You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by ll...@apache.org on 2012/12/22 00:29:30 UTC

svn commit: r1425193 - in /hadoop/common/branches/branch-1.1: CHANGES.txt src/c++/task-controller/impl/configuration.c src/c++/task-controller/impl/configuration.h src/c++/task-controller/impl/main.c src/c++/task-controller/test/test-task-controller.c

Author: llu
Date: Fri Dec 21 23:29:30 2012
New Revision: 1425193

URL: http://svn.apache.org/viewvc?rev=1425193&view=rev
Log:
MAPREUDCE-4397. Introduce HADOOP_SECURITY_CONF_DIR for task-controller. (Yu Gao via llu)

Modified:
    hadoop/common/branches/branch-1.1/CHANGES.txt
    hadoop/common/branches/branch-1.1/src/c++/task-controller/impl/configuration.c
    hadoop/common/branches/branch-1.1/src/c++/task-controller/impl/configuration.h
    hadoop/common/branches/branch-1.1/src/c++/task-controller/impl/main.c
    hadoop/common/branches/branch-1.1/src/c++/task-controller/test/test-task-controller.c

Modified: hadoop/common/branches/branch-1.1/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.1/CHANGES.txt?rev=1425193&r1=1425192&r2=1425193&view=diff
==============================================================================
--- hadoop/common/branches/branch-1.1/CHANGES.txt (original)
+++ hadoop/common/branches/branch-1.1/CHANGES.txt Fri Dec 21 23:29:30 2012
@@ -6,6 +6,9 @@ Release 1.1.2 - 2012.12.07
 
   NEW FEATURES
 
+    MAPREUDCE-4397. Introduce HADOOP_SECURITY_CONF_DIR for task-controller.
+    (Yu Gao via llu)
+
     HADOOP-8561. Introduce HADOOP_PROXY_USER for secure impersonation in child
     hadoop client processes. (Yu Gao via llu)
 

Modified: hadoop/common/branches/branch-1.1/src/c++/task-controller/impl/configuration.c
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.1/src/c%2B%2B/task-controller/impl/configuration.c?rev=1425193&r1=1425192&r2=1425193&view=diff
==============================================================================
--- hadoop/common/branches/branch-1.1/src/c++/task-controller/impl/configuration.c (original)
+++ hadoop/common/branches/branch-1.1/src/c++/task-controller/impl/configuration.c Fri Dec 21 23:29:30 2012
@@ -88,6 +88,29 @@ static int is_only_root_writable(const c
 }
 
 /**
+ * Get the full path of the configuration file.
+ * Use $HADOOP_SECURITY_CONF_DIR for the configuration directory, and if
+ * it's not set, use the default value in default_conf_dir.
+ */
+void get_config_path(char* conf_file_path, int size,
+                     char* default_conf_dir,
+                     const char* conf_file_name) {
+  if (conf_file_name == NULL) {
+    fprintf(LOGFILE, "Null configuration filename passed in\n");
+    exit(INVALID_CONFIG_FILE);
+  }
+  char *orig_conf_dir = getenv("HADOOP_SECURITY_CONF_DIR");
+  if (orig_conf_dir == NULL) {
+    if (default_conf_dir == NULL) {
+      fprintf(LOGFILE, "Null default configuration directory passed in\n");
+      exit(INVALID_CONFIG_FILE);
+    }
+    orig_conf_dir = default_conf_dir;
+  }
+  snprintf(conf_file_path, size, "%s/%s", orig_conf_dir, conf_file_name);
+}
+
+/**
  * Ensure that the configuration file and all of the containing directories
  * are only writable by root. Otherwise, an attacker can change the 
  * configuration and potentially cause damage.

Modified: hadoop/common/branches/branch-1.1/src/c++/task-controller/impl/configuration.h
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.1/src/c%2B%2B/task-controller/impl/configuration.h?rev=1425193&r1=1425192&r2=1425193&view=diff
==============================================================================
--- hadoop/common/branches/branch-1.1/src/c++/task-controller/impl/configuration.h (original)
+++ hadoop/common/branches/branch-1.1/src/c++/task-controller/impl/configuration.h Fri Dec 21 23:29:30 2012
@@ -17,6 +17,15 @@
  */
 
 /**
+ * Get the full path of the configuration file.
+ * Use $HADOOP_SECURITY_CONF_DIR for the configuration directory, and if
+ * it's not set, use the default value in default_conf_dir.
+ */
+void get_config_path(char* conf_file_path, int size,
+                     char* default_conf_dir,
+                     const char* conf_file_name);
+
+/**
  * Ensure that the configuration file and all of the containing directories
  * are only writable by root. Otherwise, an attacker can change the 
  * configuration and potentially cause damage.

Modified: hadoop/common/branches/branch-1.1/src/c++/task-controller/impl/main.c
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.1/src/c%2B%2B/task-controller/impl/main.c?rev=1425193&r1=1425192&r2=1425193&view=diff
==============================================================================
--- hadoop/common/branches/branch-1.1/src/c++/task-controller/impl/main.c (original)
+++ hadoop/common/branches/branch-1.1/src/c++/task-controller/impl/main.c Fri Dec 21 23:29:30 2012
@@ -80,7 +80,11 @@ int main(int argc, char **argv) {
   #error HADOOP_CONF_DIR must be defined
 #endif
 
-  char *orig_conf_file = STRINGIFY(HADOOP_CONF_DIR) "/" CONF_FILENAME;
+  char orig_conf_file[PATH_MAX + 1]; // realpath is limitted by PATH_MAX
+  orig_conf_file[PATH_MAX] = 0; // in case of snprintf error
+  get_config_path(orig_conf_file, PATH_MAX + 1,
+                  STRINGIFY(HADOOP_CONF_DIR),
+                  CONF_FILENAME);
   char *conf_file = realpath(orig_conf_file, NULL);
 
   if (conf_file == NULL) {

Modified: hadoop/common/branches/branch-1.1/src/c++/task-controller/test/test-task-controller.c
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.1/src/c%2B%2B/task-controller/test/test-task-controller.c?rev=1425193&r1=1425192&r2=1425193&view=diff
==============================================================================
--- hadoop/common/branches/branch-1.1/src/c++/task-controller/test/test-task-controller.c (original)
+++ hadoop/common/branches/branch-1.1/src/c++/task-controller/test/test-task-controller.c Fri Dec 21 23:29:30 2012
@@ -281,6 +281,27 @@ void test_check_user() {
   }
 }
 
+void test_get_config_path() {
+  printf("\nTesting get_config_path\n");
+  char conf_file_1[PATH_MAX];
+  char conf_file_2[PATH_MAX];
+  get_config_path(conf_file_1, PATH_MAX, TEST_ROOT, "test.cfg");
+  char *conf_dir = getenv("HADOOP_SECURITY_CONF_DIR");
+  if (conf_dir == NULL) {
+    if (strcmp(conf_file_1, TEST_ROOT "/test.cfg") != 0) {
+      printf("FAIL: got wrong configuration file path\n");
+      exit(1);
+    }
+  }
+  else {
+    snprintf(conf_file_2, PATH_MAX, "%s/%s", conf_dir, "test.cfg");
+    if (strcmp(conf_file_1, conf_file_2) != 0) {
+      printf("FAIL: got wrong configuration file path\n");
+      exit(1);
+    }
+  }
+}
+
 void test_check_configuration_permissions() {
   printf("\nTesting check_configuration_permissions\n");
   if (check_configuration_permissions("/etc/passwd") != 0) {
@@ -822,6 +843,8 @@ int main(int argc, char **argv) {
   printf("\nTesting get_job_log_dir()\n");
   test_get_job_log_dir();
 
+  test_get_config_path();
+
   test_check_configuration_permissions();
 
   printf("\nTesting get_task_log_dir()\n");