You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by om...@apache.org on 2011/03/04 04:48:15 UTC
svn commit: r1077169 - in
/hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred:
ReduceTask.java TaskTracker.java
Author: omalley
Date: Fri Mar 4 03:48:15 2011
New Revision: 1077169
URL: http://svn.apache.org/viewvc?rev=1077169&view=rev
Log:
commit d708644a758d1fbae959cb2b7fb8dfc6244bcb9e
Author: Devaraj Das <dd...@yahoo-inc.com>
Date: Tue Feb 16 12:51:39 2010 -0800
HADOOP:1026 from https://issues.apache.org/jira/secure/attachment/12436027/1026-bp20-bugfix.patch
+++ b/YAHOO-CHANGES.txt
+ HADOOP-1026. Fixes a bug in the backport. (ddas)
+
Modified:
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/ReduceTask.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskTracker.java
Modified: hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/ReduceTask.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/ReduceTask.java?rev=1077169&r1=1077168&r2=1077169&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/ReduceTask.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/ReduceTask.java Fri Mar 4 03:48:15 2011
@@ -1385,27 +1385,8 @@ class ReduceTask extends Task {
// Connect
URL url = mapOutputLoc.getOutputLocation();
URLConnection connection = url.openConnection();
-
- // generate hash of the url
- String msgToEncode = SecureShuffleUtils.buildMsgFrom(url);
- String encHash = SecureShuffleUtils.hashFromString(msgToEncode, jobTokenSecret);
-
- // put url hash into http header
- connection.addRequestProperty(
- SecureShuffleUtils.HTTP_HEADER_URL_HASH, encHash);
- InputStream input = getInputStream(connection, shuffleConnectionTimeout,
- shuffleReadTimeout);
-
- // get the replyHash which is HMac of the encHash we sent to the server
- String replyHash = connection.getHeaderField(SecureShuffleUtils.HTTP_HEADER_REPLY_URL_HASH);
- if(replyHash==null) {
- throw new IOException("security validation of TT Map output failed");
- }
- LOG.debug("url="+msgToEncode+";encHash="+encHash+";replyHash="+replyHash);
- // verify that replyHash is HMac of encHash
- SecureShuffleUtils.verifyReply(replyHash, encHash, jobTokenSecret);
- LOG.info("for url="+msgToEncode+" sent hash and receievd reply");
+ InputStream input = setupSecureConnection(mapOutputLoc, connection);
// Validate header from map output
TaskAttemptID mapId = null;
@@ -1477,6 +1458,38 @@ class ReduceTask extends Task {
return mapOutput;
}
+
+ private InputStream setupSecureConnection(MapOutputLocation mapOutputLoc,
+ URLConnection connection) throws IOException {
+
+ // generate hash of the url
+ String msgToEncode =
+ SecureShuffleUtils.buildMsgFrom(connection.getURL());
+ String encHash = SecureShuffleUtils.hashFromString(msgToEncode,
+ jobTokenSecret);
+
+ // put url hash into http header
+ connection.setRequestProperty(
+ SecureShuffleUtils.HTTP_HEADER_URL_HASH, encHash);
+
+ InputStream input = getInputStream(connection, shuffleConnectionTimeout,
+ shuffleReadTimeout);
+
+ // get the replyHash which is HMac of the encHash we sent to the server
+ String replyHash = connection.getHeaderField(
+ SecureShuffleUtils.HTTP_HEADER_REPLY_URL_HASH);
+ if(replyHash==null) {
+ throw new IOException("security validation of TT Map output failed");
+ }
+ if (LOG.isDebugEnabled())
+ LOG.debug("url="+msgToEncode+";encHash="+encHash+";replyHash="
+ +replyHash);
+ // verify that replyHash is HMac of encHash
+ SecureShuffleUtils.verifyReply(replyHash, encHash, jobTokenSecret);
+ if (LOG.isDebugEnabled())
+ LOG.debug("for url="+msgToEncode+" sent hash and receievd reply");
+ return input;
+ }
/**
* The connection establishment is attempted multiple times and is given up
@@ -1544,8 +1557,7 @@ class ReduceTask extends Task {
// Reconnect
try {
connection = mapOutputLoc.getOutputLocation().openConnection();
- input = getInputStream(connection, shuffleConnectionTimeout,
- shuffleReadTimeout);
+ input = setupSecureConnection(mapOutputLoc, connection);
} catch (IOException ioe) {
LOG.info("Failed reopen connection to fetch map-output from " +
mapOutputLoc.getHost());
Modified: hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskTracker.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskTracker.java?rev=1077169&r1=1077168&r2=1077169&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskTracker.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskTracker.java Fri Mar 4 03:48:15 2011
@@ -3460,7 +3460,8 @@ public class TaskTracker
String urlHashStr = request.getHeader(SecureShuffleUtils.HTTP_HEADER_URL_HASH);
if(urlHashStr == null) {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
- throw new IOException("fetcher cannot be authenticated");
+ throw new IOException("fetcher cannot be authenticated " +
+ request.getRemoteHost());
}
int len = urlHashStr.length();
LOG.debug("verifying request. enc_str="+enc_str+"; hash=..."+