGroupsNetgroupMapping.java use netgroup.substring(1)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


     [ https://issues.apache.org/jira/browse/HADOOP-15213?page=3Dcom.atlass=
ian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dhirendra Khanka updated HADOOP-15213:
--------------------------------------
    Attachment:     (was: image-2018-02-07-13-28-47-106.png)

> JniBasedUnixGroupsNetgroupMapping.java and ShellBasedUnixGroupsNetgroupMa=
pping.java use netgroup.substring(1)=20
> -------------------------------------------------------------------------=
-------------------------------------
>
>                 Key: HADOOP-15213
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15213
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>         Environment: SUSE Linux Enterprise Server 11 (x86_64)
> VERSION =3D 11
> PATCHLEVEL =3D 3
>            Reporter: Dhirendra Khanka
>            Priority: Minor
>         Attachments: image-2018-02-07-13-28-50-696.png, image-2018-02-07-=
13-29-25-647.png
>
>
> =C2=A0
> Part of the code below shown from below 2 classes
> =C2=A0org.apache.hadoop.security.JniBasedUnixGroupsNetgroupMapping.java
> {code:java}
>  protected synchronized List<String> getUsersForNetgroup(String netgroup)=
 {
> =C2=A0=C2=A0=C2=A0 String[] users =3D null;
> =C2=A0=C2=A0=C2=A0 try {
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 // JNI code does not expect '@' at the beg=
ining of the group name
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 users =3D getUsersForNetgroupJNI(netgroup.=
substring(1));
> =C2=A0=C2=A0=C2=A0 } catch (Exception e) {
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 if (LOG.isDebugEnabled()) {
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 LOG.debug("Error getting users=
 for netgroup " + netgroup, e);
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 } else {
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 LOG.info("Error getting users =
for netgroup " + netgroup +=20
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ": " +=
 e.getMessage());
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 }
> =C2=A0=C2=A0=C2=A0 }
> =C2=A0=C2=A0=C2=A0 if (users !=3D null && users.length !=3D 0) {
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 return Arrays.asList(users);
> =C2=A0=C2=A0=C2=A0 }
> =C2=A0=C2=A0=C2=A0 return new LinkedList<String>();
> =C2=A0 }{code}
> org.apache.hadoop.security.ShellBasedUnixGroupsNetgroupMapping.java
> =C2=A0
> {code:java}
> protected String execShellGetUserForNetgroup(final String netgroup)
>  throws IOException {
>  String result =3D "";
>  try
> { // shell command does not expect '@' at the begining of the group name=
=20
> result =3D Shell.execCommand( Shell.getUsersForNetgroupCommand(netgroup.s=
ubstring(1))); }
> catch (ExitCodeException e)
> { // if we didn't get the group - just return empty list; LOG.warn("error=
 getting users for netgroup " + netgroup, e); }
> return result;
>  }
> {code}
> =C2=A0The comments from the code above expect the input to contain '@' , =
however when executing the shell directly the output has the below form whi=
ch does not contain any ampersand symbol.=20
> {code:java}
> :~> getent netgroup mynetgroup1
> mynetgroup1=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 (=
 , a3xsds, ) ( , beekvkl, ) ( , redcuan, ) ( , uedfmst, ){code}
> =C2=A0
> I have created a test code and removed the substring function and then ra=
n it on the cluster using hadoop jar. The code returned netgroups correctly=
 after the modification. I have limited knowledge on netgroup. The issue wa=
s discovered when
> hadoop.security.group.mapping =3D *org.apache.hadoop.security.JniBasedUni=
xGroupsMappingWithFallback* was added to core-site.xml and it failed to app=
ly netgroup access.
> =C2=A0
> =C2=A0
> =C2=A0



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org