svn merge -c 1379615 FIXES: HDFS-3873. Hftp assumes security is disabled if token fetch fails (daryn)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1379618 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
c54a74a2cc
commit
59005f8f98
|
@ -1449,6 +1449,8 @@ Release 0.23.3 - UNRELEASED
|
|||
|
||||
HDFS-3861. Deadlock in DFSClient (Kihwal Lee via daryn)
|
||||
|
||||
HDFS-3873. Hftp assumes security is disabled if token fetch fails (daryn)
|
||||
|
||||
Release 0.23.2 - UNRELEASED
|
||||
|
||||
INCOMPATIBLE CHANGES
|
||||
|
|
|
@ -21,6 +21,7 @@ package org.apache.hadoop.hdfs;
|
|||
import java.io.FileNotFoundException;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.net.ConnectException;
|
||||
import java.net.HttpURLConnection;
|
||||
import java.net.InetSocketAddress;
|
||||
import java.net.URI;
|
||||
|
@ -247,15 +248,14 @@ public class HftpFileSystem extends FileSystem
|
|||
Credentials c;
|
||||
try {
|
||||
c = DelegationTokenFetcher.getDTfromRemote(nnHttpUrl, renewer);
|
||||
} catch (Exception e) {
|
||||
LOG.info("Couldn't get a delegation token from " + nnHttpUrl +
|
||||
" using http.");
|
||||
if(LOG.isDebugEnabled()) {
|
||||
LOG.debug("error was ", e);
|
||||
}
|
||||
//Maybe the server is in unsecure mode (that's bad but okay)
|
||||
} catch (IOException e) {
|
||||
if (e.getCause() instanceof ConnectException) {
|
||||
LOG.warn("Couldn't connect to " + nnHttpUrl +
|
||||
", assuming security is disabled");
|
||||
return null;
|
||||
}
|
||||
throw e;
|
||||
}
|
||||
for (Token<? extends TokenIdentifier> t : c.getAllTokens()) {
|
||||
if(LOG.isDebugEnabled()) {
|
||||
LOG.debug("Got dt for " + getUri() + ";t.service="
|
||||
|
|
|
@ -19,13 +19,11 @@
|
|||
package org.apache.hadoop.hdfs;
|
||||
|
||||
import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertNotNull;
|
||||
import static org.junit.Assert.assertNull;
|
||||
import static org.junit.Assert.assertSame;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
import java.io.IOException;
|
||||
import java.lang.reflect.Field;
|
||||
import java.net.ServerSocket;
|
||||
import java.net.Socket;
|
||||
import java.net.URI;
|
||||
import java.security.PrivilegedExceptionAction;
|
||||
|
||||
|
@ -138,6 +136,53 @@ public class TestHftpDelegationToken {
|
|||
conf.setInt(DFSConfigKeys.DFS_NAMENODE_HTTPS_PORT_KEY, 5);
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
public void testInsecureRemoteCluster() throws Exception {
|
||||
final ServerSocket socket = new ServerSocket(0); // just reserve a port
|
||||
socket.close();
|
||||
Configuration conf = new Configuration();
|
||||
URI fsUri = URI.create("hsftp://localhost:"+socket.getLocalPort());
|
||||
assertNull(FileSystem.newInstance(fsUri, conf).getDelegationToken(null));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSecureClusterError() throws Exception {
|
||||
final ServerSocket socket = new ServerSocket(0);
|
||||
Thread t = new Thread() {
|
||||
@Override
|
||||
public void run() {
|
||||
while (true) { // fetching does a few retries
|
||||
try {
|
||||
Socket s = socket.accept();
|
||||
s.getOutputStream().write(1234);
|
||||
s.shutdownOutput();
|
||||
} catch (Exception e) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
};
|
||||
t.start();
|
||||
|
||||
try {
|
||||
Configuration conf = new Configuration();
|
||||
URI fsUri = URI.create("hsftp://localhost:"+socket.getLocalPort());
|
||||
Exception ex = null;
|
||||
try {
|
||||
FileSystem.newInstance(fsUri, conf).getDelegationToken(null);
|
||||
} catch (Exception e) {
|
||||
ex = e;
|
||||
}
|
||||
assertNotNull(ex);
|
||||
assertNotNull(ex.getCause());
|
||||
assertEquals("Unexpected end of file from server",
|
||||
ex.getCause().getMessage());
|
||||
} finally {
|
||||
t.interrupt();
|
||||
}
|
||||
}
|
||||
|
||||
private void checkTokenSelection(HftpFileSystem fs,
|
||||
int port,
|
||||
Configuration conf) throws IOException {
|
||||
|
|
Loading…
Reference in New Issue