Página inicial Explorar Ajuda
Registrar Entrar
apache
/
hadoop
mirror de https://github.com/apache/hadoop.git
2
0
Fork 1
Arquivos Issues 0 Wiki
Ver código fonte

HDFS-2361. hftp is broken, fixed username checks in JspHelper.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1176729 13f79535-47bb-0310-9956-ffa450edef68
Jitendra Nath Pandey 13 anos atrás
pai
59265d6ed8
commit
825f9c80a4
2 arquivos alterados com 16 adições e 6 exclusões
Visão dividida Mostrar estatísticas do Diff
  1. 2 0
      hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
  2. 14 6
      hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/JspHelper.java

+ 2 - 0
hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
Ver arquivo 

@@ -78,6 +78,8 @@ Trunk (unreleased changes)
 
     HDFS-2373. Commands using webhdfs and hftp print unnecessary debug 
     info on the console with security enabled. (Arpit Gupta via suresh)
 
 
+    HDFS-2361. hftp is broken, fixed username checks in JspHelper. (jitendra)
 
+
 
 Release 0.23.0 - Unreleased
 
 
   INCOMPATIBLE CHANGES

+ 14 - 6
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/JspHelper.java
Ver arquivo 

@@ -60,6 +60,7 @@ import org.apache.hadoop.http.HtmlQuoting;
 
 import org.apache.hadoop.io.Text;
 
 import org.apache.hadoop.net.NetUtils;
 
 import org.apache.hadoop.security.AccessControlException;
 
+import org.apache.hadoop.security.authentication.util.KerberosName;
 
 import org.apache.hadoop.security.UserGroupInformation;
 
 import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
 
 import org.apache.hadoop.security.token.Token;
 
@@ -552,7 +553,8 @@ public class JspHelper {
 
         DelegationTokenIdentifier id = new DelegationTokenIdentifier();
 
         id.readFields(in);
 
         ugi = id.getUser();
 
-        checkUsername(ugi.getUserName(), user);
 
+        checkUsername(ugi.getShortUserName(), usernameFromQuery);
 
+        checkUsername(ugi.getShortUserName(), user);
 
         ugi.addToken(token);
 
         ugi.setAuthenticationMethod(AuthenticationMethod.TOKEN);
 
       } else {
 
@@ -561,13 +563,11 @@ public class JspHelper {
 
                                 "authenticated by filter");
 
         }
 
         ugi = UserGroupInformation.createRemoteUser(user);
 
+        checkUsername(ugi.getShortUserName(), usernameFromQuery);
 
         // This is not necessarily true, could have been auth'ed by user-facing
 
         // filter
 
         ugi.setAuthenticationMethod(secureAuthMethod);
 
       }
 
-
 
-      checkUsername(user, usernameFromQuery);
 
-
 
     } else { // Security's not on, pull from url
 
       ugi = usernameFromQuery == null?
 
           getDefaultWebUser(conf) // not specified in request
 
@@ -580,10 +580,18 @@ public class JspHelper {
 
     return ugi;
 
   }
 
 
+  /**
 
+   * Expected user name should be a short name.
 
+   */
 
   private static void checkUsername(final String expected, final String name
 
       ) throws IOException {
 
-    if (name != null && !name.equals(expected)) {
 
-      throw new IOException("Usernames not matched: name=" + name
 
+    if (name == null) {
 
+      return;
 
+    }
 
+    KerberosName u = new KerberosName(name);
 
+    String shortName = u.getShortName();
 
+    if (!shortName.equals(expected)) {
 
+      throw new IOException("Usernames not matched: name=" + shortName
 
           + " != expected=" + expected);
 
     }
 
   }