You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-commits@hadoop.apache.org by ga...@apache.org on 2020/05/03 22:16:49 UTC

[hadoop] annotated tag release-3.1.4-RC0 updated (ec1fefc -> c3fb66c)

This is an automated email from the ASF dual-hosted git repository.

gabota pushed a change to annotated tag release-3.1.4-RC0
in repository https://gitbox.apache.org/repos/asf/hadoop.git.


*** WARNING: tag release-3.1.4-RC0 was modified! ***

    from ec1fefc  (tag)
      to c3fb66c  (tag)
 tagging bea7ec41c21531dfa3a04416bcb259dfb146ee46 (commit)
      by Gabor Bota
      on Mon May 4 00:15:41 2020 +0200

- Log -----------------------------------------------------------------
Release candidate - 3.1.4-RC0
-----BEGIN PGP SIGNATURE-----

iQJGBAABCAAwFiEE+bK85q7nNCnplJvXuGJJ2DU5s4wFAl6vQo0SHGdhYm90YUBh
cGFjaGUub3JnAAoJELhiSdg1ObOMySkQAIiJuh3C2QRbI2yTP0sY2EWfnHro0bDY
UCKGVQW8m2FmUqjz/bPN747j4BMLKgDojh1AzeiB5cl1dqg6OpQ4sspZFEy8PNV0
t80oRO16pzgLpECncQ5aWUTFTJu9i5VWJvAZV9Amob5/bVlPwxeqb5uiFNx/UiuC
hgtTFC6HDOXyNeRGy8co5LQvU/PC3F3nO1wwAEPhCcnscOztOJHiZUYuo2P4XWhK
tp+E+ff41mMKnkIvbK+75BY03P5LDtwK/2sHJMX7T4S7MZBZloxar+HYvyDyQqWK
SCBDeM2SynVKLlx85q+rIPoCepTyGq+hsbDkD2OwN68eK5DTZt3B4HUjpoU20AM8
MMEgW/9WAi1FPN0cY+POfCMkXtlhTqa6177C8mEb5v9McQ456zwFrOiD8bt0Queg
0pPB5waUq5OU5EQpBSdv+e0k9RhyhlimQVqgOL3lIVIkIeC7o2/0YrCa615a6EvU
UuG/FjDZv1NabK0v76x/i60VGH88TuqeNnvjVN9TQF+OfkuW6xB3borJ9Yy+Ywok
TnHrh+tqYyrMRe5MBl2GaR1D12/NR77zL0FWaZGkaLUo6NVXBQaLrxyg9cHqz2bm
37jeglj1xqDJU/ULJW6vDf7zYxdf9eX+3sZIq2EjbD6NHDP4SpSY3wRbufJkl4rs
uH5kXZ8a6z5X
=MmSt
-----END PGP SIGNATURE-----
-----------------------------------------------------------------------

    from 818cd3b  Preparing for 3.1.4 release
     new bea7ec4  SPNEGO TLS verification

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../main/java/org/apache/hadoop/hdfs/web/WebHdfsFileSystem.java   | 8 ++++++++
 1 file changed, 8 insertions(+)


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org

[hadoop] 01/01: SPNEGO TLS verification

Posted by ga...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

gabota pushed a commit to annotated tag release-3.1.4-RC0
in repository https://gitbox.apache.org/repos/asf/hadoop.git

commit bea7ec41c21531dfa3a04416bcb259dfb146ee46
Author: Eric Yang <ey...@apache.org>
AuthorDate: Tue Mar 31 13:37:55 2020 -0400

    SPNEGO TLS verification
    
    Signed-off-by: Akira Ajisaka <aa...@apache.org>
    (cherry picked from commit ba66f3b454a5f6ea84f2cf7ac0082c555e2954a7)
    (cherry picked from commit 4b7d6667fdc1e252c717fb98a01015f046910672)
    (cherry picked from commit 830250758161dce4c9f1f7736026354ddb28f922)
---
 .../main/java/org/apache/hadoop/hdfs/web/WebHdfsFileSystem.java   | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/web/WebHdfsFileSystem.java b/hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/web/WebHdfsFileSystem.java
index 37b66e6..54eada8 100644
--- a/hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/web/WebHdfsFileSystem.java
+++ b/hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/web/WebHdfsFileSystem.java
@@ -144,6 +144,7 @@ public class WebHdfsFileSystem extends FileSystem
       + "/v" + VERSION;
   public static final String EZ_HEADER = "X-Hadoop-Accept-EZ";
   public static final String FEFINFO_HEADER = "X-Hadoop-feInfo";
+  public static final String DFS_HTTP_POLICY_KEY = "dfs.http.policy";
 
   /**
    * Default connection factory may be overridden in tests to use smaller
@@ -173,6 +174,7 @@ public class WebHdfsFileSystem extends FileSystem
 
   private DFSOpsCountStatistics storageStatistics;
   private KeyProvider testProvider;
+  private boolean isTLSKrb;
 
   /**
    * Return the protocol scheme for the FileSystem.
@@ -235,6 +237,7 @@ public class WebHdfsFileSystem extends FileSystem
           .newDefaultURLConnectionFactory(connectTimeout, readTimeout, conf);
     }
 
+    this.isTLSKrb = "HTTPS_ONLY".equals(conf.get(DFS_HTTP_POLICY_KEY));
 
     ugi = UserGroupInformation.getCurrentUser();
     this.uri = URI.create(uri.getScheme() + "://" + uri.getAuthority());
@@ -692,6 +695,11 @@ public class WebHdfsFileSystem extends FileSystem
       //redirect hostname and port
       redirectHost = null;
 
+      if (url.getProtocol().equals(getTransportScheme()) &&
+        UserGroupInformation.isSecurityEnabled() &&
+        isTLSKrb) {
+        throw new IOException("Access denied: dfs.http.policy is HTTPS_ONLY.");
+      }
 
       // resolve redirects for a DN operation unless already resolved
       if (op.getRedirect() && !redirected) {


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org