HADOOP-11117 UGI HadoopLoginModule doesn't catch & wrap all kerberos-related exceptions (stevel)

2014-09-30 17:28:56 -07:00 · 2014-09-30 17:28:56 -07:00 · 49be85005e
parent 489b4008df
commit 49be85005e
4 changed files with 23 additions and 4 deletions
--- a/hadoop-common-project/hadoop-common/CHANGES.txt
+++ b/hadoop-common-project/hadoop-common/CHANGES.txt
@ -580,6 +580,9 @@ Release 2.6.0 - UNRELEASED

    HADOOP-11145. TestFairCallQueue fails. (Akira AJISAKA via cnauroth)

+    HADOOP-11117 UGI HadoopLoginModule doesn't catch & wrap all
+    kerberos-related exceptions (stevel)
+
 Release 2.5.1 - 2014-09-05

  INCOMPATIBLE CHANGES
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/User.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/User.java
@ -47,7 +47,8 @@ public User(String name, AuthenticationMethod authMethod, LoginContext login) {
    try {
      shortName = new HadoopKerberosName(name).getShortName();
    } catch (IOException ioe) {
-      throw new IllegalArgumentException("Illegal principal name " + name, ioe);
+      throw new IllegalArgumentException("Illegal principal name " + name
+                                         +": " + ioe.toString(), ioe);
    }
    fullName = name;

--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
@ -176,7 +176,21 @@ public boolean commit() throws LoginException {
      }
      // if we found the user, add our principal
      if (user != null) {
-        subject.getPrincipals().add(new User(user.getName()));
+        if (LOG.isDebugEnabled()) {
+          LOG.debug("Using user: \"" + user + "\" with name " + user.getName());
+        }
+
+        User userEntry = null;
+        try {
+          userEntry = new User(user.getName());
+        } catch (Exception e) {
+          throw (LoginException)(new LoginException(e.toString()).initCause(e));
+        }
+        if (LOG.isDebugEnabled()) {
+          LOG.debug("User entry: \"" + userEntry.toString() + "\"" );
+        }
+
+        subject.getPrincipals().add(userEntry);
        return true;
      }
      LOG.error("Can't find user in " + subject);
@ -919,7 +933,7 @@ static void loginUserFromKeytab(String user,
        metrics.loginFailure.add(Time.now() - start);
      }
      throw new IOException("Login failure for " + user + " from keytab " + 
-                            path, le);
+                            path+ ": " + le, le);
    }
    LOG.info("Login successful for user " + keytabPrincipal
        + " using keytab file " + keytabFile);
--- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java
+++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java
@ -339,7 +339,8 @@ private void testConstructorFailures(String userName) {
    } catch (IllegalArgumentException e) {
      String expect = (userName == null || userName.isEmpty())
          ? "Null user" : "Illegal principal name "+userName;
-      assertEquals(expect, e.getMessage());
+      assertTrue("Did not find "+ expect + " in " + e,
+          e.toString().contains(expect));
    }
  }