15 vuotta sitten · fbdb249460
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -81,6 +81,9 @@ Trunk (unreleased changes)
 
				     HADOOP-6603. Provide workaround for issue with Kerberos not resolving 
			
 
				     cross-realm principal (Kan Zhang and Jitendra Pandey via jghoman)
			
 
				 
			
 
				+    HADOOP-6620. NPE if renewer is passed as null in getDelegationToken.
			
 
				+    (Jitendra Pandey via jghoman)
			
 
				+
			
 
				 Release 0.21.0 - Unreleased
			
 
				 
			
 
				   INCOMPATIBLE CHANGES
			
--- a/src/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenIdentifier.java
+++ b/src/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenIdentifier.java
@@ -49,8 +49,16 @@ extends TokenIdentifier {
 
				   }
			
 
				   
			
 
				   public AbstractDelegationTokenIdentifier(Text owner, Text renewer, Text realUser) {
			
 
				-    this.owner = owner;
			
 
				-    this.renewer = renewer;
			
 
				+    if (owner == null) {
			
 
				+      this.owner = new Text();
			
 
				+    } else {
			
 
				+      this.owner = owner;
			
 
				+    }
			
 
				+    if (renewer == null) {
			
 
				+      this.renewer = new Text();
			
 
				+    } else {
			
 
				+      this.renewer = renewer;
			
 
				+    }
			
 
				     if (realUser == null) {
			
 
				       this.realUser = new Text();
			
 
				     } else {
			
@@ -170,4 +178,14 @@ extends TokenIdentifier {
 
				     WritableUtils.writeVInt(out, sequenceNumber);
			
 
				     WritableUtils.writeVInt(out, masterKeyId);
			
 
				   }
			
 
				+  
			
 
				+  public String toString() {
			
 
				+    StringBuilder buffer = new StringBuilder();
			
 
				+    buffer
			
 
				+        .append("owner=" + owner + ", renewer=" + renewer + ", realUser="
			
 
				+            + realUser + ", issueDate=" + issueDate + ", maxDate=" + maxDate
			
 
				+            + ", sequenceNumber=" + sequenceNumber + ", masterKeyId="
			
 
				+            + masterKeyId);
			
 
				+    return buffer.toString();
			
 
				+  }
			
 
				 }
			
--- a/src/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java
+++ b/src/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java
@@ -178,6 +178,7 @@ extends AbstractDelegationTokenIdentifier>
 
				   
			
 
				   @Override
			
 
				   protected synchronized byte[] createPassword(TokenIdent identifier) {
			
 
				+    LOG.info("Creating password for identifier: "+identifier);
			
 
				     int sequenceNum;
			
 
				     long now = System.currentTimeMillis();
			
 
				     sequenceNum = ++delegationTokenSequenceNumber;
			
@@ -220,12 +221,13 @@ extends AbstractDelegationTokenIdentifier>
 
				     DataInputStream in = new DataInputStream(buf);
			
 
				     TokenIdent id = createIdentifier();
			
 
				     id.readFields(in);
			
 
				-
			
 
				+    LOG.info("Token renewal requested for identifier: "+id);
			
 
				+    
			
 
				     if (id.getMaxDate() < now) {
			
 
				       throw new InvalidToken("User " + renewer + 
			
 
				                              " tried to renew an expired token");
			
 
				     }
			
 
				-    if (id.getRenewer() == null) {
			
 
				+    if ((id.getRenewer() == null) || ("".equals(id.getRenewer().toString()))) {
			
 
				       throw new AccessControlException("User " + renewer + 
			
 
				                                        " tried to renew a token without " +
			
 
				                                        "a renewer");
			
@@ -271,13 +273,16 @@ extends AbstractDelegationTokenIdentifier>
 
				     DataInputStream in = new DataInputStream(buf);
			
 
				     TokenIdent id = createIdentifier();
			
 
				     id.readFields(in);
			
 
				+    LOG.info("Token cancelation requested for identifier: "+id);
			
 
				+    
			
 
				     if (id.getUser() == null) {
			
 
				       throw new InvalidToken("Token with no owner");
			
 
				     }
			
 
				     String owner = id.getUser().getUserName();
			
 
				     Text renewer = id.getRenewer();
			
 
				     if (!canceller.equals(owner)
			
 
				-        && (renewer == null || !canceller.equals(renewer.toString()))) {
			
 
				+        && (renewer == null || "".equals(renewer.toString()) || !canceller
			
 
				+            .equals(renewer.toString()))) {
			
 
				       throw new AccessControlException(canceller
			
 
				           + " is not authorized to cancel the token");
			
 
				     }
			
--- a/src/test/core/org/apache/hadoop/security/token/delegation/TestDelegationToken.java
+++ b/src/test/core/org/apache/hadoop/security/token/delegation/TestDelegationToken.java
@@ -365,4 +365,24 @@ public class TestDelegationToken {
 
				       dtSecretManager.stopThreads();
			
 
				     }
			
 
				   }
			
 
				+  
			
 
				+  @Test 
			
 
				+  public void testDelegationTokenNullRenewer() throws Exception {
			
 
				+    TestDelegationTokenSecretManager dtSecretManager = 
			
 
				+      new TestDelegationTokenSecretManager(24*60*60*1000,
			
 
				+        10*1000,1*1000,3600000);
			
 
				+    dtSecretManager.startThreads();
			
 
				+    TestDelegationTokenIdentifier dtId = new TestDelegationTokenIdentifier(new Text(
			
 
				+        "theuser"), null, null);
			
 
				+    Token<TestDelegationTokenIdentifier> token = new Token<TestDelegationTokenIdentifier>(
			
 
				+        dtId, dtSecretManager);
			
 
				+    Assert.assertTrue(token != null);
			
 
				+    try {
			
 
				+      dtSecretManager.renewToken(token, "");
			
 
				+      Assert.fail("Renewal must not succeed");
			
 
				+    } catch (IOException e) {
			
 
				+      //PASS
			
 
				+    }
			
 
				+  }
			
 
				+
			
 
				 }