Follow-up to HADOOP-7119 - removing two files which were moved.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1159806 13f79535-47bb-0310-9956-ffa450edef68

hadoop-common/src/main/java/org/apache/hadoop/security/KerberosName.java

@@ -1,408 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.hadoop.security;
-
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
-import org.apache.hadoop.classification.InterfaceAudience;
-import org.apache.hadoop.classification.InterfaceStability;
-import org.apache.hadoop.conf.Configuration;
-
-import sun.security.krb5.Config;
-import sun.security.krb5.KrbException;
-
-/**
- * This class implements parsing and handling of Kerberos principal names. In 
- * particular, it splits them apart and translates them down into local
- * operating system names.
- */
-@SuppressWarnings("all")
-@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"})
-@InterfaceStability.Evolving
-public class KerberosName {
-  /** The first component of the name */
-  private final String serviceName;
-  /** The second component of the name. It may be null. */
-  private final String hostName;
-  /** The realm of the name. */
-  private final String realm;
-
-  /**
-   * A pattern that matches a Kerberos name with at most 2 components.
-   */
-  private static final Pattern nameParser = 
-    Pattern.compile("([^/@]*)(/([^/@]*))?@([^/@]*)");
-
-  /** 
-   * A pattern that matches a string with out '$' and then a single
-   * parameter with $n.
-   */
-  private static Pattern parameterPattern = 
-    Pattern.compile("([^$]*)(\\$(\\d*))?");
-
-  /**
-   * A pattern for parsing a auth_to_local rule.
-   */
-  private static final Pattern ruleParser =
-    Pattern.compile("\\s*((DEFAULT)|(RULE:\\[(\\d*):([^\\]]*)](\\(([^)]*)\\))?"+
-                    "(s/([^/]*)/([^/]*)/(g)?)?))");
-  
-  /**
-   * A pattern that recognizes simple/non-simple names.
-   */
-  private static final Pattern nonSimplePattern = Pattern.compile("[/@]");
-  
-  /**
-   * The list of translation rules.
-   */
-  private static List<Rule> rules;
-
-  private static String defaultRealm;
-  private static Config kerbConf;
-  
-  static {
-    try {
-      kerbConf = Config.getInstance();
-      defaultRealm = kerbConf.getDefaultRealm();
-    } catch (KrbException ke) {
-      if(UserGroupInformation.isSecurityEnabled())
-        throw new IllegalArgumentException("Can't get Kerberos configuration",ke);
-      else 
-        defaultRealm="";
-    }
-  }
-
-  /**
-   * Create a name from the full Kerberos principal name.
-   * @param name
-   */
-  public KerberosName(String name) {
-    Matcher match = nameParser.matcher(name);
-    if (!match.matches()) {
-      if (name.contains("@")) {
-        throw new IllegalArgumentException("Malformed Kerberos name: " + name);
-      } else {
-        serviceName = name;
-        hostName = null;
-        realm = null;
-      }
-    } else {
-      serviceName = match.group(1);
-      hostName = match.group(3);
-      realm = match.group(4);
-    }
-  }
-
-  /**
-   * Get the configured default realm.
-   * @return the default realm from the krb5.conf
-   */
-  public String getDefaultRealm() {
-    return defaultRealm;
-  }
-
-  /**
-   * Put the name back together from the parts.
-   */
-  @Override
-  public String toString() {
-    StringBuilder result = new StringBuilder();
-    result.append(serviceName);
-    if (hostName != null) {
-      result.append('/');
-      result.append(hostName);
-    }
-    if (realm != null) {
-      result.append('@');
-      result.append(realm);
-    }
-    return result.toString();
-  }
-
-  /**
-   * Get the first component of the name.
-   * @return the first section of the Kerberos principal name
-   */
-  public String getServiceName() {
-    return serviceName;
-  }
-
-  /**
-   * Get the second component of the name.
-   * @return the second section of the Kerberos principal name, and may be null
-   */
-  public String getHostName() {
-    return hostName;
-  }
-  
-  /**
-   * Get the realm of the name.
-   * @return the realm of the name, may be null
-   */
-  public String getRealm() {
-    return realm;
-  }
-  
-  /**
-   * An encoding of a rule for translating kerberos names.
-   */
-  private static class Rule {
-    private final boolean isDefault;
-    private final int numOfComponents;
-    private final String format;
-    private final Pattern match;
-    private final Pattern fromPattern;
-    private final String toPattern;
-    private final boolean repeat;
-
-    Rule() {
-      isDefault = true;
-      numOfComponents = 0;
-      format = null;
-      match = null;
-      fromPattern = null;
-      toPattern = null;
-      repeat = false;
-    }
-
-    Rule(int numOfComponents, String format, String match, String fromPattern,
-         String toPattern, boolean repeat) {
-      isDefault = false;
-      this.numOfComponents = numOfComponents;
-      this.format = format;
-      this.match = match == null ? null : Pattern.compile(match);
-      this.fromPattern = 
-        fromPattern == null ? null : Pattern.compile(fromPattern);
-      this.toPattern = toPattern;
-      this.repeat = repeat;
-    }
-    
-    @Override
-    public String toString() {
-      StringBuilder buf = new StringBuilder();
-      if (isDefault) {
-        buf.append("DEFAULT");
-      } else {
-        buf.append("RULE:[");
-        buf.append(numOfComponents);
-        buf.append(':');
-        buf.append(format);
-        buf.append(']');
-        if (match != null) {
-          buf.append('(');
-          buf.append(match);
-          buf.append(')');
-        }
-        if (fromPattern != null) {
-          buf.append("s/");
-          buf.append(fromPattern);
-          buf.append('/');
-          buf.append(toPattern);
-          buf.append('/');
-          if (repeat) {
-            buf.append('g');
-          }
-        }
-      }
-      return buf.toString();
-    }
-    
-    /**
-     * Replace the numbered parameters of the form $n where n is from 1 to 
-     * the length of params. Normal text is copied directly and $n is replaced
-     * by the corresponding parameter.
-     * @param format the string to replace parameters again
-     * @param params the list of parameters
-     * @return the generated string with the parameter references replaced.
-     * @throws BadFormatString
-     */
-    static String replaceParameters(String format, 
-                                    String[] params) throws BadFormatString {
-      Matcher match = parameterPattern.matcher(format);
-      int start = 0;
-      StringBuilder result = new StringBuilder();
-      while (start < format.length() && match.find(start)) {
-        result.append(match.group(1));
-        String paramNum = match.group(3);
-        if (paramNum != null) {
-          try {
-            int num = Integer.parseInt(paramNum);
-            if (num < 0 || num > params.length) {
-              throw new BadFormatString("index " + num + " from " + format +
-                                        " is outside of the valid range 0 to " +
-                                        (params.length - 1));
-            }
-            result.append(params[num]);
-          } catch (NumberFormatException nfe) {
-            throw new BadFormatString("bad format in username mapping in " + 
-                                      paramNum, nfe);
-          }
-          
-        }
-        start = match.end();
-      }
-      return result.toString();
-    }
-
-    /**
-     * Replace the matches of the from pattern in the base string with the value
-     * of the to string.
-     * @param base the string to transform
-     * @param from the pattern to look for in the base string
-     * @param to the string to replace matches of the pattern with
-     * @param repeat whether the substitution should be repeated
-     * @return
-     */
-    static String replaceSubstitution(String base, Pattern from, String to, 
-                                      boolean repeat) {
-      Matcher match = from.matcher(base);
-      if (repeat) {
-        return match.replaceAll(to);
-      } else {
-        return match.replaceFirst(to);
-      }
-    }
-
-    /**
-     * Try to apply this rule to the given name represented as a parameter
-     * array.
-     * @param params first element is the realm, second and later elements are
-     *        are the components of the name "a/b@FOO" -> {"FOO", "a", "b"}
-     * @return the short name if this rule applies or null
-     * @throws IOException throws if something is wrong with the rules
-     */
-    String apply(String[] params) throws IOException {
-      String result = null;
-      if (isDefault) {
-        if (defaultRealm.equals(params[0])) {
-          result = params[1];
-        }
-      } else if (params.length - 1 == numOfComponents) {
-        String base = replaceParameters(format, params);
-        if (match == null || match.matcher(base).matches()) {
-          if (fromPattern == null) {
-            result = base;
-          } else {
-            result = replaceSubstitution(base, fromPattern, toPattern,  repeat);
-          }
-        }
-      }
-      if (result != null && nonSimplePattern.matcher(result).find()) {
-        throw new NoMatchingRule("Non-simple name " + result +
-                                 " after auth_to_local rule " + this);
-      }
-      return result;
-    }
-  }
-
-  static List<Rule> parseRules(String rules) {
-    List<Rule> result = new ArrayList<Rule>();
-    String remaining = rules.trim();
-    while (remaining.length() > 0) {
-      Matcher matcher = ruleParser.matcher(remaining);
-      if (!matcher.lookingAt()) {
-        throw new IllegalArgumentException("Invalid rule: " + remaining);
-      }
-      if (matcher.group(2) != null) {
-        result.add(new Rule());
-      } else {
-        result.add(new Rule(Integer.parseInt(matcher.group(4)),
-                            matcher.group(5),
-                            matcher.group(7),
-                            matcher.group(9),
-                            matcher.group(10),
-                            "g".equals(matcher.group(11))));
-      }
-      remaining = remaining.substring(matcher.end());
-    }
-    return result;
-  }
-
-  /**
-   * Set the static configuration to get the rules.
-   * @param conf the new configuration
-   * @throws IOException
-   */
-  public static void setConfiguration(Configuration conf) throws IOException {
-    String ruleString = conf.get("hadoop.security.auth_to_local", "DEFAULT");
-    rules = parseRules(ruleString);
-  }
-
-  @SuppressWarnings("serial")
-  public static class BadFormatString extends IOException {
-    BadFormatString(String msg) {
-      super(msg);
-    }
-    BadFormatString(String msg, Throwable err) {
-      super(msg, err);
-    }
-  }
-
-  @SuppressWarnings("serial")
-  public static class NoMatchingRule extends IOException {
-    NoMatchingRule(String msg) {
-      super(msg);
-    }
-  }
-
-  /**
-   * Get the translation of the principal name into an operating system
-   * user name.
-   * @return the short name
-   * @throws IOException
-   */
-  public String getShortName() throws IOException {
-    String[] params;
-    if (hostName == null) {
-      // if it is already simple, just return it
-      if (realm == null) {
-        return serviceName;
-      }
-      params = new String[]{realm, serviceName};
-    } else {
-      params = new String[]{realm, serviceName, hostName};
-    }
-    for(Rule r: rules) {
-      String result = r.apply(params);
-      if (result != null) {
-        return result;
-      }
-    }
-    throw new NoMatchingRule("No rules applied to " + toString());
-  }
-
-  static void printRules() throws IOException {
-    int i = 0;
-    for(Rule r: rules) {
-      System.out.println(++i + " " + r);
-    }
-  }
-
-  public static void main(String[] args) throws Exception {
-    setConfiguration(new Configuration());
-    for(String arg: args) {
-      KerberosName name = new KerberosName(arg);
-      System.out.println("Name: " + name + " to " + name.getShortName());
-    }
-  }
-}

hadoop-common/src/test/java/org/apache/hadoop/security/TestKerberosName.java

@@ -1,90 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.hadoop.security;
-
-import java.io.IOException;
-
-import org.apache.hadoop.conf.Configuration;
-import org.junit.Before;
-import org.junit.Test;
-import static org.junit.Assert.*;
-
-public class TestKerberosName {
-
-  @Before
-  public void setUp() throws Exception {
-    Configuration conf = new Configuration();
-    conf.set("hadoop.security.auth_to_local", 
-             ("RULE:[1:$1@$0](.*@YAHOO\\.COM)s/@.*//\n" +
-              "RULE:[2:$1](johndoe)s/^.*$/guest/\n" +
-              "RULE:[2:$1;$2](^.*;admin$)s/;admin$//\n" +
-              "RULE:[2:$2](root)\n" +
-              "DEFAULT"));
-    conf.set("hadoop.security.authentication", "kerberos");
-    KerberosName.setConfiguration(conf);
-    KerberosName.printRules();
-  }
-
-  private void checkTranslation(String from, String to) throws Exception {
-    System.out.println("Translate " + from);
-    KerberosName nm = new KerberosName(from);
-    String simple = nm.getShortName();
-    System.out.println("to " + simple);
-    assertEquals("short name incorrect", to, simple);
-  }
-
-  @Test
-  public void testRules() throws Exception {
-    checkTranslation("omalley@APACHE.ORG", "omalley");
-    checkTranslation("hdfs/10.0.0.1@APACHE.ORG", "hdfs");
-    checkTranslation("oom@YAHOO.COM", "oom");
-    checkTranslation("johndoe/zoo@FOO.COM", "guest");
-    checkTranslation("joe/admin@FOO.COM", "joe");
-    checkTranslation("joe/root@FOO.COM", "root");
-  }
-  
-  private void checkBadName(String name) {
-    System.out.println("Checking " + name + " to ensure it is bad.");
-    try {
-      new KerberosName(name);
-      fail("didn't get exception for " + name);
-    } catch (IllegalArgumentException iae) {
-      // PASS
-    }
-  }
-  
-  private void checkBadTranslation(String from) {
-    System.out.println("Checking bad translation for " + from);
-    KerberosName nm = new KerberosName(from);
-    try {
-      nm.getShortName();
-      fail("didn't get exception for " + from);
-    } catch (IOException ie) {
-      // PASS
-    }
-  }
-  
-  @Test
-  public void testAntiPatterns() throws Exception {
-    checkBadName("owen/owen/owen@FOO.COM");
-    checkBadName("owen@foo/bar.com");
-    checkBadTranslation("foo@ACME.COM");
-    checkBadTranslation("root/joe@FOO.COM");
-  }
-}