From 49be85005e47428ca53077d02f354242318e4059 Mon Sep 17 00:00:00 2001 From: Steve Loughran Date: Tue, 30 Sep 2014 17:28:56 -0700 Subject: [PATCH] HADOOP-11117 UGI HadoopLoginModule doesn't catch & wrap all kerberos-related exceptions (stevel) --- .../hadoop-common/CHANGES.txt | 3 +++ .../java/org/apache/hadoop/security/User.java | 3 ++- .../hadoop/security/UserGroupInformation.java | 18 ++++++++++++++++-- .../security/TestUserGroupInformation.java | 3 ++- 4 files changed, 23 insertions(+), 4 deletions(-) diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index 22cc9da33a1..252f3f42c3d 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -580,6 +580,9 @@ Release 2.6.0 - UNRELEASED HADOOP-11145. TestFairCallQueue fails. (Akira AJISAKA via cnauroth) + HADOOP-11117 UGI HadoopLoginModule doesn't catch & wrap all + kerberos-related exceptions (stevel) + Release 2.5.1 - 2014-09-05 INCOMPATIBLE CHANGES diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/User.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/User.java index 8d9b28b0d1c..236e9626f2b 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/User.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/User.java @@ -47,7 +47,8 @@ public User(String name, AuthenticationMethod authMethod, LoginContext login) { try { shortName = new HadoopKerberosName(name).getShortName(); } catch (IOException ioe) { - throw new IllegalArgumentException("Illegal principal name " + name, ioe); + throw new IllegalArgumentException("Illegal principal name " + name + +": " + ioe.toString(), ioe); } fullName = name; diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java index 4f117fd1011..fbefdb128a1 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java @@ -176,7 +176,21 @@ public boolean commit() throws LoginException { } // if we found the user, add our principal if (user != null) { - subject.getPrincipals().add(new User(user.getName())); + if (LOG.isDebugEnabled()) { + LOG.debug("Using user: \"" + user + "\" with name " + user.getName()); + } + + User userEntry = null; + try { + userEntry = new User(user.getName()); + } catch (Exception e) { + throw (LoginException)(new LoginException(e.toString()).initCause(e)); + } + if (LOG.isDebugEnabled()) { + LOG.debug("User entry: \"" + userEntry.toString() + "\"" ); + } + + subject.getPrincipals().add(userEntry); return true; } LOG.error("Can't find user in " + subject); @@ -919,7 +933,7 @@ static void loginUserFromKeytab(String user, metrics.loginFailure.add(Time.now() - start); } throw new IOException("Login failure for " + user + " from keytab " + - path, le); + path+ ": " + le, le); } LOG.info("Login successful for user " + keytabPrincipal + " using keytab file " + keytabFile); diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java index 23e89d83b80..f1fba0317ed 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java @@ -339,7 +339,8 @@ private void testConstructorFailures(String userName) { } catch (IllegalArgumentException e) { String expect = (userName == null || userName.isEmpty()) ? "Null user" : "Illegal principal name "+userName; - assertEquals(expect, e.getMessage()); + assertTrue("Did not find "+ expect + " in " + e, + e.toString().contains(expect)); } }