You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by su...@apache.org on 2012/10/11 08:38:41 UTC
svn commit: r1396925 - in /hadoop/common/branches/branch-1: ./
src/core/org/apache/hadoop/security/
src/core/org/apache/hadoop/security/authentication/client/
src/core/org/apache/hadoop/security/authentication/util/
src/test/org/apache/hadoop/security/
Author: suresh
Date: Thu Oct 11 06:38:41 2012
New Revision: 1396925
URL: http://svn.apache.org/viewvc?rev=1396925&view=rev
Log:
HADOOP-8878. Uppercase namenode hostname causes hadoop dfs calls with webhdfs filesystem and fsck to fail when security is on. Contributed by Arpit Gupta.
Added:
hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/TestKerberosUtil.java
Modified:
hadoop/common/branches/branch-1/CHANGES.txt
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/SecurityUtil.java
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/util/KerberosUtil.java
Modified: hadoop/common/branches/branch-1/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/CHANGES.txt?rev=1396925&r1=1396924&r2=1396925&view=diff
==============================================================================
--- hadoop/common/branches/branch-1/CHANGES.txt (original)
+++ hadoop/common/branches/branch-1/CHANGES.txt Thu Oct 11 06:38:41 2012
@@ -239,6 +239,10 @@ Release 1.2.0 - unreleased
MAPREDUCE-4706. FairScheduler#dump(): Computing of # running maps and
reduces is commented out. (Karthik Kambatla via tomwhite)
+ HADOOP-8878. Uppercase namenode hostname causes hadoop dfs calls with
+ webhdfs filesystem and fsck to fail when security is on.
+ (Arpit Gupta via suresh)
+
Release 1.1.0 - unreleased
INCOMPATIBLE CHANGES
Modified: hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/SecurityUtil.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/SecurityUtil.java?rev=1396925&r1=1396924&r2=1396925&view=diff
==============================================================================
--- hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/SecurityUtil.java (original)
+++ hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/SecurityUtil.java Thu Oct 11 06:38:41 2012
@@ -258,7 +258,14 @@ public class SecurityUtil {
return components[0] + "/" + fqdn.toLowerCase() + "@" + components[2];
}
- static String getLocalHostName() throws UnknownHostException {
+ /**
+ * Get the fqdn for the current host.
+ *
+ * @return fqdn of the current host.
+ * @throws UnknownHostException
+ * if no IP address for the local host could be found.
+ */
+ public static String getLocalHostName() throws UnknownHostException {
return InetAddress.getLocalHost().getCanonicalHostName();
}
Modified: hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java?rev=1396925&r1=1396924&r2=1396925&view=diff
==============================================================================
--- hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java (original)
+++ hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java Thu Oct 11 06:38:41 2012
@@ -194,7 +194,8 @@ public class KerberosAuthenticator imple
GSSContext gssContext = null;
try {
GSSManager gssManager = GSSManager.getInstance();
- String servicePrincipal = "HTTP/" + KerberosAuthenticator.this.url.getHost();
+ String servicePrincipal = KerberosUtil.getServicePrincipal("HTTP",
+ KerberosAuthenticator.this.url.getHost());
Oid oid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL");
GSSName serviceName = gssManager.createName(servicePrincipal,
oid);
Modified: hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/util/KerberosUtil.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/util/KerberosUtil.java?rev=1396925&r1=1396924&r2=1396925&view=diff
==============================================================================
--- hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/util/KerberosUtil.java (original)
+++ hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/util/KerberosUtil.java Thu Oct 11 06:38:41 2012
@@ -20,7 +20,10 @@ package org.apache.hadoop.security.authe
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
+import java.net.UnknownHostException;
+import java.util.Locale;
+import org.apache.hadoop.security.SecurityUtil;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.Oid;
@@ -65,4 +68,26 @@ public class KerberosUtil {
new Class[0]);
return (String)getDefaultRealmMethod.invoke(kerbConf, new Object[0]);
}
+
+ /**
+ * Create Kerberos principal for a given service and hostname. It converts
+ * hostname to lower case. If hostname is null or "0.0.0.0", it uses
+ * dynamically looked-up fqdn of the current host instead.
+ *
+ * @param service
+ * Service for which you want to generate the principal.
+ * @param hostname
+ * Fully-qualified domain name.
+ * @return Converted Kerberos principal name.
+ * @throws UnknownHostException
+ * If no IP address for the local host could be found.
+ */
+ public static final String getServicePrincipal(String service, String hostname)
+ throws UnknownHostException {
+ String fqdn = hostname;
+ if (null == fqdn || fqdn.equals("") || fqdn.equals("0.0.0.0")) {
+ fqdn = SecurityUtil.getLocalHostName();
+ }
+ return service + "/" + fqdn.toLowerCase(Locale.US);
+ }
}
Added: hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/TestKerberosUtil.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/TestKerberosUtil.java?rev=1396925&view=auto
==============================================================================
--- hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/TestKerberosUtil.java (added)
+++ hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/TestKerberosUtil.java Thu Oct 11 06:38:41 2012
@@ -0,0 +1,58 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership. The ASF
+ * licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.hadoop.security;
+
+import static org.junit.Assert.*;
+
+import java.io.IOException;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.security.authentication.util.KerberosUtil;
+import org.junit.Test;
+
+public class TestKerberosUtil {
+ public static final Log LOG = LogFactory.getLog(TestKerberosUtil.class);
+
+ @Test
+ public void testGetServerPrincipal() throws IOException {
+ String service = "TestKerberosUtil";
+ String localHostname = SecurityUtil.getLocalHostName();
+ String testHost = "FooBar";
+
+ // send null hostname
+ assertEquals("When no hostname is sent",
+ service + "/" + localHostname.toLowerCase(),
+ KerberosUtil.getServicePrincipal(service, null));
+ // send empty hostname
+ assertEquals("When empty hostname is sent",
+ service + "/" + localHostname.toLowerCase(),
+ KerberosUtil.getServicePrincipal(service, ""));
+ // send 0.0.0.0 hostname
+ assertEquals("When 0.0.0.0 hostname is sent",
+ service + "/" + localHostname.toLowerCase(),
+ KerberosUtil.getServicePrincipal(service, "0.0.0.0"));
+ // send uppercase hostname
+ assertEquals("When uppercase hostname is sent",
+ service + "/" + testHost.toLowerCase(),
+ KerberosUtil.getServicePrincipal(service, testHost));
+ // send lowercase hostname
+ assertEquals("When lowercase hostname is sent",
+ service + "/" + testHost.toLowerCase(),
+ KerberosUtil.getServicePrincipal(service, testHost.toLowerCase()));
+ }
+}
\ No newline at end of file