hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-3553) Hftp proxy tokens are broken
Date Tue, 03 Jul 2012 23:57:34 GMT

    [ https://issues.apache.org/jira/browse/HDFS-3553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13406186#comment-13406186
] 

Daryn Sharp commented on HDFS-3553:
-----------------------------------

Thanks for the quick feedback!
# I considered {{getLoginUser}}.  One concern is if loginUser can be abused within a nested
doAs to have the loginUser vouching as the realUser.  Ie. "superuser -> lowly-user ->
fake-user".  Isn't the lowly-user (realUser) vouching for the fake-user, not the superuser
(loginUser) vouching for fake-user?  I can change it if there's not really a risk.
# Regarding the split, the logic was:{code}
if (security) {
  if (token) {
    use-token-ugi
  } else {
    create-ugi
  }
} else {
  create-ugi
}{code}.  I thought it was a bit more natural with less redundancy as:{code}
if (security && token) {
  use-token-ugi
} else {
  create-ugi
}{code}
bq.  in the secure case I don't see where you are pulling the user from the connection
{code}
final String remoteUser = request.getRemoteUser();
...
realUgi = UserGroupInformation.createRemoteUser(remoteUser);
{code}

# bq. Shouldn't you be able to have a proxy user with real user from the connection and ?ugi=
for the effective user
I don't think so...?  It's not what it did before, and it would appear to cause inconsistencies
in semantics depending on the security setting.  With security off, "?ugi" is the remote user
(in lieu of auth) and "?doAs" creates a proxy user.  With security on, there is an additional
check that "?ugi" is the authed remote user.
                
> Hftp proxy tokens are broken
> ----------------------------
>
>                 Key: HDFS-3553
>                 URL: https://issues.apache.org/jira/browse/HDFS-3553
>             Project: Hadoop HDFS
>          Issue Type: Bug
>    Affects Versions: 1.0.2, 2.0.0-alpha, 3.0.0
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>            Priority: Blocker
>         Attachments: HDFS-3553-1.branch-1.0.patch, HDFS-3553.branch-1.0.patch
>
>
> Proxy tokens are broken for hftp.  The impact is systems using proxy tokens, such as
oozie jobs, cannot use hftp.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message