You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by el...@apache.org on 2011/04/22 18:21:00 UTC
svn commit: r1095959 - in /hadoop/common/branches/branch-0.22: ./ src/docs/
src/java/ src/java/org/apache/hadoop/io/ src/test/core/
src/test/core/org/apache/hadoop/io/
Author: eli
Date: Fri Apr 22 16:21:00 2011
New Revision: 1095959
URL: http://svn.apache.org/viewvc?rev=1095959&view=rev
Log:
HADOOP-7172. svn merge -c 1095958 from trunk
Modified:
hadoop/common/branches/branch-0.22/ (props changed)
hadoop/common/branches/branch-0.22/CHANGES.txt (contents, props changed)
hadoop/common/branches/branch-0.22/src/docs/ (props changed)
hadoop/common/branches/branch-0.22/src/java/ (props changed)
hadoop/common/branches/branch-0.22/src/java/org/apache/hadoop/io/SecureIOUtils.java
hadoop/common/branches/branch-0.22/src/test/core/ (props changed)
hadoop/common/branches/branch-0.22/src/test/core/org/apache/hadoop/io/TestSecureIOUtils.java
hadoop/common/branches/branch-0.22/src/test/core/org/apache/hadoop/io/TestSequenceFile.java (props changed)
Propchange: hadoop/common/branches/branch-0.22/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Apr 22 16:21:00 2011
@@ -1,2 +1,2 @@
-/hadoop/common/trunk:1037901,1039952,1040408,1040849,1044490,1050070,1054848,1054853,1054903,1058881,1065858,1070021,1071021,1071084,1080797
+/hadoop/common/trunk:1037901,1039952,1040408,1040849,1044490,1050070,1054848,1054853,1054903,1058881,1065858,1070021,1071021,1071084,1080797,1095958
/hadoop/core/branches/branch-0.19/core:713112
Modified: hadoop/common/branches/branch-0.22/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.22/CHANGES.txt?rev=1095959&r1=1095958&r2=1095959&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.22/CHANGES.txt (original)
+++ hadoop/common/branches/branch-0.22/CHANGES.txt Fri Apr 22 16:21:00 2011
@@ -441,6 +441,9 @@ Release 0.22.0 - Unreleased
HADOOP-7229. Do not default to an absolute path for kinit in Kerberos
auto-renewal thread. (Aaron T. Myers via todd)
+ HADOOP-7172. SecureIO should not check owner on non-secure
+ clusters that have no native support. (todd via eli)
+
Release 0.21.1 - Unreleased
IMPROVEMENTS
Propchange: hadoop/common/branches/branch-0.22/CHANGES.txt
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Apr 22 16:21:00 2011
@@ -1,4 +1,4 @@
-/hadoop/common/trunk/CHANGES.txt:1037901,1039952,1040408,1040849,1044490,1050070,1054848,1054853,1054903,1058881,1065858,1070021,1071021,1071084,1080797
+/hadoop/common/trunk/CHANGES.txt:1037901,1039952,1040408,1040849,1044490,1050070,1054848,1054853,1054903,1058881,1065858,1070021,1071021,1071084,1080797,1095958
/hadoop/core/branches/branch-0.18/CHANGES.txt:727226
/hadoop/core/branches/branch-0.19/CHANGES.txt:713112
/hadoop/core/trunk/CHANGES.txt:776175-785643,785929-786278
Propchange: hadoop/common/branches/branch-0.22/src/docs/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Apr 22 16:21:00 2011
@@ -1,2 +1,2 @@
-/hadoop/common/trunk/src/docs:1037901,1039952,1040408,1040849,1044490,1050070,1054848,1054853,1054903,1058881,1065858,1070021,1071021,1071084,1080797
+/hadoop/common/trunk/src/docs:1037901,1039952,1040408,1040849,1044490,1050070,1054848,1054853,1054903,1058881,1065858,1070021,1071021,1071084,1080797,1095958
/hadoop/core/branches/branch-0.19/src/docs:713112
Propchange: hadoop/common/branches/branch-0.22/src/java/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Apr 22 16:21:00 2011
@@ -1,3 +1,3 @@
-/hadoop/common/trunk/src/java:1037901,1039952,1040408,1040849,1044490,1050070,1054848,1054853,1054903,1058881,1065858,1070021,1071021,1071084,1080797
+/hadoop/common/trunk/src/java:1037901,1039952,1040408,1040849,1044490,1050070,1054848,1054853,1054903,1058881,1065858,1070021,1071021,1071084,1080797,1095958
/hadoop/core/branches/branch-0.19/core/src/java:713112
/hadoop/core/trunk/src/core:776175-785643,785929-786278
Modified: hadoop/common/branches/branch-0.22/src/java/org/apache/hadoop/io/SecureIOUtils.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.22/src/java/org/apache/hadoop/io/SecureIOUtils.java?rev=1095959&r1=1095958&r2=1095959&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.22/src/java/org/apache/hadoop/io/SecureIOUtils.java (original)
+++ hadoop/common/branches/branch-0.22/src/java/org/apache/hadoop/io/SecureIOUtils.java Fri Apr 22 16:21:00 2011
@@ -91,23 +91,32 @@ public class SecureIOUtils {
/**
* Open the given File for read access, verifying the expected user/group
- * constraints.
+ * constraints if security is enabled.
+ *
+ * Note that this function provides no additional checks if Hadoop
+ * security is disabled, since doing the checks would be too expensive
+ * when native libraries are not available.
+ *
* @param f the file that we are trying to open
* @param expectedOwner the expected user owner for the file
* @param expectedGroup the expected group owner for the file
- * @throws IOException if an IO Error occurred, or the user/group does not
- * match
+ * @throws IOException if an IO Error occurred, or security is enabled and
+ * the user/group does not match
*/
public static FileInputStream openForRead(File f, String expectedOwner,
String expectedGroup) throws IOException {
- if (skipSecurity) {
- // Subject to race conditions but this is the best we can do
- FileStatus status =
- rawFilesystem.getFileStatus(new Path(f.getAbsolutePath()));
- checkStat(f, status.getOwner(), status.getGroup(),
- expectedOwner, expectedGroup);
+ if (!UserGroupInformation.isSecurityEnabled()) {
return new FileInputStream(f);
}
+ return forceSecureOpenForRead(f, expectedOwner, expectedGroup);
+ }
+
+ /**
+ * Same as openForRead() except that it will run even if security is off.
+ * This is used by unit tests.
+ */
+ static FileInputStream forceSecureOpenForRead(File f, String expectedOwner,
+ String expectedGroup) throws IOException {
FileInputStream fis = new FileInputStream(f);
boolean success = false;
Propchange: hadoop/common/branches/branch-0.22/src/test/core/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Apr 22 16:21:00 2011
@@ -1,3 +1,3 @@
-/hadoop/common/trunk/src/test/core:1037901,1039952,1040408,1040849,1044490,1050070,1054848,1054853,1054903,1058881,1065858,1070021,1071021,1071084,1080797
+/hadoop/common/trunk/src/test/core:1037901,1039952,1040408,1040849,1044490,1050070,1054848,1054853,1054903,1058881,1065858,1070021,1071021,1071084,1080797,1095958
/hadoop/core/branches/branch-0.19/core/src/test/core:713112
/hadoop/core/trunk/src/test/core:776175-785643,785929-786278
Modified: hadoop/common/branches/branch-0.22/src/test/core/org/apache/hadoop/io/TestSecureIOUtils.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.22/src/test/core/org/apache/hadoop/io/TestSecureIOUtils.java?rev=1095959&r1=1095958&r2=1095959&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.22/src/test/core/org/apache/hadoop/io/TestSecureIOUtils.java (original)
+++ hadoop/common/branches/branch-0.22/src/test/core/org/apache/hadoop/io/TestSecureIOUtils.java Fri Apr 22 16:21:00 2011
@@ -64,11 +64,20 @@ public class TestSecureIOUtils {
.openForRead(testFilePath, realOwner, realGroup).close();
}
- @Test(expected=IOException.class)
+ @Test
public void testReadIncorrectlyRestrictedWithSecurity() throws IOException {
- SecureIOUtils
- .openForRead(testFilePath, "invalidUser", null).close();
- fail("Didn't throw expection for wrong ownership!");
+ // this will only run if libs are available
+ assumeTrue(NativeIO.isAvailable());
+
+ System.out.println("Running test with native libs...");
+
+ try {
+ SecureIOUtils
+ .forceSecureOpenForRead(testFilePath, "invalidUser", null).close();
+ fail("Didn't throw expection for wrong ownership!");
+ } catch (IOException ioe) {
+ // expected
+ }
}
@Test
Propchange: hadoop/common/branches/branch-0.22/src/test/core/org/apache/hadoop/io/TestSequenceFile.java
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Apr 22 16:21:00 2011
@@ -1,3 +1,3 @@
-/hadoop/common/trunk/src/test/core/org/apache/hadoop/io/TestSequenceFile.java:1037901,1039952,1040408,1040849,1044490,1050070,1054848,1054853,1054903,1058881,1065858,1070021,1071021,1071084,1080797
+/hadoop/common/trunk/src/test/core/org/apache/hadoop/io/TestSequenceFile.java:1037901,1039952,1040408,1040849,1044490,1050070,1054848,1054853,1054903,1058881,1065858,1070021,1071021,1071084,1080797,1095958
/hadoop/core/branches/branch-0.19/mapred/src/test/mapred/org/apache/hadoop/io/TestSequenceFile.java:713112
/hadoop/core/trunk/src/test/mapred/org/apache/hadoop/io/TestSequenceFile.java:776175-785643