You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by li...@apache.org on 2020/08/04 17:30:22 UTC
[hadoop] branch trunk updated: HADOOP-17164. UGI
loginUserFromKeytab doesn't set the last login time (#2178)
This is an automated email from the ASF dual-hosted git repository.
liuml07 pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/hadoop.git
The following commit(s) were added to refs/heads/trunk by this push:
new 2986058 HADOOP-17164. UGI loginUserFromKeytab doesn't set the last login time (#2178)
2986058 is described below
commit 2986058e7f6fa1b5aab259c64a745b2eedb2febe
Author: sguggilam <sa...@gmail.com>
AuthorDate: Tue Aug 4 10:30:06 2020 -0700
HADOOP-17164. UGI loginUserFromKeytab doesn't set the last login time (#2178)
Contributed by Sandeep Guggilam.
Signed-off-by: Mingliang Liu <li...@apache.org>
Signed-off-by: Steve Loughran <st...@apache.org>
---
.../hadoop/security/UserGroupInformation.java | 9 +++++++
.../hadoop/security/TestUGILoginFromKeytab.java | 29 +++++++++++++++++++++-
2 files changed, 37 insertions(+), 1 deletion(-)
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
index 5269e5a..91b64ad 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
@@ -530,6 +530,14 @@ public class UserGroupInformation {
}
/**
+ * Set the last login time for logged in user
+ * @param loginTime the number of milliseconds since the beginning of time
+ */
+ private void setLastLogin(long loginTime) {
+ user.setLastLogin(loginTime);
+ }
+
+ /**
* Create a UserGroupInformation for the given subject.
* This does not change the subject or acquire new credentials.
*
@@ -1968,6 +1976,7 @@ public class UserGroupInformation {
if (subject == null) {
params.put(LoginParam.PRINCIPAL, ugi.getUserName());
ugi.setLogin(login);
+ ugi.setLastLogin(Time.now());
}
return ugi;
} catch (LoginException le) {
diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUGILoginFromKeytab.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUGILoginFromKeytab.java
index 8ede451..d233234 100644
--- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUGILoginFromKeytab.java
+++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUGILoginFromKeytab.java
@@ -23,6 +23,7 @@ import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.apache.hadoop.minikdc.MiniKdc;
import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
import org.apache.hadoop.test.GenericTestUtils;
+import org.apache.hadoop.util.Time;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
@@ -102,11 +103,34 @@ public class TestUGILoginFromKeytab {
}
/**
+ * Login from keytab using the MiniKDC.
+ */
+ @Test
+ public void testUGILoginFromKeytab() throws Exception {
+ long beforeLogin = Time.now();
+ String principal = "foo";
+ File keytab = new File(workDir, "foo.keytab");
+ kdc.createPrincipal(keytab, principal);
+
+ UserGroupInformation.loginUserFromKeytab(principal, keytab.getPath());
+ UserGroupInformation ugi = UserGroupInformation.getLoginUser();
+ Assert.assertTrue("UGI should be configured to login from keytab",
+ ugi.isFromKeytab());
+
+ User user = getUser(ugi.getSubject());
+ Assert.assertNotNull(user.getLogin());
+
+ Assert.assertTrue("User login time is less than before login time, "
+ + "beforeLoginTime:" + beforeLogin + " userLoginTime:" + user.getLastLogin(),
+ user.getLastLogin() > beforeLogin);
+ }
+
+ /**
* Login from keytab using the MiniKDC and verify the UGI can successfully
* relogin from keytab as well. This will catch regressions like HADOOP-10786.
*/
@Test
- public void testUGILoginFromKeytab() throws Exception {
+ public void testUGIReLoginFromKeytab() throws Exception {
String principal = "foo";
File keytab = new File(workDir, "foo.keytab");
kdc.createPrincipal(keytab, principal);
@@ -122,6 +146,9 @@ public class TestUGILoginFromKeytab {
final LoginContext login1 = user.getLogin();
Assert.assertNotNull(login1);
+ // Sleep for 2 secs to have a difference between first and second login
+ Thread.sleep(2000);
+
ugi.reloginFromKeytab();
final long secondLogin = user.getLastLogin();
final LoginContext login2 = user.getLogin();
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org