You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by br...@apache.org on 2014/08/06 01:59:05 UTC
svn commit: r1616056 - in
/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common:
CHANGES.txt src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java
src/test/java/org/apache/hadoop/security/TestLdapGroupsMapping.java
Author: brandonli
Date: Tue Aug 5 23:59:05 2014
New Revision: 1616056
URL: http://svn.apache.org/r1616056
Log:
HADOOP-10905. Merging change r1616054 from trunk
Modified:
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMapping.java
Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1616056&r1=1616055&r2=1616056&view=diff
==============================================================================
--- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt (original)
+++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt Tue Aug 5 23:59:05 2014
@@ -108,6 +108,9 @@ Release 2.6.0 - UNRELEASED
HADOOP-10759. Remove hardcoded JAVA_HEAP_MAX. (Sam Liu via Eric Yang)
+ HADOOP-10905. LdapGroupsMapping Should use configuration.getPassword for SSL
+ and LDAP Passwords. (lmccay via brandonli)
+
Release 2.5.0 - UNRELEASED
INCOMPATIBLE CHANGES
Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java?rev=1616056&r1=1616055&r2=1616056&view=diff
==============================================================================
--- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java (original)
+++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java Tue Aug 5 23:59:05 2014
@@ -312,15 +312,15 @@ public class LdapGroupsMapping
useSsl = conf.getBoolean(LDAP_USE_SSL_KEY, LDAP_USE_SSL_DEFAULT);
keystore = conf.get(LDAP_KEYSTORE_KEY, LDAP_KEYSTORE_DEFAULT);
- keystorePass =
- conf.get(LDAP_KEYSTORE_PASSWORD_KEY, LDAP_KEYSTORE_PASSWORD_DEFAULT);
+ keystorePass = getPassword(conf, LDAP_KEYSTORE_PASSWORD_KEY,
+ LDAP_KEYSTORE_PASSWORD_DEFAULT);
if (keystorePass.isEmpty()) {
keystorePass = extractPassword(conf.get(LDAP_KEYSTORE_PASSWORD_FILE_KEY,
LDAP_KEYSTORE_PASSWORD_FILE_DEFAULT));
}
bindUser = conf.get(BIND_USER_KEY, BIND_USER_DEFAULT);
- bindPassword = conf.get(BIND_PASSWORD_KEY, BIND_PASSWORD_DEFAULT);
+ bindPassword = getPassword(conf, BIND_PASSWORD_KEY, BIND_PASSWORD_DEFAULT);
if (bindPassword.isEmpty()) {
bindPassword = extractPassword(
conf.get(BIND_PASSWORD_FILE_KEY, BIND_PASSWORD_FILE_DEFAULT));
@@ -341,7 +341,25 @@ public class LdapGroupsMapping
this.conf = conf;
}
-
+
+ String getPassword(Configuration conf, String alias, String defaultPass) {
+ String password = null;
+ try {
+ char[] passchars = conf.getPassword(alias);
+ if (passchars != null) {
+ password = new String(passchars);
+ }
+ else {
+ password = defaultPass;
+ }
+ }
+ catch (IOException ioe) {
+ LOG.warn("Exception while trying to password for alias " + alias + ": "
+ + ioe.getMessage());
+ }
+ return password;
+ }
+
String extractPassword(String pwFile) {
if (pwFile.isEmpty()) {
// If there is no password file defined, we'll assume that we should do
Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMapping.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMapping.java?rev=1616056&r1=1616055&r2=1616056&view=diff
==============================================================================
--- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMapping.java (original)
+++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMapping.java Tue Aug 5 23:59:05 2014
@@ -17,6 +17,8 @@
*/
package org.apache.hadoop.security;
+import static org.junit.Assert.assertArrayEquals;
+import static org.junit.Assert.assertEquals;
import static org.mockito.Mockito.*;
import java.io.File;
@@ -38,6 +40,9 @@ import javax.naming.directory.SearchCont
import javax.naming.directory.SearchResult;
import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.security.alias.CredentialProvider;
+import org.apache.hadoop.security.alias.CredentialProviderFactory;
+import org.apache.hadoop.security.alias.JavaKeyStoreProvider;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
@@ -154,4 +159,57 @@ public class TestLdapGroupsMapping {
Assert.assertEquals("hadoop",
mapping.extractPassword(secretFile.getPath()));
}
+
+ @Test
+ public void testConfGetPassword() throws Exception {
+ File testDir = new File(System.getProperty("test.build.data",
+ "target/test-dir"));
+ Configuration conf = new Configuration();
+ final String ourUrl =
+ JavaKeyStoreProvider.SCHEME_NAME + "://file/" + testDir + "/test.jks";
+
+ File file = new File(testDir, "test.jks");
+ file.delete();
+ conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl);
+
+ CredentialProvider provider =
+ CredentialProviderFactory.getProviders(conf).get(0);
+ char[] bindpass = {'b', 'i', 'n', 'd', 'p', 'a', 's', 's'};
+ char[] storepass = {'s', 't', 'o', 'r', 'e', 'p', 'a', 's', 's'};
+
+ // ensure that we get nulls when the key isn't there
+ assertEquals(null, provider.getCredentialEntry(
+ LdapGroupsMapping.BIND_PASSWORD_KEY));
+ assertEquals(null, provider.getCredentialEntry
+ (LdapGroupsMapping.LDAP_KEYSTORE_PASSWORD_KEY));
+
+ // create new aliases
+ try {
+ provider.createCredentialEntry(
+ LdapGroupsMapping.BIND_PASSWORD_KEY, bindpass);
+
+ provider.createCredentialEntry(
+ LdapGroupsMapping.LDAP_KEYSTORE_PASSWORD_KEY, storepass);
+ provider.flush();
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw e;
+ }
+ // make sure we get back the right key
+ assertArrayEquals(bindpass, provider.getCredentialEntry(
+ LdapGroupsMapping.BIND_PASSWORD_KEY).getCredential());
+ assertArrayEquals(storepass, provider.getCredentialEntry(
+ LdapGroupsMapping.LDAP_KEYSTORE_PASSWORD_KEY).getCredential());
+
+ LdapGroupsMapping mapping = new LdapGroupsMapping();
+ Assert.assertEquals("bindpass",
+ mapping.getPassword(conf, LdapGroupsMapping.BIND_PASSWORD_KEY, ""));
+ Assert.assertEquals("storepass",
+ mapping.getPassword(conf, LdapGroupsMapping.LDAP_KEYSTORE_PASSWORD_KEY,
+ ""));
+ // let's make sure that a password that doesn't exist returns an
+ // empty string as currently expected and used to trigger a call to
+ // extract password
+ Assert.assertEquals("", mapping.getPassword(conf,"invalid-alias", ""));
+ }
}