You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by om...@apache.org on 2011/03/04 04:46:31 UTC
svn commit: r1077152 - in
/hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop:
mapred/ mapreduce/
Author: omalley
Date: Fri Mar 4 03:46:30 2011
New Revision: 1077152
URL: http://svn.apache.org/viewvc?rev=1077152&view=rev
Log:
commit 3ecd6921abf23d7c687293dc261c0df7c00e6216
Author: Devaraj Das <dd...@yahoo-inc.com>
Date: Sat Feb 6 12:45:49 2010 -0800
MAPREDUCE:1440 from https://issues.apache.org/jira/secure/attachment/12435087/1440.y20.patch
Modified:
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/IsolationRunner.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/JobHistory.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/JobQueueClient.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/JobTracker.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/LinuxTaskController.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/LocalJobRunner.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/QueueManager.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskTracker.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapreduce/JobSubmissionFiles.java
Modified: hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/IsolationRunner.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/IsolationRunner.java?rev=1077152&r1=1077151&r2=1077152&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/IsolationRunner.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/IsolationRunner.java Fri Mar 4 03:46:30 2011
@@ -157,7 +157,7 @@ public class IsolationRunner {
if (args.length > 1) {
user = args[1];
} else {
- user = UserGroupInformation.getCurrentUser().getUserName();
+ user = UserGroupInformation.getCurrentUser().getShortUserName();
}
JobConf conf = new JobConf(new Path(jobFilename.toString()));
conf.setUser(user);
Modified: hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/JobHistory.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/JobHistory.java?rev=1077152&r1=1077151&r2=1077152&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/JobHistory.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/JobHistory.java Fri Mar 4 03:46:30 2011
@@ -829,8 +829,7 @@ public class JobHistory {
private static String getNewJobHistoryFileName(JobConf jobConf, JobID id) {
return JOBTRACKER_UNIQUE_STRING
+ id.toString() + "_" +
- UserGroupInformation.createRemoteUser(getUserName(jobConf)).
- getShortUserName()
+ getUserName(jobConf)
+ "_"
+ trimJobName(getJobName(jobConf));
}
@@ -876,8 +875,7 @@ public class JobHistory {
private static synchronized String getJobHistoryFileName(JobConf jobConf,
JobID id, Path dir, FileSystem fs)
throws IOException {
- String user = UserGroupInformation.createRemoteUser(getUserName(jobConf)).
- getShortUserName();
+ String user = getUserName(jobConf);
String jobName = trimJobName(getJobName(jobConf));
if (LOG_DIR == null) {
return null;
Modified: hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/JobQueueClient.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/JobQueueClient.java?rev=1077152&r1=1077151&r2=1077152&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/JobQueueClient.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/JobQueueClient.java Fri Mar 4 03:46:30 2011
@@ -151,7 +151,7 @@ class JobQueueClient extends Configured
UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
if (queueAclsInfoList.length > 0) {
System.out.println("Queue acls for user : "
- + ugi.getUserName());
+ + ugi.getShortUserName());
System.out.println("\nQueue Operations");
System.out.println("=====================");
for (QueueAclsInfo queueInfo : queueAclsInfoList) {
@@ -168,7 +168,7 @@ class JobQueueClient extends Configured
}
} else {
System.out.println("User " +
- ugi.getUserName() +
+ ugi.getShortUserName() +
" does not have access to any queue. \n");
}
}
Modified: hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/JobTracker.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/JobTracker.java?rev=1077152&r1=1077151&r2=1077152&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/JobTracker.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/JobTracker.java Fri Mar 4 03:46:30 2011
@@ -1617,14 +1617,14 @@ public class JobTracker implements MRCon
UserGroupInformation ugi =
UserGroupInformation.createRemoteUser(job.getJobConf().getUser());
LOG.info("Submitting job " + id + " on behalf of user "
- + ugi.getUserName() + " in groups : "
+ + ugi.getShortUserName() + " in groups : "
+ StringUtils.arrayToString(ugi.getGroupNames()));
// check the access
try {
checkAccess(job, QueueManager.QueueOperation.SUBMIT_JOB, ugi);
} catch (Throwable t) {
- LOG.warn("Access denied for user " + ugi.getUserName()
+ LOG.warn("Access denied for user " + ugi.getShortUserName()
+ " in groups : ["
+ StringUtils.arrayToString(ugi.getGroupNames()) + "]");
throw t;
@@ -1942,7 +1942,7 @@ public class JobTracker implements MRCon
}
supergroup = conf.get("mapred.permissions.supergroup", "supergroup");
- LOG.info("Starting jobtracker with owner as " + mrOwner.getUserName()
+ LOG.info("Starting jobtracker with owner as " + mrOwner.getShortUserName()
+ " and supergroup as " + supergroup);
//
@@ -2084,9 +2084,9 @@ public class JobTracker implements MRCon
}
try {
FileStatus systemDirStatus = fs.getFileStatus(systemDir);
- if (!systemDirStatus.getOwner().equals(mrOwner.getUserName())) {
+ if (!systemDirStatus.getOwner().equals(mrOwner.getShortUserName())) {
throw new AccessControlException("The systemdir " + systemDir +
- " is not owned by " + mrOwner.getUserName());
+ " is not owned by " + mrOwner.getShortUserName());
}
if (!systemDirStatus.getPermission().equals(SYSTEM_DIR_PERMISSION)) {
LOG.warn("Incorrect permissions on " + systemDir +
@@ -3517,7 +3517,7 @@ public class JobTracker implements MRCon
return jobs.get(jobId).getStatus();
}
UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
- JobInfo jobInfo = new JobInfo(jobId, new Text(ugi.getUserName()),
+ JobInfo jobInfo = new JobInfo(jobId, new Text(ugi.getShortUserName()),
new Path(jobSubmitDir));
JobInProgress job = null;
tokenStorage = ts;
@@ -3574,7 +3574,7 @@ public class JobTracker implements MRCon
new Path(conf.get("mapreduce.jobtracker.staging.root.dir",
"/tmp/hadoop/mapred/staging"));
FileSystem fs = stagingRootDir.getFileSystem(conf);
- String user = UserGroupInformation.getCurrentUser().getUserName();
+ String user = UserGroupInformation.getCurrentUser().getShortUserName();
return fs.makeQualified(new Path(stagingRootDir,
user+"/.staging")).toString();
}
@@ -3621,7 +3621,7 @@ public class JobTracker implements MRCon
String queue = job.getProfile().getQueueName();
if (!queueManager.hasAccess(queue, job, oper, ugi)) {
throw new AccessControlException("User "
- + ugi.getUserName()
+ + ugi.getShortUserName()
+ " cannot perform "
+ "operation " + oper + " on queue " + queue +
".\n Please run \"hadoop queue -showacls\" " +
@@ -4277,7 +4277,7 @@ public class JobTracker implements MRCon
*/
private synchronized boolean isSuperUser() throws IOException {
UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
- if (mrOwner.getUserName().equals(ugi.getUserName()) ) {
+ if (mrOwner.getShortUserName().equals(ugi.getShortUserName()) ) {
return true;
}
String[] groups = ugi.getGroupNames();
@@ -4296,7 +4296,7 @@ public class JobTracker implements MRCon
public synchronized void refreshNodes() throws IOException {
// check access
if (!isSuperUser()) {
- String user = UserGroupInformation.getCurrentUser().getUserName();
+ String user = UserGroupInformation.getCurrentUser().getShortUserName();
throw new AccessControlException(user +
" is not authorized to refresh nodes.");
}
@@ -4542,7 +4542,7 @@ public class JobTracker implements MRCon
@Override
public void refreshUserToGroupsMappings(Configuration conf) throws IOException {
LOG.info("Refreshing all user-to-groups mappings. Requested by user: " +
- UserGroupInformation.getCurrentUser().getUserName());
+ UserGroupInformation.getCurrentUser().getShortUserName());
Groups.getUserToGroupsMappingService(conf).refresh();
}
@@ -4602,7 +4602,7 @@ public class JobTracker implements MRCon
@Override
public void refreshQueueAcls() throws IOException{
LOG.info("Refreshing queue acls. requested by : " +
- UserGroupInformation.getCurrentUser().getUserName());
+ UserGroupInformation.getCurrentUser().getShortUserName());
this.queueManager.refreshAcls(new Configuration(this.conf));
}
Modified: hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/LinuxTaskController.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/LinuxTaskController.java?rev=1077152&r1=1077151&r2=1077152&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/LinuxTaskController.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/LinuxTaskController.java Fri Mar 4 03:46:30 2011
@@ -393,7 +393,7 @@ class LinuxTaskController extends TaskCo
throws IOException {
String[] taskControllerCmd = new String[3 + cmdArgs.size()];
taskControllerCmd[0] = getTaskControllerExecutablePath();
- taskControllerCmd[1] = TaskTracker.getShortUserName(userName);
+ taskControllerCmd[1] = userName;
taskControllerCmd[2] = String.valueOf(command.ordinal());
int i = 3;
for (String cmdArg : cmdArgs) {
Modified: hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/LocalJobRunner.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/LocalJobRunner.java?rev=1077152&r1=1077151&r2=1077152&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/LocalJobRunner.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/LocalJobRunner.java Fri Mar 4 03:46:30 2011
@@ -508,7 +508,7 @@ class LocalJobRunner implements JobSubmi
UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
String user;
if (ugi != null) {
- user = ugi.getUserName() + rand.nextInt();
+ user = ugi.getShortUserName() + rand.nextInt();
} else {
user = "dummy" + rand.nextInt();
}
Modified: hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/QueueManager.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/QueueManager.java?rev=1077152&r1=1077151&r2=1077152&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/QueueManager.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/QueueManager.java Fri Mar 4 03:46:30 2011
@@ -175,7 +175,7 @@ class QueueManager {
}
if (oper.isJobOwnerAllowed()) {
- if (job != null && job.getJobConf().getUser().equals(ugi.getUserName())) {
+ if (job != null && job.getJobConf().getUser().equals(ugi.getShortUserName())) {
return true;
}
}
@@ -323,7 +323,7 @@ class QueueManager {
/**
* Generates the array of QueueAclsInfo object. The array consists of only those queues
- * for which user <ugi.getUserName()> has acls
+ * for which user <ugi.getShortUserName()> has acls
*
* @return QueueAclsInfo[]
* @throws java.io.IOException
Modified: hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskTracker.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskTracker.java?rev=1077152&r1=1077151&r2=1077152&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskTracker.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskTracker.java Fri Mar 4 03:46:30 2011
@@ -454,7 +454,7 @@ public class TaskTracker
}
public static String getUserDir(String user) {
- return TaskTracker.SUBDIR + Path.SEPARATOR + getShortUserName(user);
+ return TaskTracker.SUBDIR + Path.SEPARATOR + user;
}
Localizer getLocalizer() {
@@ -465,17 +465,6 @@ public class TaskTracker
localizer = l;
}
- /**
- * This method must be called in all places where the short user name is
- * desired (e.g. TaskTracker.getUserDir and in the LinuxTaskController).
- * The short name is required in the path creation
- * (like TaskTracker.getUserDir) and while launching task processes as the
- * user.
- */
- static String getShortUserName(String name) {
- return UserGroupInformation.createRemoteUser(name).getShortUserName();
- }
-
public static String getPrivateDistributedCacheDir(String user) {
return getUserDir(user) + Path.SEPARATOR + TaskTracker.DISTCACHEDIR;
}
Modified: hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapreduce/JobSubmissionFiles.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapreduce/JobSubmissionFiles.java?rev=1077152&r1=1077151&r2=1077152&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapreduce/JobSubmissionFiles.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapreduce/JobSubmissionFiles.java Fri Mar 4 03:46:30 2011
@@ -96,8 +96,8 @@ public class JobSubmissionFiles {
String realUser;
String currentUser;
UserGroupInformation ugi = UserGroupInformation.getLoginUser();
- realUser = ugi.getUserName();
- currentUser = UserGroupInformation.getCurrentUser().getUserName();
+ realUser = ugi.getShortUserName();
+ currentUser = UserGroupInformation.getCurrentUser().getShortUserName();
if (fs.exists(stagingArea)) {
FileStatus fsStatus = fs.getFileStatus(stagingArea);
String owner = fsStatus.getOwner();