You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by ll...@apache.org on 2012/12/22 00:29:30 UTC
svn commit: r1425193 - in /hadoop/common/branches/branch-1.1: CHANGES.txt
src/c++/task-controller/impl/configuration.c
src/c++/task-controller/impl/configuration.h
src/c++/task-controller/impl/main.c
src/c++/task-controller/test/test-task-controller.c
Author: llu
Date: Fri Dec 21 23:29:30 2012
New Revision: 1425193
URL: http://svn.apache.org/viewvc?rev=1425193&view=rev
Log:
MAPREUDCE-4397. Introduce HADOOP_SECURITY_CONF_DIR for task-controller. (Yu Gao via llu)
Modified:
hadoop/common/branches/branch-1.1/CHANGES.txt
hadoop/common/branches/branch-1.1/src/c++/task-controller/impl/configuration.c
hadoop/common/branches/branch-1.1/src/c++/task-controller/impl/configuration.h
hadoop/common/branches/branch-1.1/src/c++/task-controller/impl/main.c
hadoop/common/branches/branch-1.1/src/c++/task-controller/test/test-task-controller.c
Modified: hadoop/common/branches/branch-1.1/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.1/CHANGES.txt?rev=1425193&r1=1425192&r2=1425193&view=diff
==============================================================================
--- hadoop/common/branches/branch-1.1/CHANGES.txt (original)
+++ hadoop/common/branches/branch-1.1/CHANGES.txt Fri Dec 21 23:29:30 2012
@@ -6,6 +6,9 @@ Release 1.1.2 - 2012.12.07
NEW FEATURES
+ MAPREUDCE-4397. Introduce HADOOP_SECURITY_CONF_DIR for task-controller.
+ (Yu Gao via llu)
+
HADOOP-8561. Introduce HADOOP_PROXY_USER for secure impersonation in child
hadoop client processes. (Yu Gao via llu)
Modified: hadoop/common/branches/branch-1.1/src/c++/task-controller/impl/configuration.c
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.1/src/c%2B%2B/task-controller/impl/configuration.c?rev=1425193&r1=1425192&r2=1425193&view=diff
==============================================================================
--- hadoop/common/branches/branch-1.1/src/c++/task-controller/impl/configuration.c (original)
+++ hadoop/common/branches/branch-1.1/src/c++/task-controller/impl/configuration.c Fri Dec 21 23:29:30 2012
@@ -88,6 +88,29 @@ static int is_only_root_writable(const c
}
/**
+ * Get the full path of the configuration file.
+ * Use $HADOOP_SECURITY_CONF_DIR for the configuration directory, and if
+ * it's not set, use the default value in default_conf_dir.
+ */
+void get_config_path(char* conf_file_path, int size,
+ char* default_conf_dir,
+ const char* conf_file_name) {
+ if (conf_file_name == NULL) {
+ fprintf(LOGFILE, "Null configuration filename passed in\n");
+ exit(INVALID_CONFIG_FILE);
+ }
+ char *orig_conf_dir = getenv("HADOOP_SECURITY_CONF_DIR");
+ if (orig_conf_dir == NULL) {
+ if (default_conf_dir == NULL) {
+ fprintf(LOGFILE, "Null default configuration directory passed in\n");
+ exit(INVALID_CONFIG_FILE);
+ }
+ orig_conf_dir = default_conf_dir;
+ }
+ snprintf(conf_file_path, size, "%s/%s", orig_conf_dir, conf_file_name);
+}
+
+/**
* Ensure that the configuration file and all of the containing directories
* are only writable by root. Otherwise, an attacker can change the
* configuration and potentially cause damage.
Modified: hadoop/common/branches/branch-1.1/src/c++/task-controller/impl/configuration.h
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.1/src/c%2B%2B/task-controller/impl/configuration.h?rev=1425193&r1=1425192&r2=1425193&view=diff
==============================================================================
--- hadoop/common/branches/branch-1.1/src/c++/task-controller/impl/configuration.h (original)
+++ hadoop/common/branches/branch-1.1/src/c++/task-controller/impl/configuration.h Fri Dec 21 23:29:30 2012
@@ -17,6 +17,15 @@
*/
/**
+ * Get the full path of the configuration file.
+ * Use $HADOOP_SECURITY_CONF_DIR for the configuration directory, and if
+ * it's not set, use the default value in default_conf_dir.
+ */
+void get_config_path(char* conf_file_path, int size,
+ char* default_conf_dir,
+ const char* conf_file_name);
+
+/**
* Ensure that the configuration file and all of the containing directories
* are only writable by root. Otherwise, an attacker can change the
* configuration and potentially cause damage.
Modified: hadoop/common/branches/branch-1.1/src/c++/task-controller/impl/main.c
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.1/src/c%2B%2B/task-controller/impl/main.c?rev=1425193&r1=1425192&r2=1425193&view=diff
==============================================================================
--- hadoop/common/branches/branch-1.1/src/c++/task-controller/impl/main.c (original)
+++ hadoop/common/branches/branch-1.1/src/c++/task-controller/impl/main.c Fri Dec 21 23:29:30 2012
@@ -80,7 +80,11 @@ int main(int argc, char **argv) {
#error HADOOP_CONF_DIR must be defined
#endif
- char *orig_conf_file = STRINGIFY(HADOOP_CONF_DIR) "/" CONF_FILENAME;
+ char orig_conf_file[PATH_MAX + 1]; // realpath is limitted by PATH_MAX
+ orig_conf_file[PATH_MAX] = 0; // in case of snprintf error
+ get_config_path(orig_conf_file, PATH_MAX + 1,
+ STRINGIFY(HADOOP_CONF_DIR),
+ CONF_FILENAME);
char *conf_file = realpath(orig_conf_file, NULL);
if (conf_file == NULL) {
Modified: hadoop/common/branches/branch-1.1/src/c++/task-controller/test/test-task-controller.c
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.1/src/c%2B%2B/task-controller/test/test-task-controller.c?rev=1425193&r1=1425192&r2=1425193&view=diff
==============================================================================
--- hadoop/common/branches/branch-1.1/src/c++/task-controller/test/test-task-controller.c (original)
+++ hadoop/common/branches/branch-1.1/src/c++/task-controller/test/test-task-controller.c Fri Dec 21 23:29:30 2012
@@ -281,6 +281,27 @@ void test_check_user() {
}
}
+void test_get_config_path() {
+ printf("\nTesting get_config_path\n");
+ char conf_file_1[PATH_MAX];
+ char conf_file_2[PATH_MAX];
+ get_config_path(conf_file_1, PATH_MAX, TEST_ROOT, "test.cfg");
+ char *conf_dir = getenv("HADOOP_SECURITY_CONF_DIR");
+ if (conf_dir == NULL) {
+ if (strcmp(conf_file_1, TEST_ROOT "/test.cfg") != 0) {
+ printf("FAIL: got wrong configuration file path\n");
+ exit(1);
+ }
+ }
+ else {
+ snprintf(conf_file_2, PATH_MAX, "%s/%s", conf_dir, "test.cfg");
+ if (strcmp(conf_file_1, conf_file_2) != 0) {
+ printf("FAIL: got wrong configuration file path\n");
+ exit(1);
+ }
+ }
+}
+
void test_check_configuration_permissions() {
printf("\nTesting check_configuration_permissions\n");
if (check_configuration_permissions("/etc/passwd") != 0) {
@@ -822,6 +843,8 @@ int main(int argc, char **argv) {
printf("\nTesting get_job_log_dir()\n");
test_get_job_log_dir();
+ test_get_config_path();
+
test_check_configuration_permissions();
printf("\nTesting get_task_log_dir()\n");