You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@accumulo.apache.org by vi...@apache.org on 2012/11/01 22:49:45 UTC
svn commit: r1404782 - in
/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server:
security/ test/randomwalk/ test/randomwalk/security/
Author: vines
Date: Thu Nov 1 21:49:44 2012
New Revision: 1404782
URL: http://svn.apache.org/viewvc?rev=1404782&view=rev
Log:
ACCUMULO-259 - it seems very happy right now
Modified:
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/Module.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/State.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/ChangePass.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/TableOp.java
accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/WalkingSecurity.java
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java?rev=1404782&r1=1404781&r2=1404782&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java Thu Nov 1 21:49:44 2012
@@ -143,7 +143,7 @@ public class SecurityOperation {
private void authenticate(String user, ByteBuffer password, String instance) throws ThriftSecurityException {
if (!instance.equals(HdfsZooInstance.getInstance().getInstanceID()))
- throw new ThriftSecurityException(user + '_' + instance + '_' + HdfsZooInstance.getInstance().getInstanceID(), SecurityErrorCode.INVALID_INSTANCEID);
+ throw new ThriftSecurityException(user, SecurityErrorCode.INVALID_INSTANCEID);
if (user.equals(SecurityConstants.SYSTEM_USERNAME)) {
if (Arrays.equals(SecurityConstants.getSystemCredentials().password.array(), password.array())
@@ -154,7 +154,6 @@ public class SecurityOperation {
}
if (!authenticator.authenticateUser(user, password, instance)) {
- log.debug("It appears that " + user + " password isn't " + new String(password.array()));
throw new ThriftSecurityException(user, SecurityErrorCode.BAD_CREDENTIALS);
}
}
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/Module.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/Module.java?rev=1404782&r1=1404781&r2=1404782&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/Module.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/Module.java Thu Nov 1 21:49:44 2012
@@ -162,7 +162,7 @@ public class Module extends Node {
this.xmlFile = xmlFile;
loadFromXml();
}
-
+
@Override
public void visit(State state, Properties props) throws Exception {
int maxHops, maxSec;
@@ -200,7 +200,7 @@ public class Module extends Node {
initNode.visit(state, getProps(initNodeId));
if (test)
stopTimer(initNode);
-
+
state.visitedNode();
// update aliases
Set<String> aliases;
@@ -256,6 +256,11 @@ public class Module extends Node {
for (Entry<Object,Object> entry : nodeProps.entrySet()) {
log.debug(" " + entry.getKey() + ": " + entry.getValue());
}
+ log.debug("State information: ");
+ for (String key : new TreeSet<String>(state.getMap().keySet())) {
+ Object value = state.getMap().get(key);
+ log.debug(" " + key + ": " + value + ' ' + (value != null && ! (value instanceof String)? ((value.getClass().equals(byte[].class))? new String((byte[]) value):value.getClass() + " - " + value):""));
+ }
throw new Exception("Error running node " + nextNodeId, e);
}
state.visitedNode();
@@ -279,7 +284,7 @@ public class Module extends Node {
final int time = 5 * 1000 * 60;
AtomicBoolean runningLong = new AtomicBoolean(false);
long systemTime;
-
+
/**
*
*/
@@ -321,7 +326,7 @@ public class Module extends Node {
if (runningLong.get())
log.warn("Node " + nextNode + ", which was running long, has now completed after " + (System.currentTimeMillis() - systemTime) / 1000.0 + " seconds");
}
-
+
@Override
public String toString() {
return xmlFile.toString();
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/State.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/State.java?rev=1404782&r1=1404781&r2=1404782&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/State.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/State.java Thu Nov 1 21:49:44 2012
@@ -77,6 +77,10 @@ public class State {
return stateMap.get(key);
}
+ public HashMap<String, Object> getMap() {
+ return stateMap;
+ }
+
public String getString(String key) {
return (String) stateMap.get(key);
}
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/ChangePass.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/ChangePass.java?rev=1404782&r1=1404781&r2=1404782&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/ChangePass.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/ChangePass.java Thu Nov 1 21:49:44 2012
@@ -16,7 +16,6 @@
*/
package org.apache.accumulo.server.test.randomwalk.security;
-import java.math.BigInteger;
import java.util.Properties;
import java.util.Random;
@@ -56,9 +55,8 @@ public class ChangePass extends Test {
Random r = new Random();
byte[] newPass = new byte[r.nextInt(50) + 1];
- r.nextBytes(newPass);
- BigInteger bi = new BigInteger(newPass);
- newPass = bi.toString(36).getBytes();
+ for (int i =0; i < newPass.length; i++)
+ newPass[i] = (byte) ((r.nextInt(26)+65) & 0xFF);
try {
log.debug("Changing password for user " + target + " to " + new String(newPass));
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java?rev=1404782&r1=1404781&r2=1404782&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/SecurityFixture.java Thu Nov 1 21:49:44 2012
@@ -17,6 +17,7 @@
package org.apache.accumulo.server.test.randomwalk.security;
import java.net.InetAddress;
+import java.util.Set;
import org.apache.accumulo.core.client.Connector;
import org.apache.accumulo.core.security.Authorizations;
@@ -34,13 +35,22 @@ public class SecurityFixture extends Fix
String hostname = InetAddress.getLocalHost().getHostName().replaceAll("[-.]", "_");
- systemUserName = String.format("system_%s_%s_%d", hostname, state.getPid(), System.currentTimeMillis());
- tableUserName = String.format("table_%s_%s_%d", hostname, state.getPid(), System.currentTimeMillis());
- secTableName = String.format("security_%s_%s_%d", hostname, state.getPid(), System.currentTimeMillis());
+ systemUserName = String.format("system_%s", hostname);
+ tableUserName = String.format("table_%s", hostname);
+ secTableName = String.format("security_%s", hostname);
+
+ if (conn.tableOperations().exists(secTableName))
+ conn.tableOperations().delete(secTableName);
+ Set<String> users = conn.securityOperations().listUsers();
+ if (users.contains(tableUserName))
+ conn.securityOperations().dropUser(tableUserName);
+ if (users.contains(systemUserName))
+ conn.securityOperations().dropUser(systemUserName);
byte[] sysUserPass = "sysUser".getBytes();
conn.securityOperations().createUser(systemUserName, sysUserPass, new Authorizations());
+ WalkingSecurity.get(state).setTableName(secTableName);
state.set("rootUserPass", state.getAuthInfo().password.array());
WalkingSecurity.get(state).setSysUserName(systemUserName);
@@ -48,7 +58,6 @@ public class SecurityFixture extends Fix
WalkingSecurity.get(state).changePassword(tableUserName, new byte[0]);
- WalkingSecurity.get(state).setTableName(secTableName);
WalkingSecurity.get(state).setTabUserName(tableUserName);
for (TablePermission tp : TablePermission.values()) {
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/TableOp.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/TableOp.java?rev=1404782&r1=1404781&r2=1404782&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/TableOp.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/TableOp.java Thu Nov 1 21:49:44 2012
@@ -54,7 +54,7 @@ public class TableOp extends Test {
@Override
public void visit(State state, Properties props) throws Exception {
Connector conn = state.getInstance().getConnector(WalkingSecurity.get(state).getTabAuthInfo());
-
+
String action = props.getProperty("action", "_random");
TablePermission tp;
if ("_random".equalsIgnoreCase(action)) {
@@ -72,7 +72,7 @@ public class TableOp extends Test {
boolean canRead = WalkingSecurity.get(state).canScan(WalkingSecurity.get(state).getTabAuthInfo(), tableName);
Authorizations auths = WalkingSecurity.get(state).getUserAuthorizations(WalkingSecurity.get(state).getTabAuthInfo());
boolean ambiguousZone = WalkingSecurity.get(state).inAmbiguousZone(conn.whoami(), tp);
-
+
try {
Scanner scan = conn.createScanner(tableName, conn.securityOperations().getUserAuthorizations(conn.whoami()));
int seen = 0;
@@ -118,9 +118,9 @@ public class TableOp extends Test {
break;
}
case WRITE:
- // boolean canWrite = WalkingSecurity.get(state).canWrite(WalkingSecurity.get(state).getTabAuthInfo(), tableName);
+ boolean canWrite = WalkingSecurity.get(state).canWrite(WalkingSecurity.get(state).getTabAuthInfo(), tableName);
boolean ambiguousZone = WalkingSecurity.get(state).inAmbiguousZone(conn.whoami(), tp);
-
+
String key = WalkingSecurity.get(state).getLastKey() + "1";
Mutation m = new Mutation(new Text(key));
for (String s : WalkingSecurity.get(state).getAuthsArray()) {
@@ -140,8 +140,10 @@ public class TableOp extends Test {
writer.close();
} catch (MutationsRejectedException mre) {
// Currently no method for detecting reason for mre. Waiting on ACCUMULO-670
- // For now, just wait a second and go again!
-
+ // For now, just wait a second and go again if they can write!
+ if (!canWrite)
+ return;
+
if (ambiguousZone) {
Thread.sleep(1000);
try {
@@ -195,7 +197,7 @@ public class TableOp extends Test {
WalkingSecurity.get(state).increaseAuthMap(s, 1);
fs.delete(dir, true);
fs.delete(fail, true);
-
+
if (!WalkingSecurity.get(state).canBulkImport(WalkingSecurity.get(state).getTabAuthInfo(), tableName))
throw new AccumuloException("Bulk Import succeeded when it should have failed: " + dir + " table " + tableName);
break;
Modified: accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/WalkingSecurity.java
URL: http://svn.apache.org/viewvc/accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/WalkingSecurity.java?rev=1404782&r1=1404781&r2=1404782&view=diff
==============================================================================
--- accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/WalkingSecurity.java (original)
+++ accumulo/branches/ACCUMULO-259/server/src/main/java/org/apache/accumulo/server/test/randomwalk/security/WalkingSecurity.java Thu Nov 1 21:49:44 2012
@@ -30,6 +30,8 @@ import org.apache.accumulo.core.security
import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.core.security.TablePermission;
import org.apache.accumulo.core.security.thrift.AuthInfo;
+import org.apache.accumulo.core.security.thrift.SecurityErrorCode;
+import org.apache.accumulo.core.security.thrift.ThriftSecurityException;
import org.apache.accumulo.core.util.CachedConfiguration;
import org.apache.accumulo.server.security.SecurityOperation;
import org.apache.accumulo.server.security.handler.Authenticator;
@@ -46,14 +48,14 @@ public class WalkingSecurity extends Sec
State state = null;
protected final static Logger log = Logger.getLogger(WalkingSecurity.class);
- private static final String tableName = "secTableName";
+ private static final String tableName = "SecurityTableName";
private static final String userName = "UserName";
private static final String userPass = "UserPass";
private static final String userExists = "UserExists";
private static final String tableExists = "TableExists";
- private static final String connector = "UserConn";
+ private static final String connector = "UserConnection";
private static final String authsMap = "authorizationsCountMap";
private static final String lastKey = "lastMutationKey";
@@ -137,8 +139,6 @@ public class WalkingSecurity extends Sec
public boolean authenticateUser(String user, ByteBuffer password, String instanceId) {
byte[] pass = (byte[]) state.get(user + userPass);
boolean ret = Arrays.equals(pass, password.array());
- if (!ret)
- log.debug("auTHENTIcAtION IssuE- " + user + " user's password is not " + new String(password.array()) + " to the state, it is " + new String(pass));
return ret;
}
@@ -146,6 +146,7 @@ public class WalkingSecurity extends Sec
public void createUser(String user, byte[] pass) throws AccumuloSecurityException {
state.set(user + userExists, Boolean.toString(true));
changePassword(user, pass);
+ cleanUser(user);
}
@Override
@@ -169,8 +170,7 @@ public class WalkingSecurity extends Sec
@Override
public boolean hasSystemPermission(String user, SystemPermission permission) throws AccumuloSecurityException {
- boolean res = Boolean.parseBoolean(state.getString("Sys" + user + permission.name()));
- log.debug("Sys"+user+permission.name() + " is the key; user " + user + " for " + permission + " is " + res);
+ boolean res = Boolean.parseBoolean(state.getString("Sys-" + user +'-'+ permission.name()));
return res;
}
@@ -181,7 +181,7 @@ public class WalkingSecurity extends Sec
@Override
public boolean hasTablePermission(String user, String table, TablePermission permission) throws AccumuloSecurityException, TableNotFoundException {
- return Boolean.parseBoolean(state.getString("Tab" + table + user + permission.name()));
+ return Boolean.parseBoolean(state.getString("Tab-" + user + '-'+ permission.name()));
}
@Override
@@ -206,15 +206,16 @@ public class WalkingSecurity extends Sec
private static void setSysPerm(State state, String userName, SystemPermission tp, boolean value) {
log.debug((value ? "Gave" : "Took") + " the system permission " + tp.name() + (value ? " to" : " from") + " user " + userName);
- log.debug("Seriously, Sys" + userName+tp.name() + " is being set to " + Boolean.toString(value));
- state.set("Sys" + userName + tp.name(), Boolean.toString(value));
+ state.set("Sys-" + userName +'-'+ tp.name(), Boolean.toString(value));
}
private void setTabPerm(State state, String userName, TablePermission tp, String table, boolean value) {
+ if (table.equals(userName))
+ throw new RuntimeException("This is also fucked up");
log.debug((value ? "Gave" : "Took") + " the table permission " + tp.name() + (value ? " to" : " from") + " user " + userName);
- state.set("Tab" + table + userName + tp.name(), Boolean.toString(value));
+ state.set("Tab-" + userName +'-'+ tp.name(), Boolean.toString(value));
if (tp.equals(TablePermission.READ) || tp.equals(TablePermission.WRITE))
- state.set("Tab" + table + userName + tp.name() + "time", System.currentTimeMillis());
+ state.set("Tab-" + userName +'-'+ tp.name() +'-'+ "time", System.currentTimeMillis());
}
@Override
@@ -226,7 +227,7 @@ public class WalkingSecurity extends Sec
public void cleanTablePermissions(String table) throws AccumuloSecurityException, TableNotFoundException {
for (String user : new String[] {getSysUserName(), getTabUserName()}) {
for (TablePermission tp : TablePermission.values()) {
- revokeTablePermission(user, null, tp);
+ revokeTablePermission(user, table, tp);
}
}
state.set(tableExists, Boolean.toString(false));
@@ -312,7 +313,9 @@ public class WalkingSecurity extends Sec
public boolean inAmbiguousZone(String userName, TablePermission tp) {
if (tp.equals(TablePermission.READ) || tp.equals(TablePermission.WRITE)) {
- Long setTime = state.getLong("Tab" + userName + tp.name() + "time");
+ Long setTime = state.getLong("Tab-" + userName +'-'+ tp.name() +'-'+ "time");
+ if (setTime == null)
+ throw new RuntimeException("WTF? Tab-" + userName +'-'+ tp.name() +'-'+ "time is null");
if (System.currentTimeMillis() < (setTime + 1000))
return true;
}
@@ -354,4 +357,14 @@ public class WalkingSecurity extends Sec
}
return fs;
}
+
+ public boolean canAskAboutUser(AuthInfo credentials, String user) throws ThriftSecurityException {
+ try {
+ return super.canAskAboutUser(credentials, user);
+ } catch (ThriftSecurityException tse) {
+ if (tse.getCode().equals(SecurityErrorCode.PERMISSION_DENIED))
+ return false;
+ throw tse;
+ }
+ }
}