You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by wa...@apache.org on 2015/09/15 20:02:12 UTC
[06/19] hadoop git commit: HADOOP-12413. AccessControlList should
avoid calling getGroupNames in isUserInList with empty groups. Contributed by
Zhihai Xu.
HADOOP-12413. AccessControlList should avoid calling getGroupNames in isUserInList with empty groups. Contributed by Zhihai Xu.
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/b2017d9b
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/b2017d9b
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/b2017d9b
Branch: refs/heads/YARN-1197
Commit: b2017d9b032af20044fdf60ddbd1575a554ccb79
Parents: 083b44c
Author: cnauroth <cn...@apache.org>
Authored: Tue Sep 15 10:41:50 2015 -0700
Committer: cnauroth <cn...@apache.org>
Committed: Tue Sep 15 10:41:50 2015 -0700
----------------------------------------------------------------------
hadoop-common-project/hadoop-common/CHANGES.txt | 3 +++
.../apache/hadoop/security/authorize/AccessControlList.java | 2 +-
.../hadoop/security/authorize/TestAccessControlList.java | 9 +++++++++
3 files changed, 13 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hadoop/blob/b2017d9b/hadoop-common-project/hadoop-common/CHANGES.txt
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt
index a7ea0aa..fe09120 100644
--- a/hadoop-common-project/hadoop-common/CHANGES.txt
+++ b/hadoop-common-project/hadoop-common/CHANGES.txt
@@ -776,6 +776,9 @@ Release 2.8.0 - UNRELEASED
HADOOP-12324. Better exception reporting in SaslPlainServer.
(Mike Yoder via stevel)
+ HADOOP-12413. AccessControlList should avoid calling getGroupNames in
+ isUserInList with empty groups. (Zhihai Xu via cnauroth)
+
OPTIMIZATIONS
HADOOP-11785. Reduce the number of listStatus operation in distcp
http://git-wip-us.apache.org/repos/asf/hadoop/blob/b2017d9b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/AccessControlList.java
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/AccessControlList.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/AccessControlList.java
index f19776f..b1b474b 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/AccessControlList.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/AccessControlList.java
@@ -230,7 +230,7 @@ public class AccessControlList implements Writable {
public final boolean isUserInList(UserGroupInformation ugi) {
if (allAllowed || users.contains(ugi.getShortUserName())) {
return true;
- } else {
+ } else if (!groups.isEmpty()) {
for(String group: ugi.getGroupNames()) {
if (groups.contains(group)) {
return true;
http://git-wip-us.apache.org/repos/asf/hadoop/blob/b2017d9b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestAccessControlList.java
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestAccessControlList.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestAccessControlList.java
index 75b944d..ddf74d1 100644
--- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestAccessControlList.java
+++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestAccessControlList.java
@@ -37,6 +37,10 @@ import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.util.NativeCodeLoader;
import org.junit.Test;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.verify;
+
@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"})
@InterfaceStability.Evolving
public class TestAccessControlList {
@@ -449,6 +453,11 @@ public class TestAccessControlList {
assertUserAllowed(susan, acl);
assertUserAllowed(barbara, acl);
assertUserAllowed(ian, acl);
+
+ acl = new AccessControlList("");
+ UserGroupInformation spyUser = spy(drwho);
+ acl.isUserAllowed(spyUser);
+ verify(spyUser, never()).getGroupNames();
}
private void assertUserAllowed(UserGroupInformation ugi,