You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by jg...@apache.org on 2010/06/12 00:48:15 UTC
svn commit: r953896 - in /hadoop/common/trunk: ./
src/java/org/apache/hadoop/security/token/delegation/
src/test/core/org/apache/hadoop/security/token/delegation/
Author: jghoman
Date: Fri Jun 11 22:48:15 2010
New Revision: 953896
URL: http://svn.apache.org/viewvc?rev=953896&view=rev
Log:
HADOOP-6620. NPE if renewer is passed as null in getDelegationToken. Contributed by Jitendra Pandey.
Modified:
hadoop/common/trunk/CHANGES.txt
hadoop/common/trunk/src/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenIdentifier.java
hadoop/common/trunk/src/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java
hadoop/common/trunk/src/test/core/org/apache/hadoop/security/token/delegation/TestDelegationToken.java
Modified: hadoop/common/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/CHANGES.txt?rev=953896&r1=953895&r2=953896&view=diff
==============================================================================
--- hadoop/common/trunk/CHANGES.txt (original)
+++ hadoop/common/trunk/CHANGES.txt Fri Jun 11 22:48:15 2010
@@ -81,6 +81,9 @@ Trunk (unreleased changes)
HADOOP-6603. Provide workaround for issue with Kerberos not resolving
cross-realm principal (Kan Zhang and Jitendra Pandey via jghoman)
+ HADOOP-6620. NPE if renewer is passed as null in getDelegationToken.
+ (Jitendra Pandey via jghoman)
+
Release 0.21.0 - Unreleased
INCOMPATIBLE CHANGES
Modified: hadoop/common/trunk/src/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenIdentifier.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/src/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenIdentifier.java?rev=953896&r1=953895&r2=953896&view=diff
==============================================================================
--- hadoop/common/trunk/src/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenIdentifier.java (original)
+++ hadoop/common/trunk/src/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenIdentifier.java Fri Jun 11 22:48:15 2010
@@ -49,8 +49,16 @@ extends TokenIdentifier {
}
public AbstractDelegationTokenIdentifier(Text owner, Text renewer, Text realUser) {
- this.owner = owner;
- this.renewer = renewer;
+ if (owner == null) {
+ this.owner = new Text();
+ } else {
+ this.owner = owner;
+ }
+ if (renewer == null) {
+ this.renewer = new Text();
+ } else {
+ this.renewer = renewer;
+ }
if (realUser == null) {
this.realUser = new Text();
} else {
@@ -170,4 +178,14 @@ extends TokenIdentifier {
WritableUtils.writeVInt(out, sequenceNumber);
WritableUtils.writeVInt(out, masterKeyId);
}
+
+ public String toString() {
+ StringBuilder buffer = new StringBuilder();
+ buffer
+ .append("owner=" + owner + ", renewer=" + renewer + ", realUser="
+ + realUser + ", issueDate=" + issueDate + ", maxDate=" + maxDate
+ + ", sequenceNumber=" + sequenceNumber + ", masterKeyId="
+ + masterKeyId);
+ return buffer.toString();
+ }
}
Modified: hadoop/common/trunk/src/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/src/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java?rev=953896&r1=953895&r2=953896&view=diff
==============================================================================
--- hadoop/common/trunk/src/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java (original)
+++ hadoop/common/trunk/src/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java Fri Jun 11 22:48:15 2010
@@ -178,6 +178,7 @@ extends AbstractDelegationTokenIdentifie
@Override
protected synchronized byte[] createPassword(TokenIdent identifier) {
+ LOG.info("Creating password for identifier: "+identifier);
int sequenceNum;
long now = System.currentTimeMillis();
sequenceNum = ++delegationTokenSequenceNumber;
@@ -220,12 +221,13 @@ extends AbstractDelegationTokenIdentifie
DataInputStream in = new DataInputStream(buf);
TokenIdent id = createIdentifier();
id.readFields(in);
-
+ LOG.info("Token renewal requested for identifier: "+id);
+
if (id.getMaxDate() < now) {
throw new InvalidToken("User " + renewer +
" tried to renew an expired token");
}
- if (id.getRenewer() == null) {
+ if ((id.getRenewer() == null) || ("".equals(id.getRenewer().toString()))) {
throw new AccessControlException("User " + renewer +
" tried to renew a token without " +
"a renewer");
@@ -271,13 +273,16 @@ extends AbstractDelegationTokenIdentifie
DataInputStream in = new DataInputStream(buf);
TokenIdent id = createIdentifier();
id.readFields(in);
+ LOG.info("Token cancelation requested for identifier: "+id);
+
if (id.getUser() == null) {
throw new InvalidToken("Token with no owner");
}
String owner = id.getUser().getUserName();
Text renewer = id.getRenewer();
if (!canceller.equals(owner)
- && (renewer == null || !canceller.equals(renewer.toString()))) {
+ && (renewer == null || "".equals(renewer.toString()) || !canceller
+ .equals(renewer.toString()))) {
throw new AccessControlException(canceller
+ " is not authorized to cancel the token");
}
Modified: hadoop/common/trunk/src/test/core/org/apache/hadoop/security/token/delegation/TestDelegationToken.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/src/test/core/org/apache/hadoop/security/token/delegation/TestDelegationToken.java?rev=953896&r1=953895&r2=953896&view=diff
==============================================================================
--- hadoop/common/trunk/src/test/core/org/apache/hadoop/security/token/delegation/TestDelegationToken.java (original)
+++ hadoop/common/trunk/src/test/core/org/apache/hadoop/security/token/delegation/TestDelegationToken.java Fri Jun 11 22:48:15 2010
@@ -365,4 +365,24 @@ public class TestDelegationToken {
dtSecretManager.stopThreads();
}
}
+
+ @Test
+ public void testDelegationTokenNullRenewer() throws Exception {
+ TestDelegationTokenSecretManager dtSecretManager =
+ new TestDelegationTokenSecretManager(24*60*60*1000,
+ 10*1000,1*1000,3600000);
+ dtSecretManager.startThreads();
+ TestDelegationTokenIdentifier dtId = new TestDelegationTokenIdentifier(new Text(
+ "theuser"), null, null);
+ Token<TestDelegationTokenIdentifier> token = new Token<TestDelegationTokenIdentifier>(
+ dtId, dtSecretManager);
+ Assert.assertTrue(token != null);
+ try {
+ dtSecretManager.renewToken(token, "");
+ Assert.fail("Renewal must not succeed");
+ } catch (IOException e) {
+ //PASS
+ }
+ }
+
}