You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by om...@apache.org on 2011/03/04 04:56:51 UTC
svn commit: r1077255 -
/hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/tools/DFSck.java
Author: omalley
Date: Fri Mar 4 03:56:51 2011
New Revision: 1077255
URL: http://svn.apache.org/viewvc?rev=1077255&view=rev
Log:
commit 1acf5528ae137e8bce097643c0cdc7a8894b4152
Author: Boris Shkolnik <bo...@yahoo-inc.com>
Date: Mon Mar 1 00:27:00 2010 -0800
HDFS:1005 from https://issues.apache.org/jira/secure/attachment/12437435/HDFS-1005-BP20.patch
+++ b/YAHOO-CHANGES.txt
+ HDFS-1005. Fsck security. Makes it workd ofver kerberized SSL(boryas and jhoman)
Modified:
hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/tools/DFSck.java
Modified: hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/tools/DFSck.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/tools/DFSck.java?rev=1077255&r1=1077254&r2=1077255&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/tools/DFSck.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/tools/DFSck.java Fri Mar 4 03:56:51 2011
@@ -24,11 +24,13 @@ import java.io.InputStreamReader;
import java.net.URL;
import java.net.URLConnection;
import java.net.URLEncoder;
+import java.security.PrivilegedExceptionAction;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.conf.Configured;
import org.apache.hadoop.hdfs.server.namenode.NamenodeFsck;
import org.apache.hadoop.net.NetUtils;
+import org.apache.hadoop.security.Krb5AndCertsSslSocketConnector;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.util.Tool;
import org.apache.hadoop.util.ToolRunner;
@@ -75,8 +77,11 @@ public class DFSck extends Configured im
}
private String getInfoServer() throws IOException {
- return NetUtils.getServerAddress(getConf(), "dfs.info.bindAddress",
- "dfs.info.port", "dfs.http.address");
+ // select the right config
+ String http = UserGroupInformation.isSecurityEnabled() ?
+ "dfs.https.address" : "dfs.http.address";
+ return NetUtils.getServerAddress(getConf(), "dfs.info.bindAddress",
+ "dfs.info.port", http);
}
/**
@@ -101,54 +106,70 @@ public class DFSck extends Configured im
/**
* @param args
*/
- public int run(String[] args) throws IOException {
+ public int run(final String[] args) throws IOException {
if (args.length == 0) {
printUsage();
return -1;
}
-
- final StringBuffer url = new StringBuffer("http://");
- url.append(getInfoServer()).append("/fsck?ugi=").append(ugi.getShortUserName()).append("&path=");
-
- String dir = "/";
- // find top-level dir first
- for (int idx = 0; idx < args.length; idx++) {
- if (!args[idx].startsWith("-")) { dir = args[idx]; break; }
- }
- url.append(URLEncoder.encode(dir, "UTF-8"));
- for (int idx = 0; idx < args.length; idx++) {
- if (args[idx].equals("-move")) { url.append("&move=1"); }
- else if (args[idx].equals("-delete")) { url.append("&delete=1"); }
- else if (args[idx].equals("-files")) { url.append("&files=1"); }
- else if (args[idx].equals("-openforwrite")) { url.append("&openforwrite=1"); }
- else if (args[idx].equals("-blocks")) { url.append("&blocks=1"); }
- else if (args[idx].equals("-locations")) { url.append("&locations=1"); }
- else if (args[idx].equals("-racks")) { url.append("&racks=1"); }
- }
- URL path = new URL(url.toString());
- URLConnection connection = path.openConnection();
- InputStream stream = connection.getInputStream();
- BufferedReader input = new BufferedReader(new InputStreamReader(
- stream, "UTF-8"));
- String line = null;
- String lastLine = null;
- int errCode = -1;
+
try {
- while ((line = input.readLine()) != null) {
- System.out.println(line);
- lastLine = line;
- }
- } finally {
- input.close();
- }
- if (lastLine.endsWith(NamenodeFsck.HEALTHY_STATUS)) {
- errCode = 0;
- } else if (lastLine.endsWith(NamenodeFsck.CORRUPT_STATUS)) {
- errCode = 1;
- } else if (lastLine.endsWith(NamenodeFsck.NONEXISTENT_STATUS)) {
- errCode = 0;
+ return UserGroupInformation.getCurrentUser().doAs(new PrivilegedExceptionAction<Integer>() {
+ @Override
+ public Integer run() throws Exception {
+
+ String proto = "http://";
+ if(UserGroupInformation.isSecurityEnabled()) {
+ System.setProperty("https.cipherSuites", Krb5AndCertsSslSocketConnector.KRB5_CIPHER_SUITES[0]);
+ proto = "https://";
+ }
+
+ final StringBuffer url = new StringBuffer(proto);
+ url.append(getInfoServer()).append("/fsck?ugi=").append(ugi.getShortUserName()).append("&path=");
+
+ String dir = "/";
+ // find top-level dir first
+ for (int idx = 0; idx < args.length; idx++) {
+ if (!args[idx].startsWith("-")) { dir = args[idx]; break; }
+ }
+ url.append(URLEncoder.encode(dir, "UTF-8"));
+ for (int idx = 0; idx < args.length; idx++) {
+ if (args[idx].equals("-move")) { url.append("&move=1"); }
+ else if (args[idx].equals("-delete")) { url.append("&delete=1"); }
+ else if (args[idx].equals("-files")) { url.append("&files=1"); }
+ else if (args[idx].equals("-openforwrite")) { url.append("&openforwrite=1"); }
+ else if (args[idx].equals("-blocks")) { url.append("&blocks=1"); }
+ else if (args[idx].equals("-locations")) { url.append("&locations=1"); }
+ else if (args[idx].equals("-racks")) { url.append("&racks=1"); }
+ }
+ URL path = new URL(url.toString());
+ URLConnection connection = path.openConnection();
+ InputStream stream = connection.getInputStream();
+ BufferedReader input = new BufferedReader(new InputStreamReader(
+ stream, "UTF-8"));
+ String line = null;
+ String lastLine = null;
+ int errCode = -1;
+ try {
+ while ((line = input.readLine()) != null) {
+ System.out.println(line);
+ lastLine = line;
+ }
+ } finally {
+ input.close();
+ }
+ if (lastLine.endsWith(NamenodeFsck.HEALTHY_STATUS)) {
+ errCode = 0;
+ } else if (lastLine.endsWith(NamenodeFsck.CORRUPT_STATUS)) {
+ errCode = 1;
+ } else if (lastLine.endsWith(NamenodeFsck.NONEXISTENT_STATUS)) {
+ errCode = 0;
+ }
+ return errCode;
+ }
+ });
+ } catch (InterruptedException e) {
+ throw new IOException(e);
}
- return errCode;
}
static{