Etusivu Tutki Apua
Rekisteröidy Kirjaudu sisään
apache
/
hadoop
peilaus alkaen https://github.com/apache/hadoop.git
2
0
Fork 1
Tiedostot Ongelmat 0 Wiki
Selaa lähdekoodia

svn merge -c 1406684 FIXES: HADOOP-9013. UGI should not hardcode loginUser's authenticationType (daryn via bobby)

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1406685 13f79535-47bb-0310-9956-ffa450edef68
Robert Joseph Evans 12 vuotta sitten
vanhempi
501b2758ce
commit
4b1b9270bc
3 muutettua tiedostoa jossa 51 lisäystä ja 28 poistoa
Jaettu näkymä Näytä diff tilastot
  1. 3 0
      hadoop-common-project/hadoop-common/CHANGES.txt
  2. 15 11
      hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
  3. 33 17
      hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/TestSaslRPC.java

+ 3 - 0
hadoop-common-project/hadoop-common/CHANGES.txt
Näytä tiedosto 

@@ -67,6 +67,9 @@ Release 2.0.3-alpha - Unreleased
 
     HADOOP-9010. Map UGI authenticationMethod to RPC authMethod (daryn via
 
     bobby)
 
 
+    HADOOP-9013. UGI should not hardcode loginUser's authenticationType (daryn
 
+    via bobby)
 
+
 
   OPTIMIZATIONS
 
 
     HADOOP-8866. SampleQuantiles#query is O(N^2) instead of O(N). (Andrew Wang

+ 15 - 11
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
Näytä tiedosto 

@@ -237,14 +237,17 @@ public class UserGroupInformation {
 
    */
 
   private static synchronized void initUGI(Configuration conf) {
 
     AuthenticationMethod auth = SecurityUtil.getAuthenticationMethod(conf);
 
-    if (auth == AuthenticationMethod.SIMPLE) {
 
-      useKerberos = false;
 
-    } else if (auth == AuthenticationMethod.KERBEROS) {
 
-      useKerberos = true;
 
-    } else {
 
-      throw new IllegalArgumentException("Invalid attribute value for " +
 
-                                         HADOOP_SECURITY_AUTHENTICATION + 
-                                         " of " + auth);
 
+    switch (auth) {
 
+      case SIMPLE:
 
+        useKerberos = false;
 
+        break;
 
+      case KERBEROS:
 
+        useKerberos = true;
 
+        break;
 
+      default:
 
+        throw new IllegalArgumentException("Invalid attribute value for " +
 
+                                           HADOOP_SECURITY_AUTHENTICATION + 
+                                           " of " + auth);
 
     }
 
     // If we haven't set up testing groups, use the configuration to find it
 
     if (!(groups instanceof TestingGroups)) {
 
@@ -626,19 +629,20 @@ public class UserGroupInformation {
 
       try {
 
         Subject subject = new Subject();
 
         LoginContext login;
 
+        AuthenticationMethod authenticationMethod;
 
         if (isSecurityEnabled()) {
 
+          authenticationMethod = AuthenticationMethod.KERBEROS;
 
           login = newLoginContext(HadoopConfiguration.USER_KERBEROS_CONFIG_NAME,
 
               subject, new HadoopConfiguration());
 
         } else {
 
+          authenticationMethod = AuthenticationMethod.SIMPLE;
 
           login = newLoginContext(HadoopConfiguration.SIMPLE_CONFIG_NAME, 
               subject, new HadoopConfiguration());
 
         }
 
         login.login();
 
         loginUser = new UserGroupInformation(subject);
 
         loginUser.setLogin(login);
 
-        loginUser.setAuthenticationMethod(isSecurityEnabled() ?
 
-                                          AuthenticationMethod.KERBEROS :
 
-                                          AuthenticationMethod.SIMPLE);
 
+        loginUser.setAuthenticationMethod(authenticationMethod);
 
         loginUser = new UserGroupInformation(login.getSubject());
 
         String fileLocation = System.getenv(HADOOP_TOKEN_FILE_LOCATION);
 
         if (fileLocation != null) {

+ 33 - 17
hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/TestSaslRPC.java
Näytä tiedosto 

@@ -43,14 +43,7 @@ import org.apache.hadoop.fs.CommonConfigurationKeys;
 
 import org.apache.hadoop.io.Text;
 
 import org.apache.hadoop.ipc.Client.ConnectionId;
 
 import org.apache.hadoop.net.NetUtils;
 
-import org.apache.hadoop.security.KerberosInfo;
 
-import org.apache.hadoop.security.SaslInputStream;
 
-import org.apache.hadoop.security.SaslRpcClient;
 
-import org.apache.hadoop.security.SaslRpcServer;
 
-import org.apache.hadoop.security.SecurityInfo;
 
-import org.apache.hadoop.security.SecurityUtil;
 
-import org.apache.hadoop.security.TestUserGroupInformation;
 
-import org.apache.hadoop.security.UserGroupInformation;
 
+import org.apache.hadoop.security.*;
 
 import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
 
 import org.apache.hadoop.security.token.SecretManager;
 
 import org.apache.hadoop.security.token.Token;
 
@@ -58,8 +51,10 @@ import org.apache.hadoop.security.token.TokenIdentifier;
 
 import org.apache.hadoop.security.token.TokenInfo;
 
 import org.apache.hadoop.security.token.TokenSelector;
 
 import org.apache.hadoop.security.token.SecretManager.InvalidToken;
 
+
 
 import org.apache.log4j.Level;
 
 import org.junit.Before;
 
+import org.junit.BeforeClass;
 
 import org.junit.Test;
 
 
 /** Unit tests for using Sasl over RPC. */
 
@@ -76,6 +71,12 @@ public class TestSaslRPC {
 
   static final String SERVER_PRINCIPAL_2 = "p2/foo@BAR";
 
   
   private static Configuration conf;
 
+  
+  @BeforeClass
 
+  public static void setupKerb() {
 
+    System.setProperty("java.security.krb5.kdc", "");
 
+    System.setProperty("java.security.krb5.realm", "NONE"); 
+  }    
 
   @Before
 
   public void setup() {
 
@@ -539,21 +540,39 @@ public class TestSaslRPC {
 
       final boolean useToken,
 
       final boolean useValidToken) throws Exception {
 
     
-    Configuration serverConf = new Configuration(conf);
 
+    String currentUser = UserGroupInformation.getCurrentUser().getUserName();
 
+    
+    final Configuration serverConf = new Configuration(conf);
 
     SecurityUtil.setAuthenticationMethod(serverAuth, serverConf);
 
     UserGroupInformation.setConfiguration(serverConf);
 
     
-    TestTokenSecretManager sm = new TestTokenSecretManager();
 
-    Server server = new RPC.Builder(serverConf).setProtocol(TestSaslProtocol.class)
 
+    final UserGroupInformation serverUgi =
 
+        UserGroupInformation.createRemoteUser(currentUser + "-SERVER");
 
+    serverUgi.setAuthenticationMethod(serverAuth);
 
+
 
+    final TestTokenSecretManager sm = new TestTokenSecretManager();
 
+    Server server = serverUgi.doAs(new PrivilegedExceptionAction<Server>() {
 
+      @Override
 
+      public Server run() throws IOException {
 
+        Server server = new RPC.Builder(serverConf)
 
+        .setProtocol(TestSaslProtocol.class)
 
         .setInstance(new TestSaslImpl()).setBindAddress(ADDRESS).setPort(0)
 
         .setNumHandlers(5).setVerbose(true)
 
         .setSecretManager((serverAuth != SIMPLE) ? sm : null)
 
         .build();      
-    server.start();
 
+        server.start();
 
+        return server;
 
+      }
 
+    });
 
 
+    final Configuration clientConf = new Configuration(conf);
 
+    SecurityUtil.setAuthenticationMethod(clientAuth, clientConf);
 
+    UserGroupInformation.setConfiguration(clientConf);
 
+    
     final UserGroupInformation clientUgi =
 
-        UserGroupInformation.createRemoteUser(
 
-            UserGroupInformation.getCurrentUser().getUserName()+"-CLIENT");
 
+        UserGroupInformation.createRemoteUser(currentUser + "-CLIENT");
 
+    clientUgi.setAuthenticationMethod(clientAuth);    
+
 
     final InetSocketAddress addr = NetUtils.getConnectAddress(server);
 
     if (useToken) {
 
       TestTokenIdentifier tokenId = new TestTokenIdentifier(
 
@@ -568,9 +587,6 @@ public class TestSaslRPC {
 
       clientUgi.addToken(token);
 
     }
 
 
-    final Configuration clientConf = new Configuration(conf);
 
-    SecurityUtil.setAuthenticationMethod(clientAuth, clientConf);
 
-    UserGroupInformation.setConfiguration(clientConf);
 
     
     try {
 
       return clientUgi.doAs(new PrivilegedExceptionAction<String>() {