From 3819c964fad12ad80b0628c1e083e032df495e27 Mon Sep 17 00:00:00 2001 From: Daryn Sharp Date: Fri, 31 Aug 2012 21:24:48 +0000 Subject: [PATCH] HDFS-3873. Hftp assumes security is disabled if token fetch fails (daryn) git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1379615 13f79535-47bb-0310-9956-ffa450edef68 --- hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt | 2 + .../apache/hadoop/hdfs/HftpFileSystem.java | 14 ++--- .../hadoop/hdfs/TestHftpDelegationToken.java | 55 +++++++++++++++++-- 3 files changed, 59 insertions(+), 12 deletions(-) diff --git a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt index 3694fe51faa..1dcc6a2e65a 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt +++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt @@ -1583,6 +1583,8 @@ Release 0.23.3 - UNRELEASED HDFS-3861. Deadlock in DFSClient (Kihwal Lee via daryn) + HDFS-3873. Hftp assumes security is disabled if token fetch fails (daryn) + Release 0.23.2 - UNRELEASED INCOMPATIBLE CHANGES diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/HftpFileSystem.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/HftpFileSystem.java index 8c73e2a6bee..5c536445924 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/HftpFileSystem.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/HftpFileSystem.java @@ -21,6 +21,7 @@ package org.apache.hadoop.hdfs; import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; +import java.net.ConnectException; import java.net.HttpURLConnection; import java.net.InetSocketAddress; import java.net.URI; @@ -247,14 +248,13 @@ public class HftpFileSystem extends FileSystem Credentials c; try { c = DelegationTokenFetcher.getDTfromRemote(nnHttpUrl, renewer); - } catch (Exception e) { - LOG.info("Couldn't get a delegation token from " + nnHttpUrl + - " using http."); - if(LOG.isDebugEnabled()) { - LOG.debug("error was ", e); + } catch (IOException e) { + if (e.getCause() instanceof ConnectException) { + LOG.warn("Couldn't connect to " + nnHttpUrl + + ", assuming security is disabled"); + return null; } - //Maybe the server is in unsecure mode (that's bad but okay) - return null; + throw e; } for (Token t : c.getAllTokens()) { if(LOG.isDebugEnabled()) { diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestHftpDelegationToken.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestHftpDelegationToken.java index e7df0102130..cd8cf0d3f18 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestHftpDelegationToken.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestHftpDelegationToken.java @@ -19,13 +19,11 @@ package org.apache.hadoop.hdfs; import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertNull; -import static org.junit.Assert.assertSame; - +import static org.junit.Assert.*; import java.io.IOException; import java.lang.reflect.Field; +import java.net.ServerSocket; +import java.net.Socket; import java.net.URI; import java.security.PrivilegedExceptionAction; @@ -138,6 +136,53 @@ public class TestHftpDelegationToken { conf.setInt(DFSConfigKeys.DFS_NAMENODE_HTTPS_PORT_KEY, 5); } + + @Test + public void testInsecureRemoteCluster() throws Exception { + final ServerSocket socket = new ServerSocket(0); // just reserve a port + socket.close(); + Configuration conf = new Configuration(); + URI fsUri = URI.create("hsftp://localhost:"+socket.getLocalPort()); + assertNull(FileSystem.newInstance(fsUri, conf).getDelegationToken(null)); + } + + @Test + public void testSecureClusterError() throws Exception { + final ServerSocket socket = new ServerSocket(0); + Thread t = new Thread() { + @Override + public void run() { + while (true) { // fetching does a few retries + try { + Socket s = socket.accept(); + s.getOutputStream().write(1234); + s.shutdownOutput(); + } catch (Exception e) { + break; + } + } + } + }; + t.start(); + + try { + Configuration conf = new Configuration(); + URI fsUri = URI.create("hsftp://localhost:"+socket.getLocalPort()); + Exception ex = null; + try { + FileSystem.newInstance(fsUri, conf).getDelegationToken(null); + } catch (Exception e) { + ex = e; + } + assertNotNull(ex); + assertNotNull(ex.getCause()); + assertEquals("Unexpected end of file from server", + ex.getCause().getMessage()); + } finally { + t.interrupt(); + } + } + private void checkTokenSelection(HftpFileSystem fs, int port, Configuration conf) throws IOException {