You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by el...@apache.org on 2011/04/22 18:21:00 UTC

svn commit: r1095959 - in /hadoop/common/branches/branch-0.22: ./ src/docs/ src/java/ src/java/org/apache/hadoop/io/ src/test/core/ src/test/core/org/apache/hadoop/io/

Author: eli
Date: Fri Apr 22 16:21:00 2011
New Revision: 1095959

URL: http://svn.apache.org/viewvc?rev=1095959&view=rev
Log:
HADOOP-7172. svn merge -c 1095958 from trunk


Modified:
    hadoop/common/branches/branch-0.22/   (props changed)
    hadoop/common/branches/branch-0.22/CHANGES.txt   (contents, props changed)
    hadoop/common/branches/branch-0.22/src/docs/   (props changed)
    hadoop/common/branches/branch-0.22/src/java/   (props changed)
    hadoop/common/branches/branch-0.22/src/java/org/apache/hadoop/io/SecureIOUtils.java
    hadoop/common/branches/branch-0.22/src/test/core/   (props changed)
    hadoop/common/branches/branch-0.22/src/test/core/org/apache/hadoop/io/TestSecureIOUtils.java
    hadoop/common/branches/branch-0.22/src/test/core/org/apache/hadoop/io/TestSequenceFile.java   (props changed)

Propchange: hadoop/common/branches/branch-0.22/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Apr 22 16:21:00 2011
@@ -1,2 +1,2 @@
-/hadoop/common/trunk:1037901,1039952,1040408,1040849,1044490,1050070,1054848,1054853,1054903,1058881,1065858,1070021,1071021,1071084,1080797
+/hadoop/common/trunk:1037901,1039952,1040408,1040849,1044490,1050070,1054848,1054853,1054903,1058881,1065858,1070021,1071021,1071084,1080797,1095958
 /hadoop/core/branches/branch-0.19/core:713112

Modified: hadoop/common/branches/branch-0.22/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.22/CHANGES.txt?rev=1095959&r1=1095958&r2=1095959&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.22/CHANGES.txt (original)
+++ hadoop/common/branches/branch-0.22/CHANGES.txt Fri Apr 22 16:21:00 2011
@@ -441,6 +441,9 @@ Release 0.22.0 - Unreleased
     HADOOP-7229. Do not default to an absolute path for kinit in Kerberos
     auto-renewal thread. (Aaron T. Myers via todd)
 
+    HADOOP-7172. SecureIO should not check owner on non-secure
+    clusters that have no native support. (todd via eli)
+
 Release 0.21.1 - Unreleased
 
   IMPROVEMENTS

Propchange: hadoop/common/branches/branch-0.22/CHANGES.txt
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Apr 22 16:21:00 2011
@@ -1,4 +1,4 @@
-/hadoop/common/trunk/CHANGES.txt:1037901,1039952,1040408,1040849,1044490,1050070,1054848,1054853,1054903,1058881,1065858,1070021,1071021,1071084,1080797
+/hadoop/common/trunk/CHANGES.txt:1037901,1039952,1040408,1040849,1044490,1050070,1054848,1054853,1054903,1058881,1065858,1070021,1071021,1071084,1080797,1095958
 /hadoop/core/branches/branch-0.18/CHANGES.txt:727226
 /hadoop/core/branches/branch-0.19/CHANGES.txt:713112
 /hadoop/core/trunk/CHANGES.txt:776175-785643,785929-786278

Propchange: hadoop/common/branches/branch-0.22/src/docs/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Apr 22 16:21:00 2011
@@ -1,2 +1,2 @@
-/hadoop/common/trunk/src/docs:1037901,1039952,1040408,1040849,1044490,1050070,1054848,1054853,1054903,1058881,1065858,1070021,1071021,1071084,1080797
+/hadoop/common/trunk/src/docs:1037901,1039952,1040408,1040849,1044490,1050070,1054848,1054853,1054903,1058881,1065858,1070021,1071021,1071084,1080797,1095958
 /hadoop/core/branches/branch-0.19/src/docs:713112

Propchange: hadoop/common/branches/branch-0.22/src/java/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Apr 22 16:21:00 2011
@@ -1,3 +1,3 @@
-/hadoop/common/trunk/src/java:1037901,1039952,1040408,1040849,1044490,1050070,1054848,1054853,1054903,1058881,1065858,1070021,1071021,1071084,1080797
+/hadoop/common/trunk/src/java:1037901,1039952,1040408,1040849,1044490,1050070,1054848,1054853,1054903,1058881,1065858,1070021,1071021,1071084,1080797,1095958
 /hadoop/core/branches/branch-0.19/core/src/java:713112
 /hadoop/core/trunk/src/core:776175-785643,785929-786278

Modified: hadoop/common/branches/branch-0.22/src/java/org/apache/hadoop/io/SecureIOUtils.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.22/src/java/org/apache/hadoop/io/SecureIOUtils.java?rev=1095959&r1=1095958&r2=1095959&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.22/src/java/org/apache/hadoop/io/SecureIOUtils.java (original)
+++ hadoop/common/branches/branch-0.22/src/java/org/apache/hadoop/io/SecureIOUtils.java Fri Apr 22 16:21:00 2011
@@ -91,23 +91,32 @@ public class SecureIOUtils {
 
   /**
    * Open the given File for read access, verifying the expected user/group
-   * constraints.
+   * constraints if security is enabled.
+   *
+   * Note that this function provides no additional checks if Hadoop
+   * security is disabled, since doing the checks would be too expensive
+   * when native libraries are not available.
+   *
    * @param f the file that we are trying to open
    * @param expectedOwner the expected user owner for the file
    * @param expectedGroup the expected group owner for the file
-   * @throws IOException if an IO Error occurred, or the user/group does not 
-   * match
+   * @throws IOException if an IO Error occurred, or security is enabled and
+   * the user/group does not match
    */
   public static FileInputStream openForRead(File f, String expectedOwner, 
       String expectedGroup) throws IOException {
-    if (skipSecurity) {
-      // Subject to race conditions but this is the best we can do
-      FileStatus status =
-        rawFilesystem.getFileStatus(new Path(f.getAbsolutePath()));
-      checkStat(f, status.getOwner(), status.getGroup(),
-          expectedOwner, expectedGroup);
+    if (!UserGroupInformation.isSecurityEnabled()) {
       return new FileInputStream(f);
     }
+    return forceSecureOpenForRead(f, expectedOwner, expectedGroup);
+  }
+
+  /**
+   * Same as openForRead() except that it will run even if security is off.
+   * This is used by unit tests.
+   */
+  static FileInputStream forceSecureOpenForRead(File f, String expectedOwner,
+      String expectedGroup) throws IOException {
 
     FileInputStream fis = new FileInputStream(f);
     boolean success = false;

Propchange: hadoop/common/branches/branch-0.22/src/test/core/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Apr 22 16:21:00 2011
@@ -1,3 +1,3 @@
-/hadoop/common/trunk/src/test/core:1037901,1039952,1040408,1040849,1044490,1050070,1054848,1054853,1054903,1058881,1065858,1070021,1071021,1071084,1080797
+/hadoop/common/trunk/src/test/core:1037901,1039952,1040408,1040849,1044490,1050070,1054848,1054853,1054903,1058881,1065858,1070021,1071021,1071084,1080797,1095958
 /hadoop/core/branches/branch-0.19/core/src/test/core:713112
 /hadoop/core/trunk/src/test/core:776175-785643,785929-786278

Modified: hadoop/common/branches/branch-0.22/src/test/core/org/apache/hadoop/io/TestSecureIOUtils.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.22/src/test/core/org/apache/hadoop/io/TestSecureIOUtils.java?rev=1095959&r1=1095958&r2=1095959&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.22/src/test/core/org/apache/hadoop/io/TestSecureIOUtils.java (original)
+++ hadoop/common/branches/branch-0.22/src/test/core/org/apache/hadoop/io/TestSecureIOUtils.java Fri Apr 22 16:21:00 2011
@@ -64,11 +64,20 @@ public class TestSecureIOUtils {
       .openForRead(testFilePath, realOwner, realGroup).close();
   }
 
-  @Test(expected=IOException.class)
+  @Test
   public void testReadIncorrectlyRestrictedWithSecurity() throws IOException {
-    SecureIOUtils
-      .openForRead(testFilePath, "invalidUser", null).close();
-    fail("Didn't throw expection for wrong ownership!");
+    // this will only run if libs are available
+    assumeTrue(NativeIO.isAvailable());
+
+    System.out.println("Running test with native libs...");
+
+    try {
+      SecureIOUtils
+        .forceSecureOpenForRead(testFilePath, "invalidUser", null).close();
+      fail("Didn't throw expection for wrong ownership!");
+    } catch (IOException ioe) {
+      // expected
+    }
   }
 
   @Test

Propchange: hadoop/common/branches/branch-0.22/src/test/core/org/apache/hadoop/io/TestSequenceFile.java
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Apr 22 16:21:00 2011
@@ -1,3 +1,3 @@
-/hadoop/common/trunk/src/test/core/org/apache/hadoop/io/TestSequenceFile.java:1037901,1039952,1040408,1040849,1044490,1050070,1054848,1054853,1054903,1058881,1065858,1070021,1071021,1071084,1080797
+/hadoop/common/trunk/src/test/core/org/apache/hadoop/io/TestSequenceFile.java:1037901,1039952,1040408,1040849,1044490,1050070,1054848,1054853,1054903,1058881,1065858,1070021,1071021,1071084,1080797,1095958
 /hadoop/core/branches/branch-0.19/mapred/src/test/mapred/org/apache/hadoop/io/TestSequenceFile.java:713112
 /hadoop/core/trunk/src/test/mapred/org/apache/hadoop/io/TestSequenceFile.java:776175-785643