You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by om...@apache.org on 2011/03/04 04:56:51 UTC

svn commit: r1077255 - /hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/tools/DFSck.java

Author: omalley
Date: Fri Mar  4 03:56:51 2011
New Revision: 1077255

URL: http://svn.apache.org/viewvc?rev=1077255&view=rev
Log:
commit 1acf5528ae137e8bce097643c0cdc7a8894b4152
Author: Boris Shkolnik <bo...@yahoo-inc.com>
Date:   Mon Mar 1 00:27:00 2010 -0800

    HDFS:1005 from https://issues.apache.org/jira/secure/attachment/12437435/HDFS-1005-BP20.patch
    
    +++ b/YAHOO-CHANGES.txt
    +    HDFS-1005. Fsck security. Makes it workd ofver kerberized SSL(boryas and jhoman)

Modified:
    hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/tools/DFSck.java

Modified: hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/tools/DFSck.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/tools/DFSck.java?rev=1077255&r1=1077254&r2=1077255&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/tools/DFSck.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/tools/DFSck.java Fri Mar  4 03:56:51 2011
@@ -24,11 +24,13 @@ import java.io.InputStreamReader;
 import java.net.URL;
 import java.net.URLConnection;
 import java.net.URLEncoder;
+import java.security.PrivilegedExceptionAction;
 
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.conf.Configured;
 import org.apache.hadoop.hdfs.server.namenode.NamenodeFsck;
 import org.apache.hadoop.net.NetUtils;
+import org.apache.hadoop.security.Krb5AndCertsSslSocketConnector;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.util.Tool;
 import org.apache.hadoop.util.ToolRunner;
@@ -75,8 +77,11 @@ public class DFSck extends Configured im
   }
   
   private String getInfoServer() throws IOException {
-    return NetUtils.getServerAddress(getConf(), "dfs.info.bindAddress", 
-                                     "dfs.info.port", "dfs.http.address");
+    // select the right config
+    String http = UserGroupInformation.isSecurityEnabled() ? 
+        "dfs.https.address" : "dfs.http.address";
+    return NetUtils.getServerAddress(getConf(), "dfs.info.bindAddress",
+        "dfs.info.port", http);
   }
   
   /**
@@ -101,54 +106,70 @@ public class DFSck extends Configured im
   /**
    * @param args
    */
-  public int run(String[] args) throws IOException {
+  public int run(final String[] args) throws IOException {
     if (args.length == 0) {
       printUsage();
       return -1;
     }
-
-    final StringBuffer url = new StringBuffer("http://");
-    url.append(getInfoServer()).append("/fsck?ugi=").append(ugi.getShortUserName()).append("&path=");
-
-    String dir = "/";
-    // find top-level dir first
-    for (int idx = 0; idx < args.length; idx++) {
-      if (!args[idx].startsWith("-")) { dir = args[idx]; break; }
-    }
-    url.append(URLEncoder.encode(dir, "UTF-8"));
-    for (int idx = 0; idx < args.length; idx++) {
-      if (args[idx].equals("-move")) { url.append("&move=1"); }
-      else if (args[idx].equals("-delete")) { url.append("&delete=1"); }
-      else if (args[idx].equals("-files")) { url.append("&files=1"); }
-      else if (args[idx].equals("-openforwrite")) { url.append("&openforwrite=1"); }
-      else if (args[idx].equals("-blocks")) { url.append("&blocks=1"); }
-      else if (args[idx].equals("-locations")) { url.append("&locations=1"); }
-      else if (args[idx].equals("-racks")) { url.append("&racks=1"); }
-    }
-    URL path = new URL(url.toString());
-    URLConnection connection = path.openConnection();
-    InputStream stream = connection.getInputStream();
-    BufferedReader input = new BufferedReader(new InputStreamReader(
-                                              stream, "UTF-8"));
-    String line = null;
-    String lastLine = null;
-    int errCode = -1;
+    
     try {
-      while ((line = input.readLine()) != null) {
-        System.out.println(line);
-        lastLine = line;
-      }
-    } finally {
-      input.close();
-    }
-    if (lastLine.endsWith(NamenodeFsck.HEALTHY_STATUS)) {
-      errCode = 0;
-    } else if (lastLine.endsWith(NamenodeFsck.CORRUPT_STATUS)) {
-      errCode = 1;
-    } else if (lastLine.endsWith(NamenodeFsck.NONEXISTENT_STATUS)) {
-      errCode = 0;
+      return UserGroupInformation.getCurrentUser().doAs(new PrivilegedExceptionAction<Integer>() {      
+        @Override
+        public Integer run() throws Exception {
+
+          String proto = "http://";
+          if(UserGroupInformation.isSecurityEnabled()) { 
+             System.setProperty("https.cipherSuites", Krb5AndCertsSslSocketConnector.KRB5_CIPHER_SUITES[0]);
+             proto = "https://";
+          }
+          
+          final StringBuffer url = new StringBuffer(proto);
+          url.append(getInfoServer()).append("/fsck?ugi=").append(ugi.getShortUserName()).append("&path=");
+
+          String dir = "/";
+          // find top-level dir first
+          for (int idx = 0; idx < args.length; idx++) {
+            if (!args[idx].startsWith("-")) { dir = args[idx]; break; }
+          }
+          url.append(URLEncoder.encode(dir, "UTF-8"));
+          for (int idx = 0; idx < args.length; idx++) {
+            if (args[idx].equals("-move")) { url.append("&move=1"); }
+            else if (args[idx].equals("-delete")) { url.append("&delete=1"); }
+            else if (args[idx].equals("-files")) { url.append("&files=1"); }
+            else if (args[idx].equals("-openforwrite")) { url.append("&openforwrite=1"); }
+            else if (args[idx].equals("-blocks")) { url.append("&blocks=1"); }
+            else if (args[idx].equals("-locations")) { url.append("&locations=1"); }
+            else if (args[idx].equals("-racks")) { url.append("&racks=1"); }
+          }
+          URL path = new URL(url.toString());
+          URLConnection connection = path.openConnection();
+          InputStream stream = connection.getInputStream();
+          BufferedReader input = new BufferedReader(new InputStreamReader(
+              stream, "UTF-8"));
+          String line = null;
+          String lastLine = null;
+          int errCode = -1;
+          try {
+            while ((line = input.readLine()) != null) {
+              System.out.println(line);
+              lastLine = line;
+            }
+          } finally {
+            input.close();
+          }
+          if (lastLine.endsWith(NamenodeFsck.HEALTHY_STATUS)) {
+            errCode = 0;
+          } else if (lastLine.endsWith(NamenodeFsck.CORRUPT_STATUS)) {
+            errCode = 1;
+          } else if (lastLine.endsWith(NamenodeFsck.NONEXISTENT_STATUS)) {
+            errCode = 0;
+          }
+          return errCode;
+        }
+      });
+    } catch (InterruptedException e) {
+      throw new IOException(e);
     }
-    return errCode;
   }
 
   static{