You are viewing a plain text version of this content. The canonical link for it is here.
Posted to hdfs-commits@hadoop.apache.org by jg...@apache.org on 2010/07/07 22:22:47 UTC

svn commit: r961495 - in /hadoop/hdfs/trunk: CHANGES.txt src/java/org/apache/hadoop/hdfs/tools/DFSck.java

Author: jghoman
Date: Wed Jul  7 20:22:46 2010
New Revision: 961495

URL: http://svn.apache.org/viewvc?rev=961495&view=rev
Log:
HDFS-1005. Fsck security. Contributed by Boris Shkolnik and Kan Zhang.

Modified:
    hadoop/hdfs/trunk/CHANGES.txt
    hadoop/hdfs/trunk/src/java/org/apache/hadoop/hdfs/tools/DFSck.java

Modified: hadoop/hdfs/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/hdfs/trunk/CHANGES.txt?rev=961495&r1=961494&r2=961495&view=diff
==============================================================================
--- hadoop/hdfs/trunk/CHANGES.txt (original)
+++ hadoop/hdfs/trunk/CHANGES.txt Wed Jul  7 20:22:46 2010
@@ -13,6 +13,8 @@ Trunk (unreleased changes)
     HDFS-1004. Update NN to support Kerberized SSL from HADOOP-6584. 
     (jghoman and Kan Zhang via jghoman)
 
+    HDFS-1005. Fsck security. (borya and Kan Zhang via jghoman)
+
   IMPROVEMENTS
 
     HDFS-1096. fix for prev. commit. (boryas)

Modified: hadoop/hdfs/trunk/src/java/org/apache/hadoop/hdfs/tools/DFSck.java
URL: http://svn.apache.org/viewvc/hadoop/hdfs/trunk/src/java/org/apache/hadoop/hdfs/tools/DFSck.java?rev=961495&r1=961494&r2=961495&view=diff
==============================================================================
--- hadoop/hdfs/trunk/src/java/org/apache/hadoop/hdfs/tools/DFSck.java (original)
+++ hadoop/hdfs/trunk/src/java/org/apache/hadoop/hdfs/tools/DFSck.java Wed Jul  7 20:22:46 2010
@@ -24,6 +24,7 @@ import java.io.InputStreamReader;
 import java.net.URL;
 import java.net.URLConnection;
 import java.net.URLEncoder;
+import java.security.PrivilegedExceptionAction;
 
 import org.apache.hadoop.classification.InterfaceAudience;
 import org.apache.hadoop.conf.Configuration;
@@ -31,6 +32,8 @@ import org.apache.hadoop.conf.Configured
 import org.apache.hadoop.hdfs.server.namenode.NamenodeFsck;
 import org.apache.hadoop.hdfs.DFSConfigKeys;
 import org.apache.hadoop.hdfs.HdfsConfiguration;
+import org.apache.hadoop.security.Krb5AndCertsSslSocketConnector;
+import org.apache.hadoop.security.SecurityUtil;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.util.Tool;
 import org.apache.hadoop.util.ToolRunner;
@@ -76,6 +79,15 @@ public class DFSck extends Configured im
     super(conf);
     this.ugi = UserGroupInformation.getCurrentUser();
   }
+  
+  private String getInfoServer() {
+    Configuration conf = getConf();
+    return UserGroupInformation.isSecurityEnabled() ? conf.get(
+        DFSConfigKeys.DFS_NAMENODE_HTTPS_ADDRESS_KEY,
+        DFSConfigKeys.DFS_NAMENODE_HTTPS_ADDRESS_DEFAULT) : conf.get(
+        DFSConfigKeys.DFS_NAMENODE_HTTP_ADDRESS_KEY,
+        DFSConfigKeys.DFS_NAMENODE_HTTP_ADDRESS_DEFAULT);
+  }
 
   /**
    * Print fsck usage information
@@ -101,15 +113,34 @@ public class DFSck extends Configured im
   /**
    * @param args
    */
-  public int run(String[] args) throws IOException {
+  public int run(final String[] args) throws IOException {
     if (args.length == 0) {
       printUsage();
       return -1;
     }
 
-    final StringBuilder url = new StringBuilder("http://");
-    url.append(getConf().get(DFSConfigKeys.DFS_NAMENODE_HTTP_ADDRESS_KEY, 
-                             DFSConfigKeys.DFS_NAMENODE_HTTP_ADDRESS_DEFAULT));
+    try {
+      return UserGroupInformation.getCurrentUser().doAs(
+          new PrivilegedExceptionAction<Integer>() {
+            @Override
+            public Integer run() throws Exception {
+              return doWork(args);
+            }
+          });
+    } catch (InterruptedException e) {
+      throw new IOException(e);
+    }
+  }
+            
+  private int doWork(final String[] args) throws IOException {
+    String proto = "http://";
+    if (UserGroupInformation.isSecurityEnabled()) {
+      System.setProperty("https.cipherSuites",
+          Krb5AndCertsSslSocketConnector.KRB5_CIPHER_SUITES[0]);
+      proto = "https://";
+    }
+    final StringBuilder url = new StringBuilder(proto);
+    url.append(getInfoServer());
     url.append("/fsck?ugi=").append(ugi.getShortUserName()).append("&path=");
 
     String dir = "/";
@@ -129,6 +160,7 @@ public class DFSck extends Configured im
       else if (args[idx].equals("-racks")) { url.append("&racks=1"); }
     }
     URL path = new URL(url.toString());
+    SecurityUtil.fetchServiceTicket(path);
     URLConnection connection = path.openConnection();
     InputStream stream = connection.getInputStream();
     BufferedReader input = new BufferedReader(new InputStreamReader(