You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by ma...@apache.org on 2011/12/15 09:49:46 UTC

svn commit: r1214658 - in /hadoop/common/branches/branch-1.0: CHANGES.txt src/mapred/org/apache/hadoop/mapred/JobClient.java src/test/org/apache/hadoop/mapreduce/security/token/TestDelegationTokenRenewal.java

Author: mattf
Date: Thu Dec 15 08:49:46 2011
New Revision: 1214658

URL: http://svn.apache.org/viewvc?rev=1214658&view=rev
Log:
MAPREDUCE-3475. JT can't renew its own tokens. Contributed by Daryn Sharp.

Modified:
    hadoop/common/branches/branch-1.0/CHANGES.txt
    hadoop/common/branches/branch-1.0/src/mapred/org/apache/hadoop/mapred/JobClient.java
    hadoop/common/branches/branch-1.0/src/test/org/apache/hadoop/mapreduce/security/token/TestDelegationTokenRenewal.java

Modified: hadoop/common/branches/branch-1.0/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.0/CHANGES.txt?rev=1214658&r1=1214657&r2=1214658&view=diff
==============================================================================
--- hadoop/common/branches/branch-1.0/CHANGES.txt (original)
+++ hadoop/common/branches/branch-1.0/CHANGES.txt Thu Dec 15 08:49:46 2011
@@ -61,6 +61,8 @@ Release 1.0.0 - 2011.11.27
 
   BUG FIXES
 
+    MAPREDUCE-3475. JT can't renew its own tokens. (Daryn Sharp via mattf)
+
     HADOOP-7869. HADOOP_HOME warning happens all of the time (Owen O'Malley
     via mattf)
 

Modified: hadoop/common/branches/branch-1.0/src/mapred/org/apache/hadoop/mapred/JobClient.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.0/src/mapred/org/apache/hadoop/mapred/JobClient.java?rev=1214658&r1=1214657&r2=1214658&view=diff
==============================================================================
--- hadoop/common/branches/branch-1.0/src/mapred/org/apache/hadoop/mapred/JobClient.java (original)
+++ hadoop/common/branches/branch-1.0/src/mapred/org/apache/hadoop/mapred/JobClient.java Thu Dec 15 08:49:46 2011
@@ -19,6 +19,8 @@ package org.apache.hadoop.mapred;
 
 import java.io.BufferedReader;
 import java.io.BufferedWriter;
+import java.io.ByteArrayInputStream;
+import java.io.DataInputStream;
 import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.FileOutputStream;
@@ -509,7 +511,13 @@ public class JobClient extends Configure
 
     @Override
     public boolean isManaged(Token<?> token) throws IOException {
-      return true;
+      ByteArrayInputStream buf = new ByteArrayInputStream(token.getIdentifier());
+      DelegationTokenIdentifier id = new DelegationTokenIdentifier(); 
+      id.readFields(new DataInputStream(buf));
+      // AbstractDelegationToken converts given renewer to a short name, but
+      // AbstractDelegationTokenSecretManager does not, so we have to do it
+      String loginUser = UserGroupInformation.getLoginUser().getShortUserName();
+      return loginUser.equals(id.getRenewer().toString());
     }
     
   }

Modified: hadoop/common/branches/branch-1.0/src/test/org/apache/hadoop/mapreduce/security/token/TestDelegationTokenRenewal.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.0/src/test/org/apache/hadoop/mapreduce/security/token/TestDelegationTokenRenewal.java?rev=1214658&r1=1214657&r2=1214658&view=diff
==============================================================================
--- hadoop/common/branches/branch-1.0/src/test/org/apache/hadoop/mapreduce/security/token/TestDelegationTokenRenewal.java (original)
+++ hadoop/common/branches/branch-1.0/src/test/org/apache/hadoop/mapreduce/security/token/TestDelegationTokenRenewal.java Thu Dec 15 08:49:46 2011
@@ -20,7 +20,9 @@ package org.apache.hadoop.mapreduce.secu
 
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
 
 import java.io.IOException;
 import java.net.InetAddress;
@@ -40,6 +42,7 @@ import org.apache.hadoop.hdfs.server.nam
 import org.apache.hadoop.io.Text;
 import org.apache.hadoop.mapreduce.JobID;
 import org.apache.hadoop.security.Credentials;
+import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.security.token.Token;
 import org.apache.hadoop.security.token.SecretManager.InvalidToken;
 import org.apache.hadoop.security.token.TokenRenewer;
@@ -102,10 +105,12 @@ public class TestDelegationTokenRenewal 
   }
 
   private static Configuration conf;
+  private static String trackerService = "localhost:0";
  
   @BeforeClass
   public static void setUp() throws Exception {
     conf = new Configuration();
+    conf.set("mapred.job.tracker", trackerService);
     
     // create a fake FileSystem (MyFS) and assosiate it
     // with "hdfs" schema.
@@ -220,6 +225,30 @@ public class TestDelegationTokenRenewal 
     return token1;
   }
   
+  @Test 
+  public void testLocalMRTokenRenewal() throws IOException {
+    String user = UserGroupInformation.getLoginUser().getUserName();
+    
+    DelegationTokenIdentifier ident = new DelegationTokenIdentifier(
+        new Text(user), new Text(user), null);
+    Token<?> t = new Token<DelegationTokenIdentifier>(
+        ident.getBytes(),
+        new byte[]{},
+        org.apache.hadoop.mapreduce.security.token.delegation.DelegationTokenIdentifier.MAPREDUCE_DELEGATION_KIND,
+        new Text("service"));
+    assertTrue(t.isManaged());
+    
+    ident = new DelegationTokenIdentifier(
+        new Text(user), new Text(user+"-is-not-me"), null);
+    t = new Token<DelegationTokenIdentifier>(
+        ident.getBytes(),
+        new byte[]{},
+        org.apache.hadoop.mapreduce.security.token.delegation.DelegationTokenIdentifier.MAPREDUCE_DELEGATION_KIND,
+        new Text("service"));
+    
+    assertFalse(t.isManaged());
+    
+  }
   
   /**
    * Basic idea of the test: