You are viewing a plain text version of this content. The canonical link for it is here.
Posted to hdfs-commits@hadoop.apache.org by da...@apache.org on 2012/08/31 23:29:57 UTC
svn commit: r1379620 - in
/hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs:
CHANGES.txt src/main/java/org/apache/hadoop/hdfs/HftpFileSystem.java
src/test/java/org/apache/hadoop/hdfs/TestHftpDelegationToken.java
Author: daryn
Date: Fri Aug 31 21:29:56 2012
New Revision: 1379620
URL: http://svn.apache.org/viewvc?rev=1379620&view=rev
Log:
HDFS-3873. Hftp assumes security is disabled if token fetch fails (daryn)
Modified:
hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/HftpFileSystem.java
hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestHftpDelegationToken.java
Modified: hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt?rev=1379620&r1=1379619&r2=1379620&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt (original)
+++ hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt Fri Aug 31 21:29:56 2012
@@ -118,6 +118,8 @@ Release 0.23.3 - UNRELEASED
HDFS-3861. Deadlock in DFSClient (Kihwal Lee via daryn)
+ HDFS-3873. Hftp assumes security is disabled if token fetch fails (daryn)
+
Release 0.23.2 - UNRELEASED
INCOMPATIBLE CHANGES
Modified: hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/HftpFileSystem.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/HftpFileSystem.java?rev=1379620&r1=1379619&r2=1379620&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/HftpFileSystem.java (original)
+++ hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/HftpFileSystem.java Fri Aug 31 21:29:56 2012
@@ -21,6 +21,7 @@ package org.apache.hadoop.hdfs;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
+import java.net.ConnectException;
import java.net.HttpURLConnection;
import java.net.InetSocketAddress;
import java.net.URI;
@@ -234,14 +235,13 @@ public class HftpFileSystem extends File
Credentials c;
try {
c = DelegationTokenFetcher.getDTfromRemote(nnHttpUrl, renewer);
- } catch (Exception e) {
- LOG.info("Couldn't get a delegation token from " + nnHttpUrl +
- " using https.");
- if(LOG.isDebugEnabled()) {
- LOG.debug("error was ", e);
+ } catch (IOException e) {
+ if (e.getCause() instanceof ConnectException) {
+ LOG.warn("Couldn't connect to " + nnHttpUrl +
+ ", assuming security is disabled");
+ return null;
}
- //Maybe the server is in unsecure mode (that's bad but okay)
- return null;
+ throw e;
}
for (Token<? extends TokenIdentifier> t : c.getAllTokens()) {
if(LOG.isDebugEnabled()) {
Modified: hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestHftpDelegationToken.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestHftpDelegationToken.java?rev=1379620&r1=1379619&r2=1379620&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestHftpDelegationToken.java (original)
+++ hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestHftpDelegationToken.java Fri Aug 31 21:29:56 2012
@@ -23,6 +23,8 @@ import static
import java.io.IOException;
import java.lang.reflect.Field;
+import java.net.ServerSocket;
+import java.net.Socket;
import java.net.URI;
import java.security.PrivilegedExceptionAction;
import org.junit.Test;
@@ -135,6 +137,53 @@ public class TestHftpDelegationToken {
conf.setInt(DFSConfigKeys.DFS_NAMENODE_HTTPS_PORT_KEY, 5);
}
+
+ @Test
+ public void testInsecureRemoteCluster() throws Exception {
+ final ServerSocket socket = new ServerSocket(0); // just reserve a port
+ socket.close();
+ Configuration conf = new Configuration();
+ URI fsUri = URI.create("hsftp://localhost:"+socket.getLocalPort());
+ assertNull(FileSystem.newInstance(fsUri, conf).getDelegationToken(null));
+ }
+
+ @Test
+ public void testSecureClusterError() throws Exception {
+ final ServerSocket socket = new ServerSocket(0);
+ Thread t = new Thread() {
+ @Override
+ public void run() {
+ while (true) { // fetching does a few retries
+ try {
+ Socket s = socket.accept();
+ s.getOutputStream().write(1234);
+ s.shutdownOutput();
+ } catch (Exception e) {
+ break;
+ }
+ }
+ }
+ };
+ t.start();
+
+ try {
+ Configuration conf = new Configuration();
+ URI fsUri = URI.create("hsftp://localhost:"+socket.getLocalPort());
+ Exception ex = null;
+ try {
+ FileSystem.newInstance(fsUri, conf).getDelegationToken(null);
+ } catch (Exception e) {
+ ex = e;
+ }
+ assertNotNull(ex);
+ assertNotNull(ex.getCause());
+ assertEquals("Can't get service ticket for: host/localhost",
+ ex.getCause().getMessage());
+ } finally {
+ t.interrupt();
+ }
+ }
+
private void checkTokenSelection(HftpFileSystem fs,
int port,
Configuration conf) throws IOException {
@@ -217,4 +266,4 @@ public class TestHftpDelegationToken {
@Override
protected void initDelegationToken() throws IOException {}
}
-}
\ No newline at end of file
+}