You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by om...@apache.org on 2011/03/04 04:39:47 UTC
svn commit: r1077093 - in
/hadoop/common/branches/branch-0.20-security-patches/src:
core/org/apache/hadoop/security/ hdfs/ hdfs/org/apache/hadoop/hdfs/
hdfs/org/apache/hadoop/hdfs/protocol/ hdfs/org/apache/hadoop/hdfs/security/
hdfs/org/apache/hadoop/h...
Author: omalley
Date: Fri Mar 4 03:39:46 2011
New Revision: 1077093
URL: http://svn.apache.org/viewvc?rev=1077093&view=rev
Log:
commit 862b8fcb187a1d204644fc3a45cf9b2edfe31863
Author: Jitendra Nath Pandey <ji...@yahoo-inc.com>
Date: Fri Dec 25 13:56:07 2009 -0800
HDFS-764 and HADOOP-6367 from https://issues.apache.org/jira/secure/attachment/12428959/HADOOP-6367_HDFS-764-0_20.1.patch
Combined patch for two jiras.
+++ b/YAHOO-CHANGES.txt
+ HADOOP-6367, HDFS-764. Moving Access Token implementation from Common to
+ HDFS. These two jiras must be committed together otherwise build will
+ fail. (Jitendra Nath Pandey)
+
Added:
hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/security/
hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/security/AccessTokenHandler.java
hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/security/BlockAccessKey.java
hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/security/BlockAccessToken.java
hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/security/ExportedAccessKeys.java
hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/security/InvalidAccessTokenException.java
hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/security/
hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/security/SecurityTestUtil.java
hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/security/TestAccessToken.java
Removed:
hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/AccessKey.java
hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/AccessToken.java
hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/AccessTokenHandler.java
hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/ExportedAccessKeys.java
hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/InvalidAccessTokenException.java
hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/security/SecurityTestUtil.java
hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/security/TestAccessToken.java
Modified:
hadoop/common/branches/branch-0.20-security-patches/src/hdfs/hdfs-default.xml
hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/DFSClient.java
hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/protocol/LocatedBlock.java
hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/balancer/Balancer.java
hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/datanode/DataNode.java
hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/datanode/DataXceiver.java
hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/JspHelper.java
hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNode.java
hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/protocol/DatanodeRegistration.java
hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/protocol/KeyUpdateCommand.java
hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/protocol/NamenodeProtocol.java
hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/DFSTestUtil.java
hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/TestDataTransferProtocol.java
hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/server/datanode/TestBlockReplacement.java
hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/server/datanode/TestDiskError.java
hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/server/namenode/TestAccessTokenWithDFS.java
hadoop/common/branches/branch-0.20-security-patches/src/webapps/datanode/browseBlock.jsp
hadoop/common/branches/branch-0.20-security-patches/src/webapps/datanode/tail.jsp
Modified: hadoop/common/branches/branch-0.20-security-patches/src/hdfs/hdfs-default.xml
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/hdfs/hdfs-default.xml?rev=1077093&r1=1077092&r2=1077093&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/hdfs/hdfs-default.xml (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/hdfs/hdfs-default.xml Fri Mar 4 03:39:46 2011
@@ -190,7 +190,7 @@ creations/deletions), or "all".</descrip
</property>
<property>
- <name>dfs.access.token.enable</name>
+ <name>dfs.block.access.token.enable</name>
<value>false</value>
<description>
If "true", access tokens are used as capabilities for accessing datanodes.
@@ -199,7 +199,7 @@ creations/deletions), or "all".</descrip
</property>
<property>
- <name>dfs.access.key.update.interval</name>
+ <name>dfs.block.access.key.update.interval</name>
<value>600</value>
<description>
Interval in minutes at which namenode updates its access keys.
@@ -207,11 +207,12 @@ creations/deletions), or "all".</descrip
</property>
<property>
- <name>dfs.access.token.lifetime</name>
+ <name>dfs.block.access.token.lifetime</name>
<value>600</value>
<description>The lifetime of access tokens in minutes.</description>
</property>
+
<property>
<name>dfs.data.dir</name>
<value>${hadoop.tmp.dir}/dfs/data</value>
Modified: hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/DFSClient.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/DFSClient.java?rev=1077093&r1=1077092&r2=1077093&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/DFSClient.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/DFSClient.java Fri Mar 4 03:39:46 2011
@@ -29,14 +29,14 @@ import org.apache.hadoop.net.NodeBase;
import org.apache.hadoop.conf.*;
import org.apache.hadoop.hdfs.DistributedFileSystem.DiskStatus;
import org.apache.hadoop.hdfs.protocol.*;
+import org.apache.hadoop.hdfs.security.BlockAccessToken;
+import org.apache.hadoop.hdfs.security.InvalidAccessTokenException;
import org.apache.hadoop.hdfs.server.common.HdfsConstants;
import org.apache.hadoop.hdfs.server.common.UpgradeStatusReport;
import org.apache.hadoop.hdfs.server.datanode.DataNode;
import org.apache.hadoop.hdfs.server.namenode.NameNode;
import org.apache.hadoop.hdfs.server.namenode.NotReplicatedYetException;
-import org.apache.hadoop.security.InvalidAccessTokenException;
import org.apache.hadoop.security.AccessControlException;
-import org.apache.hadoop.security.AccessToken;
import org.apache.hadoop.security.UnixUserGroupInformation;
import org.apache.hadoop.util.*;
@@ -1350,7 +1350,7 @@ public class DFSClient implements FSCons
checksumSize = this.checksum.getChecksumSize();
}
- public static BlockReader newBlockReader(Socket sock, String file, long blockId, AccessToken accessToken,
+ public static BlockReader newBlockReader(Socket sock, String file, long blockId, BlockAccessToken accessToken,
long genStamp, long startOffset, long len, int bufferSize) throws IOException {
return newBlockReader(sock, file, blockId, accessToken, genStamp, startOffset, len, bufferSize,
true);
@@ -1358,7 +1358,7 @@ public class DFSClient implements FSCons
/** Java Doc required */
public static BlockReader newBlockReader( Socket sock, String file, long blockId,
- AccessToken accessToken,
+ BlockAccessToken accessToken,
long genStamp,
long startOffset, long len,
int bufferSize, boolean verifyChecksum)
@@ -1369,7 +1369,7 @@ public class DFSClient implements FSCons
public static BlockReader newBlockReader( Socket sock, String file,
long blockId,
- AccessToken accessToken,
+ BlockAccessToken accessToken,
long genStamp,
long startOffset, long len,
int bufferSize, boolean verifyChecksum,
@@ -1679,7 +1679,7 @@ public class DFSClient implements FSCons
NetUtils.connect(s, targetAddr, socketTimeout);
s.setSoTimeout(socketTimeout);
Block blk = targetBlock.getBlock();
- AccessToken accessToken = targetBlock.getAccessToken();
+ BlockAccessToken accessToken = targetBlock.getAccessToken();
blockReader = BlockReader.newBlockReader(s, src, blk.getBlockId(),
accessToken,
@@ -1905,7 +1905,7 @@ public class DFSClient implements FSCons
dn = socketFactory.createSocket();
NetUtils.connect(dn, targetAddr, socketTimeout);
dn.setSoTimeout(socketTimeout);
- AccessToken accessToken = block.getAccessToken();
+ BlockAccessToken accessToken = block.getAccessToken();
int len = (int) (end - start + 1);
@@ -2170,7 +2170,7 @@ public class DFSClient implements FSCons
private DataOutputStream blockStream;
private DataInputStream blockReplyStream;
private Block block;
- private AccessToken accessToken;
+ private BlockAccessToken accessToken;
final private long blockSize;
private DataChecksum checksum;
private LinkedList<Packet> dataQueue = new LinkedList<Packet>();
@@ -2196,7 +2196,7 @@ public class DFSClient implements FSCons
private volatile boolean appendChunk = false; // appending to existing partial block
private long initialFileSize = 0; // at time of file open
- AccessToken getAccessToken() {
+ BlockAccessToken getAccessToken() {
return accessToken;
}
Modified: hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/protocol/LocatedBlock.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/protocol/LocatedBlock.java?rev=1077093&r1=1077092&r2=1077093&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/protocol/LocatedBlock.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/protocol/LocatedBlock.java Fri Mar 4 03:39:46 2011
@@ -17,8 +17,8 @@
*/
package org.apache.hadoop.hdfs.protocol;
+import org.apache.hadoop.hdfs.security.BlockAccessToken;
import org.apache.hadoop.io.*;
-import org.apache.hadoop.security.AccessToken;
import java.io.*;
@@ -44,7 +44,7 @@ public class LocatedBlock implements Wri
// else false. If block has few corrupt replicas, they are filtered and
// their locations are not part of this object
private boolean corrupt;
- private AccessToken accessToken = new AccessToken();
+ private BlockAccessToken accessToken = new BlockAccessToken();
/**
*/
@@ -78,11 +78,11 @@ public class LocatedBlock implements Wri
}
}
- public AccessToken getAccessToken() {
+ public BlockAccessToken getAccessToken() {
return accessToken;
}
- public void setAccessToken(AccessToken token) {
+ public void setAccessToken(BlockAccessToken token) {
this.accessToken = token;
}
Added: hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/security/AccessTokenHandler.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/security/AccessTokenHandler.java?rev=1077093&view=auto
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/security/AccessTokenHandler.java (added)
+++ hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/security/AccessTokenHandler.java Fri Mar 4 03:39:46 2011
@@ -0,0 +1,311 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.hdfs.security;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.DataInputStream;
+import java.io.DataOutputStream;
+import java.io.IOException;
+import java.security.NoSuchAlgorithmException;
+import java.security.GeneralSecurityException;
+import java.security.SecureRandom;
+import java.util.EnumSet;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+
+import javax.crypto.KeyGenerator;
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.io.Text;
+import org.apache.hadoop.io.WritableUtils;
+import org.apache.hadoop.security.UserGroupInformation;
+
+/**
+ * AccessTokenHandler can be instantiated in 2 modes, master mode and slave
+ * mode. Master can generate new access keys and export access keys to slaves,
+ * while slaves can only import and use access keys received from master. Both
+ * master and slave can generate and verify access tokens. Typically, master
+ * mode is used by NN and slave mode is used by DN.
+ */
+public class AccessTokenHandler {
+ private static final Log LOG = LogFactory.getLog(AccessTokenHandler.class);
+ public static final String STRING_ENABLE_ACCESS_TOKEN =
+ "dfs.block.access.token.enable";
+ public static final String STRING_ACCESS_KEY_UPDATE_INTERVAL =
+ "dfs.block.access.key.update.interval";
+ public static final String STRING_ACCESS_TOKEN_LIFETIME =
+ "dfs.block.access.token.lifetime";
+
+ private final boolean isMaster;
+ /*
+ * keyUpdateInterval is the interval that NN updates its access keys. It
+ * should be set long enough so that all live DN's and Balancer should have
+ * sync'ed their access keys with NN at least once during each interval.
+ */
+ private final long keyUpdateInterval;
+ private long tokenLifetime;
+ private long serialNo = new SecureRandom().nextLong();
+ private KeyGenerator keyGen;
+ private BlockAccessKey currentKey;
+ private BlockAccessKey nextKey;
+ private Map<Long, BlockAccessKey> allKeys;
+
+ public static enum AccessMode {
+ READ, WRITE, COPY, REPLACE
+ };
+
+ /**
+ * Constructor
+ *
+ * @param isMaster
+ * @param keyUpdateInterval
+ * @param tokenLifetime
+ * @throws IOException
+ */
+ public AccessTokenHandler(boolean isMaster, long keyUpdateInterval,
+ long tokenLifetime) throws IOException {
+ this.isMaster = isMaster;
+ this.keyUpdateInterval = keyUpdateInterval;
+ this.tokenLifetime = tokenLifetime;
+ this.allKeys = new HashMap<Long, BlockAccessKey>();
+ if (isMaster) {
+ try {
+ generateKeys();
+ initMac(currentKey);
+ } catch (GeneralSecurityException e) {
+ throw (IOException) new IOException(
+ "Failed to create AccessTokenHandler").initCause(e);
+ }
+ }
+ }
+
+ /** Initialize access keys */
+ private synchronized void generateKeys() throws NoSuchAlgorithmException {
+ keyGen = KeyGenerator.getInstance("HmacSHA1");
+ /*
+ * Need to set estimated expiry dates for currentKey and nextKey so that if
+ * NN crashes, DN can still expire those keys. NN will stop using the newly
+ * generated currentKey after the first keyUpdateInterval, however it may
+ * still be used by DN and Balancer to generate new tokens before they get a
+ * chance to sync their keys with NN. Since we require keyUpdInterval to be
+ * long enough so that all live DN's and Balancer will sync their keys with
+ * NN at least once during the period, the estimated expiry date for
+ * currentKey is set to now() + 2 * keyUpdateInterval + tokenLifetime.
+ * Similarly, the estimated expiry date for nextKey is one keyUpdateInterval
+ * more.
+ */
+ serialNo++;
+ currentKey = new BlockAccessKey(serialNo, new Text(keyGen.generateKey()
+ .getEncoded()), System.currentTimeMillis() + 2 * keyUpdateInterval
+ + tokenLifetime);
+ serialNo++;
+ nextKey = new BlockAccessKey(serialNo, new Text(keyGen.generateKey()
+ .getEncoded()), System.currentTimeMillis() + 3 * keyUpdateInterval
+ + tokenLifetime);
+ allKeys.put(currentKey.getKeyID(), currentKey);
+ allKeys.put(nextKey.getKeyID(), nextKey);
+ }
+
+ /** Initialize Mac function */
+ private synchronized void initMac(BlockAccessKey key) throws IOException {
+ try {
+ Mac mac = Mac.getInstance("HmacSHA1");
+ mac.init(new SecretKeySpec(key.getKey().getBytes(), "HmacSHA1"));
+ key.setMac(mac);
+ } catch (GeneralSecurityException e) {
+ throw (IOException) new IOException(
+ "Failed to initialize Mac for access key, keyID=" + key.getKeyID())
+ .initCause(e);
+ }
+ }
+
+ /** Export access keys, only to be used in master mode */
+ public synchronized ExportedAccessKeys exportKeys() {
+ if (!isMaster)
+ return null;
+ if (LOG.isDebugEnabled())
+ LOG.debug("Exporting access keys");
+ return new ExportedAccessKeys(true, keyUpdateInterval, tokenLifetime,
+ currentKey, allKeys.values().toArray(new BlockAccessKey[0]));
+ }
+
+ private synchronized void removeExpiredKeys() {
+ long now = System.currentTimeMillis();
+ for (Iterator<Map.Entry<Long, BlockAccessKey>> it = allKeys.entrySet()
+ .iterator(); it.hasNext();) {
+ Map.Entry<Long, BlockAccessKey> e = it.next();
+ if (e.getValue().getExpiryDate() < now) {
+ it.remove();
+ }
+ }
+ }
+
+ /**
+ * Set access keys, only to be used in slave mode
+ */
+ public synchronized void setKeys(ExportedAccessKeys exportedKeys)
+ throws IOException {
+ if (isMaster || exportedKeys == null)
+ return;
+ LOG.info("Setting access keys");
+ removeExpiredKeys();
+ this.currentKey = exportedKeys.getCurrentKey();
+ initMac(currentKey);
+ BlockAccessKey[] receivedKeys = exportedKeys.getAllKeys();
+ for (int i = 0; i < receivedKeys.length; i++) {
+ if (receivedKeys[i] == null)
+ continue;
+ this.allKeys.put(receivedKeys[i].getKeyID(), receivedKeys[i]);
+ }
+ }
+
+ /**
+ * Update access keys, only to be used in master mode
+ */
+ public synchronized void updateKeys() throws IOException {
+ if (!isMaster)
+ return;
+ LOG.info("Updating access keys");
+ removeExpiredKeys();
+ // set final expiry date of retiring currentKey
+ allKeys.put(currentKey.getKeyID(), new BlockAccessKey(currentKey.getKeyID(),
+ currentKey.getKey(), System.currentTimeMillis() + keyUpdateInterval
+ + tokenLifetime));
+ // update the estimated expiry date of new currentKey
+ currentKey = new BlockAccessKey(nextKey.getKeyID(), nextKey.getKey(), System
+ .currentTimeMillis()
+ + 2 * keyUpdateInterval + tokenLifetime);
+ initMac(currentKey);
+ allKeys.put(currentKey.getKeyID(), currentKey);
+ // generate a new nextKey
+ serialNo++;
+ nextKey = new BlockAccessKey(serialNo, new Text(keyGen.generateKey()
+ .getEncoded()), System.currentTimeMillis() + 3 * keyUpdateInterval
+ + tokenLifetime);
+ allKeys.put(nextKey.getKeyID(), nextKey);
+ }
+
+ /** Check if token is well formed */
+ private synchronized boolean verifyToken(long keyID, BlockAccessToken token)
+ throws IOException {
+ BlockAccessKey key = allKeys.get(keyID);
+ if (key == null) {
+ LOG.warn("Access key for keyID=" + keyID + " doesn't exist.");
+ return false;
+ }
+ if (key.getMac() == null) {
+ initMac(key);
+ }
+ Text tokenID = token.getTokenID();
+ Text authenticator = new Text(key.getMac().doFinal(tokenID.getBytes()));
+ return authenticator.equals(token.getTokenAuthenticator());
+ }
+
+ /** Generate an access token for current user */
+ public BlockAccessToken generateToken(long blockID, EnumSet<AccessMode> modes)
+ throws IOException {
+ UserGroupInformation ugi = UserGroupInformation.getCurrentUGI();
+ String userID = (ugi == null ? null : ugi.getUserName());
+ return generateToken(userID, blockID, modes);
+ }
+
+ /** Generate an access token for a specified user */
+ public synchronized BlockAccessToken generateToken(String userID, long blockID,
+ EnumSet<AccessMode> modes) throws IOException {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Generating access token for user=" + userID + ", blockID="
+ + blockID + ", access modes=" + modes + ", keyID="
+ + currentKey.getKeyID());
+ }
+ if (modes == null || modes.isEmpty())
+ throw new IOException("access modes can't be null or empty");
+ ByteArrayOutputStream buf = new ByteArrayOutputStream(4096);
+ DataOutputStream out = new DataOutputStream(buf);
+ WritableUtils.writeVLong(out, System.currentTimeMillis() + tokenLifetime);
+ WritableUtils.writeVLong(out, currentKey.getKeyID());
+ WritableUtils.writeString(out, userID);
+ WritableUtils.writeVLong(out, blockID);
+ WritableUtils.writeVInt(out, modes.size());
+ for (AccessMode aMode : modes) {
+ WritableUtils.writeEnum(out, aMode);
+ }
+ Text tokenID = new Text(buf.toByteArray());
+ return new BlockAccessToken(tokenID, new Text(currentKey.getMac().doFinal(
+ tokenID.getBytes())));
+ }
+
+ /** Check if access should be allowed. userID is not checked if null */
+ public boolean checkAccess(BlockAccessToken token, String userID, long blockID,
+ AccessMode mode) throws IOException {
+ long oExpiry = 0;
+ long oKeyID = 0;
+ String oUserID = null;
+ long oBlockID = 0;
+ EnumSet<AccessMode> oModes = EnumSet.noneOf(AccessMode.class);
+
+ try {
+ ByteArrayInputStream buf = new ByteArrayInputStream(token.getTokenID()
+ .getBytes());
+ DataInputStream in = new DataInputStream(buf);
+ oExpiry = WritableUtils.readVLong(in);
+ oKeyID = WritableUtils.readVLong(in);
+ oUserID = WritableUtils.readString(in);
+ oBlockID = WritableUtils.readVLong(in);
+ int length = WritableUtils.readVInt(in);
+ for (int i = 0; i < length; ++i) {
+ oModes.add(WritableUtils.readEnum(in, AccessMode.class));
+ }
+ } catch (IOException e) {
+ throw (IOException) new IOException(
+ "Unable to parse access token for user=" + userID + ", blockID="
+ + blockID + ", access mode=" + mode).initCause(e);
+ }
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Verifying access token for user=" + userID + ", blockID="
+ + blockID + ", access mode=" + mode + ", keyID=" + oKeyID);
+ }
+ return (userID == null || userID.equals(oUserID)) && oBlockID == blockID
+ && !isExpired(oExpiry) && oModes.contains(mode)
+ && verifyToken(oKeyID, token);
+ }
+
+ private static boolean isExpired(long expiryDate) {
+ return System.currentTimeMillis() > expiryDate;
+ }
+
+ /** check if a token is expired. for unit test only.
+ * return true when token is expired, false otherwise */
+ static boolean isTokenExpired(BlockAccessToken token) throws IOException {
+ ByteArrayInputStream buf = new ByteArrayInputStream(token.getTokenID()
+ .getBytes());
+ DataInputStream in = new DataInputStream(buf);
+ long expiryDate = WritableUtils.readVLong(in);
+ return isExpired(expiryDate);
+ }
+
+ /** set token lifetime. for unit test only */
+ synchronized void setTokenLifetime(long tokenLifetime) {
+ this.tokenLifetime = tokenLifetime;
+ }
+}
Added: hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/security/BlockAccessKey.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/security/BlockAccessKey.java?rev=1077093&view=auto
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/security/BlockAccessKey.java (added)
+++ hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/security/BlockAccessKey.java Fri Mar 4 03:39:46 2011
@@ -0,0 +1,110 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.hdfs.security;
+
+import java.io.DataInput;
+import java.io.DataOutput;
+import java.io.IOException;
+
+import javax.crypto.Mac;
+
+import org.apache.hadoop.io.Text;
+import org.apache.hadoop.io.Writable;
+import org.apache.hadoop.io.WritableUtils;
+
+/**
+ * Key used for generating and verifying access tokens
+ */
+public class BlockAccessKey implements Writable {
+ private long keyID;
+ private Text key;
+ private long expiryDate;
+ private Mac mac;
+
+ public BlockAccessKey() {
+ this(0L, new Text(), 0L);
+ }
+
+ public BlockAccessKey(long keyID, Text key, long expiryDate) {
+ this.keyID = keyID;
+ this.key = key;
+ this.expiryDate = expiryDate;
+ }
+
+ public long getKeyID() {
+ return keyID;
+ }
+
+ public Text getKey() {
+ return key;
+ }
+
+ public long getExpiryDate() {
+ return expiryDate;
+ }
+
+ public Mac getMac() {
+ return mac;
+ }
+
+ public void setMac(Mac mac) {
+ this.mac = mac;
+ }
+
+ static boolean isEqual(Object a, Object b) {
+ return a == null ? b == null : a.equals(b);
+ }
+
+ /** {@inheritDoc} */
+ public boolean equals(Object obj) {
+ if (obj == this) {
+ return true;
+ }
+ if (obj instanceof BlockAccessKey) {
+ BlockAccessKey that = (BlockAccessKey) obj;
+ return this.keyID == that.keyID && isEqual(this.key, that.key)
+ && this.expiryDate == that.expiryDate;
+ }
+ return false;
+ }
+
+ /** {@inheritDoc} */
+ public int hashCode() {
+ return key == null ? 0 : key.hashCode();
+ }
+
+ // ///////////////////////////////////////////////
+ // Writable
+ // ///////////////////////////////////////////////
+ /**
+ */
+ public void write(DataOutput out) throws IOException {
+ WritableUtils.writeVLong(out, keyID);
+ key.write(out);
+ WritableUtils.writeVLong(out, expiryDate);
+ }
+
+ /**
+ */
+ public void readFields(DataInput in) throws IOException {
+ keyID = WritableUtils.readVLong(in);
+ key.readFields(in);
+ expiryDate = WritableUtils.readVLong(in);
+ }
+}
\ No newline at end of file
Added: hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/security/BlockAccessToken.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/security/BlockAccessToken.java?rev=1077093&view=auto
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/security/BlockAccessToken.java (added)
+++ hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/security/BlockAccessToken.java Fri Mar 4 03:39:46 2011
@@ -0,0 +1,89 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.hdfs.security;
+
+import java.io.DataInput;
+import java.io.DataOutput;
+import java.io.IOException;
+
+import org.apache.hadoop.io.Text;
+import org.apache.hadoop.io.Writable;
+
+public class BlockAccessToken implements Writable {
+ public static final BlockAccessToken DUMMY_TOKEN = new BlockAccessToken();
+ private Text tokenID;
+ private Text tokenAuthenticator;
+
+ public BlockAccessToken() {
+ this(new Text(), new Text());
+ }
+
+ public BlockAccessToken(Text tokenID, Text tokenAuthenticator) {
+ this.tokenID = tokenID;
+ this.tokenAuthenticator = tokenAuthenticator;
+ }
+
+ public Text getTokenID() {
+ return tokenID;
+ }
+
+ public Text getTokenAuthenticator() {
+ return tokenAuthenticator;
+ }
+
+ static boolean isEqual(Object a, Object b) {
+ return a == null ? b == null : a.equals(b);
+ }
+
+ /** {@inheritDoc} */
+ public boolean equals(Object obj) {
+ if (obj == this) {
+ return true;
+ }
+ if (obj instanceof BlockAccessToken) {
+ BlockAccessToken that = (BlockAccessToken) obj;
+ return isEqual(this.tokenID, that.tokenID)
+ && isEqual(this.tokenAuthenticator, that.tokenAuthenticator);
+ }
+ return false;
+ }
+
+ /** {@inheritDoc} */
+ public int hashCode() {
+ return tokenAuthenticator == null ? 0 : tokenAuthenticator.hashCode();
+ }
+
+ // ///////////////////////////////////////////////
+ // Writable
+ // ///////////////////////////////////////////////
+ /**
+ */
+ public void write(DataOutput out) throws IOException {
+ tokenID.write(out);
+ tokenAuthenticator.write(out);
+ }
+
+ /**
+ */
+ public void readFields(DataInput in) throws IOException {
+ tokenID.readFields(in);
+ tokenAuthenticator.readFields(in);
+ }
+
+}
\ No newline at end of file
Added: hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/security/ExportedAccessKeys.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/security/ExportedAccessKeys.java?rev=1077093&view=auto
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/security/ExportedAccessKeys.java (added)
+++ hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/security/ExportedAccessKeys.java Fri Mar 4 03:39:46 2011
@@ -0,0 +1,138 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.hdfs.security;
+
+import java.io.DataInput;
+import java.io.DataOutput;
+import java.io.IOException;
+import java.util.Arrays;
+
+import org.apache.hadoop.io.Writable;
+import org.apache.hadoop.io.WritableFactories;
+import org.apache.hadoop.io.WritableFactory;
+
+/**
+ * Object for passing access keys
+ */
+public class ExportedAccessKeys implements Writable {
+ public static final ExportedAccessKeys DUMMY_KEYS = new ExportedAccessKeys();
+ private boolean isAccessTokenEnabled;
+ private long keyUpdateInterval;
+ private long tokenLifetime;
+ private BlockAccessKey currentKey;
+ private BlockAccessKey[] allKeys;
+
+ public ExportedAccessKeys() {
+ this(false, 0, 0, new BlockAccessKey(), new BlockAccessKey[0]);
+ }
+
+ ExportedAccessKeys(boolean isAccessTokenEnabled, long keyUpdateInterval,
+ long tokenLifetime, BlockAccessKey currentKey, BlockAccessKey[] allKeys) {
+ this.isAccessTokenEnabled = isAccessTokenEnabled;
+ this.keyUpdateInterval = keyUpdateInterval;
+ this.tokenLifetime = tokenLifetime;
+ this.currentKey = currentKey;
+ this.allKeys = allKeys;
+ }
+
+ public boolean isAccessTokenEnabled() {
+ return isAccessTokenEnabled;
+ }
+
+ public long getKeyUpdateInterval() {
+ return keyUpdateInterval;
+ }
+
+ public long getTokenLifetime() {
+ return tokenLifetime;
+ }
+
+ public BlockAccessKey getCurrentKey() {
+ return currentKey;
+ }
+
+ public BlockAccessKey[] getAllKeys() {
+ return allKeys;
+ }
+
+ static boolean isEqual(Object a, Object b) {
+ return a == null ? b == null : a.equals(b);
+ }
+
+ /** {@inheritDoc} */
+ public boolean equals(Object obj) {
+ if (obj == this) {
+ return true;
+ }
+ if (obj instanceof ExportedAccessKeys) {
+ ExportedAccessKeys that = (ExportedAccessKeys) obj;
+ return this.isAccessTokenEnabled == that.isAccessTokenEnabled
+ && this.keyUpdateInterval == that.keyUpdateInterval
+ && this.tokenLifetime == that.tokenLifetime
+ && isEqual(this.currentKey, that.currentKey)
+ && Arrays.equals(this.allKeys, that.allKeys);
+ }
+ return false;
+ }
+
+ /** {@inheritDoc} */
+ public int hashCode() {
+ return currentKey == null ? 0 : currentKey.hashCode();
+ }
+
+ // ///////////////////////////////////////////////
+ // Writable
+ // ///////////////////////////////////////////////
+ static { // register a ctor
+ WritableFactories.setFactory(ExportedAccessKeys.class,
+ new WritableFactory() {
+ public Writable newInstance() {
+ return new ExportedAccessKeys();
+ }
+ });
+ }
+
+ /**
+ */
+ public void write(DataOutput out) throws IOException {
+ out.writeBoolean(isAccessTokenEnabled);
+ out.writeLong(keyUpdateInterval);
+ out.writeLong(tokenLifetime);
+ currentKey.write(out);
+ out.writeInt(allKeys.length);
+ for (int i = 0; i < allKeys.length; i++) {
+ allKeys[i].write(out);
+ }
+ }
+
+ /**
+ */
+ public void readFields(DataInput in) throws IOException {
+ isAccessTokenEnabled = in.readBoolean();
+ keyUpdateInterval = in.readLong();
+ tokenLifetime = in.readLong();
+ currentKey.readFields(in);
+ this.allKeys = new BlockAccessKey[in.readInt()];
+ for (int i = 0; i < allKeys.length; i++) {
+ allKeys[i] = new BlockAccessKey();
+ allKeys[i].readFields(in);
+ }
+ }
+
+}
\ No newline at end of file
Added: hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/security/InvalidAccessTokenException.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/security/InvalidAccessTokenException.java?rev=1077093&view=auto
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/security/InvalidAccessTokenException.java (added)
+++ hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/security/InvalidAccessTokenException.java Fri Mar 4 03:39:46 2011
@@ -0,0 +1,36 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.hdfs.security;
+
+import java.io.IOException;
+
+/**
+ * Access token verification failed.
+ */
+public class InvalidAccessTokenException extends IOException {
+ private static final long serialVersionUID = 168L;
+
+ public InvalidAccessTokenException() {
+ super();
+ }
+
+ public InvalidAccessTokenException(String msg) {
+ super(msg);
+ }
+}
Modified: hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/balancer/Balancer.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/balancer/Balancer.java?rev=1077093&r1=1077092&r2=1077093&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/balancer/Balancer.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/balancer/Balancer.java Fri Mar 4 03:39:46 2011
@@ -56,6 +56,9 @@ import org.apache.hadoop.hdfs.server.com
import org.apache.hadoop.hdfs.DFSClient;
import org.apache.hadoop.hdfs.protocol.*;
import org.apache.hadoop.hdfs.protocol.FSConstants.DatanodeReportType;
+import org.apache.hadoop.hdfs.security.BlockAccessToken;
+import org.apache.hadoop.hdfs.security.AccessTokenHandler;
+import org.apache.hadoop.hdfs.security.ExportedAccessKeys;
import org.apache.hadoop.hdfs.server.datanode.DataNode;
import org.apache.hadoop.hdfs.server.namenode.NameNode;
import org.apache.hadoop.hdfs.server.protocol.NamenodeProtocol;
@@ -72,9 +75,6 @@ import org.apache.hadoop.ipc.RPC;
import org.apache.hadoop.ipc.RemoteException;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.net.NetworkTopology;
-import org.apache.hadoop.security.AccessToken;
-import org.apache.hadoop.security.AccessTokenHandler;
-import org.apache.hadoop.security.ExportedAccessKeys;
import org.apache.hadoop.security.UnixUserGroupInformation;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.util.Daemon;
@@ -369,7 +369,7 @@ public class Balancer implements Tool {
out.writeLong(block.getBlock().getGenerationStamp());
Text.writeString(out, source.getStorageID());
proxySource.write(out);
- AccessToken accessToken = AccessToken.DUMMY_TOKEN;
+ BlockAccessToken accessToken = BlockAccessToken.DUMMY_TOKEN;
if (isAccessTokenEnabled) {
accessToken = accessTokenHandler.generateToken(null, block.getBlock()
.getBlockId(), EnumSet.of(AccessTokenHandler.AccessMode.REPLACE,
Modified: hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/datanode/DataNode.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/datanode/DataNode.java?rev=1077093&r1=1077092&r2=1077093&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/datanode/DataNode.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/datanode/DataNode.java Fri Mar 4 03:39:46 2011
@@ -84,9 +84,6 @@ import org.apache.hadoop.ipc.RemoteExcep
import org.apache.hadoop.ipc.Server;
import org.apache.hadoop.net.DNS;
import org.apache.hadoop.net.NetUtils;
-import org.apache.hadoop.security.AccessToken;
-import org.apache.hadoop.security.AccessTokenHandler;
-import org.apache.hadoop.security.ExportedAccessKeys;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.authorize.ConfiguredPolicy;
import org.apache.hadoop.security.authorize.PolicyProvider;
@@ -97,6 +94,9 @@ import org.apache.hadoop.util.Reflection
import org.apache.hadoop.util.StringUtils;
import org.apache.hadoop.util.DiskChecker.DiskErrorException;
import org.apache.hadoop.util.DiskChecker.DiskOutOfSpaceException;
+import org.apache.hadoop.hdfs.security.BlockAccessToken;
+import org.apache.hadoop.hdfs.security.AccessTokenHandler;
+import org.apache.hadoop.hdfs.security.ExportedAccessKeys;
/**********************************************************
* DataNode is a class (and program) that stores a set of
@@ -1211,7 +1211,7 @@ public class DataNode extends Configured
for (int i = 1; i < targets.length; i++) {
targets[i].write(out);
}
- AccessToken accessToken = AccessToken.DUMMY_TOKEN;
+ BlockAccessToken accessToken = BlockAccessToken.DUMMY_TOKEN;
if (isAccessTokenEnabled) {
accessToken = accessTokenHandler.generateToken(null, b.getBlockId(),
EnumSet.of(AccessTokenHandler.AccessMode.WRITE));
Modified: hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/datanode/DataXceiver.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/datanode/DataXceiver.java?rev=1077093&r1=1077092&r2=1077093&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/datanode/DataXceiver.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/datanode/DataXceiver.java Fri Mar 4 03:39:46 2011
@@ -32,14 +32,14 @@ import org.apache.hadoop.hdfs.protocol.B
import org.apache.hadoop.hdfs.protocol.DataTransferProtocol;
import org.apache.hadoop.hdfs.protocol.DatanodeInfo;
import org.apache.hadoop.hdfs.protocol.FSConstants;
+import org.apache.hadoop.hdfs.security.BlockAccessToken;
+import org.apache.hadoop.hdfs.security.AccessTokenHandler;
import org.apache.hadoop.hdfs.server.common.HdfsConstants;
import org.apache.hadoop.hdfs.server.datanode.FSDatasetInterface.MetaDataInputStream;
import org.apache.hadoop.io.IOUtils;
import org.apache.hadoop.io.MD5Hash;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.net.NetUtils;
-import org.apache.hadoop.security.AccessToken;
-import org.apache.hadoop.security.AccessTokenHandler;
import org.apache.hadoop.util.DataChecksum;
import org.apache.hadoop.util.StringUtils;
import static org.apache.hadoop.hdfs.server.datanode.DataNode.DN_CLIENTTRACE_FORMAT;
@@ -151,7 +151,7 @@ class DataXceiver implements Runnable, F
long startOffset = in.readLong();
long length = in.readLong();
String clientName = Text.readString(in);
- AccessToken accessToken = new AccessToken();
+ BlockAccessToken accessToken = new BlockAccessToken();
accessToken.readFields(in);
OutputStream baseStream = NetUtils.getOutputStream(s,
datanode.socketWriteTimeout);
@@ -258,7 +258,7 @@ class DataXceiver implements Runnable, F
tmp.readFields(in);
targets[i] = tmp;
}
- AccessToken accessToken = new AccessToken();
+ BlockAccessToken accessToken = new BlockAccessToken();
accessToken.readFields(in);
DataOutputStream replyOut = null; // stream to prev target
replyOut = new DataOutputStream(
@@ -423,7 +423,7 @@ class DataXceiver implements Runnable, F
*/
void getBlockChecksum(DataInputStream in) throws IOException {
final Block block = new Block(in.readLong(), 0 , in.readLong());
- AccessToken accessToken = new AccessToken();
+ BlockAccessToken accessToken = new BlockAccessToken();
accessToken.readFields(in);
DataOutputStream out = new DataOutputStream(NetUtils.getOutputStream(s,
datanode.socketWriteTimeout));
@@ -484,7 +484,7 @@ class DataXceiver implements Runnable, F
// Read in the header
long blockId = in.readLong(); // read block id
Block block = new Block(blockId, 0, in.readLong());
- AccessToken accessToken = new AccessToken();
+ BlockAccessToken accessToken = new BlockAccessToken();
accessToken.readFields(in);
if (datanode.isAccessTokenEnabled
&& !datanode.accessTokenHandler.checkAccess(accessToken, null, blockId,
@@ -562,7 +562,7 @@ class DataXceiver implements Runnable, F
String sourceID = Text.readString(in); // read del hint
DatanodeInfo proxySource = new DatanodeInfo(); // read proxy source
proxySource.readFields(in);
- AccessToken accessToken = new AccessToken();
+ BlockAccessToken accessToken = new BlockAccessToken();
accessToken.readFields(in);
if (datanode.isAccessTokenEnabled
&& !datanode.accessTokenHandler.checkAccess(accessToken, null, blockId,
Modified: hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java?rev=1077093&r1=1077092&r2=1077093&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java Fri Mar 4 03:39:46 2011
@@ -30,8 +30,8 @@ import org.apache.hadoop.hdfs.server.nam
import org.apache.hadoop.hdfs.server.namenode.metrics.FSNamesystemMBean;
import org.apache.hadoop.hdfs.server.namenode.metrics.FSNamesystemMetrics;
import org.apache.hadoop.security.AccessControlException;
-import org.apache.hadoop.security.AccessTokenHandler;
-import org.apache.hadoop.security.ExportedAccessKeys;
+import org.apache.hadoop.hdfs.security.AccessTokenHandler;
+import org.apache.hadoop.hdfs.security.ExportedAccessKeys;
import org.apache.hadoop.security.PermissionChecker;
import org.apache.hadoop.security.UnixUserGroupInformation;
import org.apache.hadoop.security.UserGroupInformation;
Modified: hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/JspHelper.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/JspHelper.java?rev=1077093&r1=1077092&r2=1077093&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/JspHelper.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/JspHelper.java Fri Mar 4 03:39:46 2011
@@ -43,7 +43,8 @@ import org.apache.hadoop.hdfs.server.dat
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.util.StringUtils;
import org.apache.hadoop.net.NetUtils;
-import org.apache.hadoop.security.*;
+import org.apache.hadoop.security.UnixUserGroupInformation;
+import org.apache.hadoop.hdfs.security.BlockAccessToken;
public class JspHelper {
final static public String WEB_UGI_PROPERTY_NAME = "dfs.web.ugi";
@@ -116,7 +117,7 @@ public class JspHelper {
return chosenNode;
}
public void streamBlockInAscii(InetSocketAddress addr, long blockId,
- AccessToken accessToken, long genStamp, long blockSize,
+ BlockAccessToken accessToken, long genStamp, long blockSize,
long offsetIntoBlock, long chunkSizeToView, JspWriter out)
throws IOException {
if (chunkSizeToView == 0) return;
Modified: hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNode.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNode.java?rev=1077093&r1=1077092&r2=1077093&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNode.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNode.java Fri Mar 4 03:39:46 2011
@@ -48,8 +48,7 @@ import org.apache.hadoop.util.Reflection
import org.apache.hadoop.util.StringUtils;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.net.NetworkTopology;
-import org.apache.hadoop.security.AccessKey;
-import org.apache.hadoop.security.ExportedAccessKeys;
+import org.apache.hadoop.hdfs.security.ExportedAccessKeys;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authorize.AuthorizationException;
Modified: hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/protocol/DatanodeRegistration.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/protocol/DatanodeRegistration.java?rev=1077093&r1=1077092&r2=1077093&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/protocol/DatanodeRegistration.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/protocol/DatanodeRegistration.java Fri Mar 4 03:39:46 2011
@@ -23,13 +23,13 @@ import java.io.DataOutput;
import java.io.IOException;
import org.apache.hadoop.hdfs.protocol.DatanodeID;
+import org.apache.hadoop.hdfs.security.ExportedAccessKeys;
import org.apache.hadoop.hdfs.server.common.Storage;
import org.apache.hadoop.hdfs.server.common.StorageInfo;
import org.apache.hadoop.hdfs.server.datanode.DataStorage;
import org.apache.hadoop.io.Writable;
import org.apache.hadoop.io.WritableFactories;
import org.apache.hadoop.io.WritableFactory;
-import org.apache.hadoop.security.ExportedAccessKeys;
/**
* DatanodeRegistration class conatins all information the Namenode needs
Modified: hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/protocol/KeyUpdateCommand.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/protocol/KeyUpdateCommand.java?rev=1077093&r1=1077092&r2=1077093&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/protocol/KeyUpdateCommand.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/protocol/KeyUpdateCommand.java Fri Mar 4 03:39:46 2011
@@ -21,10 +21,10 @@ import java.io.DataInput;
import java.io.DataOutput;
import java.io.IOException;
+import org.apache.hadoop.hdfs.security.ExportedAccessKeys;
import org.apache.hadoop.io.Writable;
import org.apache.hadoop.io.WritableFactories;
import org.apache.hadoop.io.WritableFactory;
-import org.apache.hadoop.security.ExportedAccessKeys;
public class KeyUpdateCommand extends DatanodeCommand {
private ExportedAccessKeys keys;
Modified: hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/protocol/NamenodeProtocol.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/protocol/NamenodeProtocol.java?rev=1077093&r1=1077092&r2=1077093&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/protocol/NamenodeProtocol.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/protocol/NamenodeProtocol.java Fri Mar 4 03:39:46 2011
@@ -21,9 +21,9 @@ package org.apache.hadoop.hdfs.server.pr
import java.io.IOException;
import org.apache.hadoop.hdfs.protocol.DatanodeInfo;
+import org.apache.hadoop.hdfs.security.ExportedAccessKeys;
import org.apache.hadoop.hdfs.server.namenode.CheckpointSignature;
import org.apache.hadoop.ipc.VersionedProtocol;
-import org.apache.hadoop.security.ExportedAccessKeys;
/*****************************************************************************
* Protocol that a secondary NameNode uses to communicate with the NameNode.
Modified: hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/DFSTestUtil.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/DFSTestUtil.java?rev=1077093&r1=1077092&r2=1077093&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/DFSTestUtil.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/DFSTestUtil.java Fri Mar 4 03:39:46 2011
@@ -31,8 +31,8 @@ import junit.framework.TestCase;
import org.apache.hadoop.hdfs.DFSClient.DFSDataInputStream;
import org.apache.hadoop.hdfs.protocol.Block;
import org.apache.hadoop.hdfs.protocol.LocatedBlock;
+import org.apache.hadoop.hdfs.security.BlockAccessToken;
import org.apache.hadoop.io.IOUtils;
-import org.apache.hadoop.security.AccessToken;
import org.apache.hadoop.fs.FSDataInputStream;
import org.apache.hadoop.fs.FSDataOutputStream;
import org.apache.hadoop.fs.FileSystem;
@@ -255,7 +255,7 @@ public class DFSTestUtil extends TestCas
return ((DFSClient.DFSDataInputStream) in).getAllBlocks();
}
- public static AccessToken getAccessToken(FSDataOutputStream out) {
+ public static BlockAccessToken getAccessToken(FSDataOutputStream out) {
return ((DFSClient.DFSOutputStream) out.getWrappedStream()).getAccessToken();
}
Modified: hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/TestDataTransferProtocol.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/TestDataTransferProtocol.java?rev=1077093&r1=1077092&r2=1077093&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/TestDataTransferProtocol.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/TestDataTransferProtocol.java Fri Mar 4 03:39:46 2011
@@ -30,7 +30,6 @@ import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.io.IOUtils;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.net.NetUtils;
-import org.apache.hadoop.security.AccessToken;
import org.apache.hadoop.util.DataChecksum;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hdfs.DFSClient.DFSDataInputStream;
@@ -38,6 +37,7 @@ import org.apache.hadoop.hdfs.protocol.B
import org.apache.hadoop.hdfs.protocol.DataTransferProtocol;
import org.apache.hadoop.hdfs.protocol.DatanodeID;
import org.apache.hadoop.hdfs.protocol.FSConstants.DatanodeReportType;
+import org.apache.hadoop.hdfs.security.BlockAccessToken;
import org.apache.hadoop.hdfs.server.common.HdfsConstants;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -179,7 +179,7 @@ public class TestDataTransferProtocol ex
Text.writeString(sendOut, "cl");// clientID
sendOut.writeBoolean(false); // no src node info
sendOut.writeInt(0); // number of downstream targets
- AccessToken.DUMMY_TOKEN.write(sendOut);
+ BlockAccessToken.DUMMY_TOKEN.write(sendOut);
sendOut.writeByte((byte)DataChecksum.CHECKSUM_CRC32);
// bad bytes per checksum
@@ -215,7 +215,7 @@ public class TestDataTransferProtocol ex
Text.writeString(sendOut, "cl");// clientID
sendOut.writeBoolean(false); // no src node info
sendOut.writeInt(0);
- AccessToken.DUMMY_TOKEN.write(sendOut);
+ BlockAccessToken.DUMMY_TOKEN.write(sendOut);
sendOut.writeByte((byte)DataChecksum.CHECKSUM_CRC32);
sendOut.writeInt((int)512);
sendOut.writeInt(4); // size of packet
@@ -244,7 +244,7 @@ public class TestDataTransferProtocol ex
Text.writeString(sendOut, "cl");// clientID
sendOut.writeBoolean(false); // no src node info
sendOut.writeInt(0);
- AccessToken.DUMMY_TOKEN.write(sendOut);
+ BlockAccessToken.DUMMY_TOKEN.write(sendOut);
sendOut.writeByte((byte)DataChecksum.CHECKSUM_CRC32);
sendOut.writeInt((int)512); // checksum size
sendOut.writeInt(8); // size of packet
@@ -275,7 +275,7 @@ public class TestDataTransferProtocol ex
sendOut.writeLong(fileLen);
recvOut.writeShort((short)DataTransferProtocol.OP_STATUS_ERROR);
Text.writeString(sendOut, "cl");
- AccessToken.DUMMY_TOKEN.write(sendOut);
+ BlockAccessToken.DUMMY_TOKEN.write(sendOut);
sendRecvData("Wrong block ID " + newBlockId + " for read", false);
// negative block start offset
@@ -287,7 +287,7 @@ public class TestDataTransferProtocol ex
sendOut.writeLong(-1L);
sendOut.writeLong(fileLen);
Text.writeString(sendOut, "cl");
- AccessToken.DUMMY_TOKEN.write(sendOut);
+ BlockAccessToken.DUMMY_TOKEN.write(sendOut);
sendRecvData("Negative start-offset for read for block " +
firstBlock.getBlockId(), false);
@@ -300,7 +300,7 @@ public class TestDataTransferProtocol ex
sendOut.writeLong(fileLen);
sendOut.writeLong(fileLen);
Text.writeString(sendOut, "cl");
- AccessToken.DUMMY_TOKEN.write(sendOut);
+ BlockAccessToken.DUMMY_TOKEN.write(sendOut);
sendRecvData("Wrong start-offset for reading block " +
firstBlock.getBlockId(), false);
@@ -315,7 +315,7 @@ public class TestDataTransferProtocol ex
sendOut.writeLong(0);
sendOut.writeLong(-1-random.nextInt(oneMil));
Text.writeString(sendOut, "cl");
- AccessToken.DUMMY_TOKEN.write(sendOut);
+ BlockAccessToken.DUMMY_TOKEN.write(sendOut);
sendRecvData("Negative length for reading block " +
firstBlock.getBlockId(), false);
@@ -330,7 +330,7 @@ public class TestDataTransferProtocol ex
sendOut.writeLong(0);
sendOut.writeLong(fileLen + 1);
Text.writeString(sendOut, "cl");
- AccessToken.DUMMY_TOKEN.write(sendOut);
+ BlockAccessToken.DUMMY_TOKEN.write(sendOut);
sendRecvData("Wrong length for reading block " +
firstBlock.getBlockId(), false);
@@ -343,7 +343,7 @@ public class TestDataTransferProtocol ex
sendOut.writeLong(0);
sendOut.writeLong(fileLen);
Text.writeString(sendOut, "cl");
- AccessToken.DUMMY_TOKEN.write(sendOut);
+ BlockAccessToken.DUMMY_TOKEN.write(sendOut);
readFile(fileSys, file, fileLen);
}
}
Added: hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/security/SecurityTestUtil.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/security/SecurityTestUtil.java?rev=1077093&view=auto
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/security/SecurityTestUtil.java (added)
+++ hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/security/SecurityTestUtil.java Fri Mar 4 03:39:46 2011
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.hdfs.security;
+
+import java.io.IOException;
+
+/** Utilities for security tests */
+public class SecurityTestUtil {
+
+ /**
+ * check if an access token is expired. return true when token is expired,
+ * false otherwise
+ */
+ public static boolean isAccessTokenExpired(BlockAccessToken token)
+ throws IOException {
+ return AccessTokenHandler.isTokenExpired(token);
+ }
+
+ /**
+ * set access token lifetime.
+ */
+ public static void setAccessTokenLifetime(AccessTokenHandler handler,
+ long tokenLifetime) {
+ handler.setTokenLifetime(tokenLifetime);
+ }
+
+}
Added: hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/security/TestAccessToken.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/security/TestAccessToken.java?rev=1077093&view=auto
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/security/TestAccessToken.java (added)
+++ hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/security/TestAccessToken.java Fri Mar 4 03:39:46 2011
@@ -0,0 +1,89 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.hdfs.security;
+
+import java.util.EnumSet;
+
+import org.apache.hadoop.io.TestWritable;
+
+import junit.framework.TestCase;
+
+/** Unit tests for access tokens */
+public class TestAccessToken extends TestCase {
+ long accessKeyUpdateInterval = 10 * 60 * 1000; // 10 mins
+ long accessTokenLifetime = 2 * 60 * 1000; // 2 mins
+ long blockID1 = 0L;
+ long blockID2 = 10L;
+ long blockID3 = -108L;
+
+ /** test Writable */
+ public void testWritable() throws Exception {
+ TestWritable.testWritable(ExportedAccessKeys.DUMMY_KEYS);
+ AccessTokenHandler handler = new AccessTokenHandler(true,
+ accessKeyUpdateInterval, accessTokenLifetime);
+ ExportedAccessKeys keys = handler.exportKeys();
+ TestWritable.testWritable(keys);
+ TestWritable.testWritable(BlockAccessToken.DUMMY_TOKEN);
+ BlockAccessToken token = handler.generateToken(blockID3, EnumSet
+ .allOf(AccessTokenHandler.AccessMode.class));
+ TestWritable.testWritable(token);
+ }
+
+ private void tokenGenerationAndVerification(AccessTokenHandler master,
+ AccessTokenHandler slave) throws Exception {
+ // single-mode tokens
+ for (AccessTokenHandler.AccessMode mode : AccessTokenHandler.AccessMode
+ .values()) {
+ // generated by master
+ BlockAccessToken token1 = master.generateToken(blockID1, EnumSet.of(mode));
+ assertTrue(master.checkAccess(token1, null, blockID1, mode));
+ assertTrue(slave.checkAccess(token1, null, blockID1, mode));
+ // generated by slave
+ BlockAccessToken token2 = slave.generateToken(blockID2, EnumSet.of(mode));
+ assertTrue(master.checkAccess(token2, null, blockID2, mode));
+ assertTrue(slave.checkAccess(token2, null, blockID2, mode));
+ }
+ // multi-mode tokens
+ BlockAccessToken mtoken = master.generateToken(blockID3, EnumSet
+ .allOf(AccessTokenHandler.AccessMode.class));
+ for (AccessTokenHandler.AccessMode mode : AccessTokenHandler.AccessMode
+ .values()) {
+ assertTrue(master.checkAccess(mtoken, null, blockID3, mode));
+ assertTrue(slave.checkAccess(mtoken, null, blockID3, mode));
+ }
+ }
+
+ /** test access key and token handling */
+ public void testAccessTokenHandler() throws Exception {
+ AccessTokenHandler masterHandler = new AccessTokenHandler(true,
+ accessKeyUpdateInterval, accessTokenLifetime);
+ AccessTokenHandler slaveHandler = new AccessTokenHandler(false,
+ accessKeyUpdateInterval, accessTokenLifetime);
+ ExportedAccessKeys keys = masterHandler.exportKeys();
+ slaveHandler.setKeys(keys);
+ tokenGenerationAndVerification(masterHandler, slaveHandler);
+ // key updating
+ masterHandler.updateKeys();
+ tokenGenerationAndVerification(masterHandler, slaveHandler);
+ keys = masterHandler.exportKeys();
+ slaveHandler.setKeys(keys);
+ tokenGenerationAndVerification(masterHandler, slaveHandler);
+ }
+
+}
Modified: hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/server/datanode/TestBlockReplacement.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/server/datanode/TestBlockReplacement.java?rev=1077093&r1=1077092&r2=1077093&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/server/datanode/TestBlockReplacement.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/server/datanode/TestBlockReplacement.java Fri Mar 4 03:39:46 2011
@@ -47,7 +47,7 @@ import org.apache.hadoop.hdfs.server.com
import org.apache.hadoop.hdfs.server.datanode.BlockTransferThrottler;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.net.NetUtils;
-import org.apache.hadoop.security.AccessToken;
+import org.apache.hadoop.hdfs.security.BlockAccessToken;
/**
* This class tests if block replacement request to data nodes work correctly.
*/
@@ -232,7 +232,7 @@ public class TestBlockReplacement extend
out.writeLong(block.getGenerationStamp());
Text.writeString(out, source.getStorageID());
sourceProxy.write(out);
- AccessToken.DUMMY_TOKEN.write(out);
+ BlockAccessToken.DUMMY_TOKEN.write(out);
out.flush();
// receiveResponse
DataInputStream reply = new DataInputStream(sock.getInputStream());
Modified: hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/server/datanode/TestDiskError.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/server/datanode/TestDiskError.java?rev=1077093&r1=1077092&r2=1077093&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/server/datanode/TestDiskError.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/server/datanode/TestDiskError.java Fri Mar 4 03:39:46 2011
@@ -31,7 +31,7 @@ import org.apache.hadoop.hdfs.protocol.D
import org.apache.hadoop.hdfs.protocol.LocatedBlock;
import org.apache.hadoop.hdfs.protocol.LocatedBlocks;
import org.apache.hadoop.io.Text;
-import org.apache.hadoop.security.AccessToken;
+import org.apache.hadoop.hdfs.security.BlockAccessToken;
import junit.framework.TestCase;
@@ -120,7 +120,7 @@ public class TestDiskError extends TestC
Text.writeString( out, "" );
out.writeBoolean(false); // Not sending src node information
out.writeInt(0);
- AccessToken.DUMMY_TOKEN.write(out);
+ BlockAccessToken.DUMMY_TOKEN.write(out);
// write check header
out.writeByte( 1 );
Modified: hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/server/namenode/TestAccessTokenWithDFS.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/server/namenode/TestAccessTokenWithDFS.java?rev=1077093&r1=1077092&r2=1077093&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/server/namenode/TestAccessTokenWithDFS.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/test/org/apache/hadoop/hdfs/server/namenode/TestAccessTokenWithDFS.java Fri Mar 4 03:39:46 2011
@@ -32,6 +32,10 @@ import org.apache.hadoop.hdfs.MiniDFSClu
import org.apache.hadoop.hdfs.protocol.Block;
import org.apache.hadoop.hdfs.protocol.DatanodeInfo;
import org.apache.hadoop.hdfs.protocol.LocatedBlock;
+import org.apache.hadoop.hdfs.security.BlockAccessToken;
+import org.apache.hadoop.hdfs.security.AccessTokenHandler;
+import org.apache.hadoop.hdfs.security.InvalidAccessTokenException;
+import org.apache.hadoop.hdfs.security.SecurityTestUtil;
import org.apache.hadoop.hdfs.server.balancer.TestBalancer;
import org.apache.hadoop.hdfs.server.common.HdfsConstants;
import org.apache.hadoop.net.NetUtils;
@@ -39,10 +43,6 @@ import org.apache.hadoop.fs.FSDataInputS
import org.apache.hadoop.fs.FSDataOutputStream;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
-import org.apache.hadoop.security.AccessToken;
-import org.apache.hadoop.security.AccessTokenHandler;
-import org.apache.hadoop.security.InvalidAccessTokenException;
-import org.apache.hadoop.security.SecurityTestUtil;
import org.apache.log4j.Level;
import junit.framework.TestCase;
@@ -206,7 +206,7 @@ public class TestAccessTokenWithDFS exte
/*
* wait till token used in stm expires
*/
- AccessToken token = DFSTestUtil.getAccessToken(stm);
+ BlockAccessToken token = DFSTestUtil.getAccessToken(stm);
while (!SecurityTestUtil.isAccessTokenExpired(token)) {
try {
Thread.sleep(10);
@@ -258,7 +258,7 @@ public class TestAccessTokenWithDFS exte
/*
* wait till token used in stm expires
*/
- AccessToken token = DFSTestUtil.getAccessToken(stm);
+ BlockAccessToken token = DFSTestUtil.getAccessToken(stm);
while (!SecurityTestUtil.isAccessTokenExpired(token)) {
try {
Thread.sleep(10);
@@ -320,7 +320,7 @@ public class TestAccessTokenWithDFS exte
List<LocatedBlock> locatedBlocks = cluster.getNameNode().getBlockLocations(
FILE_TO_READ, 0, FILE_SIZE).getLocatedBlocks();
LocatedBlock lblock = locatedBlocks.get(0); // first block
- AccessToken myToken = lblock.getAccessToken();
+ BlockAccessToken myToken = lblock.getAccessToken();
// verify token is not expired
assertFalse(SecurityTestUtil.isAccessTokenExpired(myToken));
// read with valid token, should succeed
Modified: hadoop/common/branches/branch-0.20-security-patches/src/webapps/datanode/browseBlock.jsp
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/webapps/datanode/browseBlock.jsp?rev=1077093&r1=1077092&r2=1077093&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/webapps/datanode/browseBlock.jsp (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/webapps/datanode/browseBlock.jsp Fri Mar 4 03:39:46 2011
@@ -12,8 +12,8 @@
import="org.apache.hadoop.io.*"
import="org.apache.hadoop.conf.*"
import="org.apache.hadoop.net.DNS"
- import="org.apache.hadoop.security.AccessToken"
- import="org.apache.hadoop.security.AccessTokenHandler"
+ import="org.apache.hadoop.hdfs.security.BlockAccessToken"
+ import="org.apache.hadoop.hdfs.security.AccessTokenHandler"
import="org.apache.hadoop.util.*"
import="java.text.DateFormat"
%>
@@ -194,7 +194,7 @@
final DFSClient dfs = new DFSClient(jspHelper.nameNodeAddr, jspHelper.conf);
- AccessToken accessToken = AccessToken.DUMMY_TOKEN;
+ BlockAccessToken accessToken = BlockAccessToken.DUMMY_TOKEN;
if (JspHelper.conf
.getBoolean(AccessTokenHandler.STRING_ENABLE_ACCESS_TOKEN, false)) {
List<LocatedBlock> blks = dfs.namenode.getBlockLocations(filename, 0,
Modified: hadoop/common/branches/branch-0.20-security-patches/src/webapps/datanode/tail.jsp
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/webapps/datanode/tail.jsp?rev=1077093&r1=1077092&r2=1077093&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/webapps/datanode/tail.jsp (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/webapps/datanode/tail.jsp Fri Mar 4 03:39:46 2011
@@ -12,7 +12,7 @@
import="org.apache.hadoop.io.*"
import="org.apache.hadoop.conf.*"
import="org.apache.hadoop.net.DNS"
- import="org.apache.hadoop.security.AccessToken"
+ import="org.apache.hadoop.hdfs.security.BlockAccessToken"
import="org.apache.hadoop.util.*"
import="org.apache.hadoop.net.NetUtils"
import="java.text.DateFormat"
@@ -83,7 +83,7 @@
LocatedBlock lastBlk = blocks.get(blocks.size() - 1);
long blockSize = lastBlk.getBlock().getNumBytes();
long blockId = lastBlk.getBlock().getBlockId();
- AccessToken accessToken = lastBlk.getAccessToken();
+ BlockAccessToken accessToken = lastBlk.getAccessToken();
long genStamp = lastBlk.getBlock().getGenerationStamp();
DatanodeInfo chosenNode;
try {