From b77bc477b5619e8fef8ed02da6042ea0d0c2de4d Mon Sep 17 00:00:00 2001 From: Aaron Myers Date: Fri, 19 Aug 2011 22:36:04 +0000 Subject: [PATCH] Follow-up to HADOOP-7119 - removing two files which were moved. git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1159806 13f79535-47bb-0310-9956-ffa450edef68 --- .../apache/hadoop/security/KerberosName.java | 408 ------------------ .../hadoop/security/TestKerberosName.java | 90 ---- 2 files changed, 498 deletions(-) delete mode 100644 hadoop-common/src/main/java/org/apache/hadoop/security/KerberosName.java delete mode 100644 hadoop-common/src/test/java/org/apache/hadoop/security/TestKerberosName.java diff --git a/hadoop-common/src/main/java/org/apache/hadoop/security/KerberosName.java b/hadoop-common/src/main/java/org/apache/hadoop/security/KerberosName.java deleted file mode 100644 index b533cd22f77..00000000000 --- a/hadoop-common/src/main/java/org/apache/hadoop/security/KerberosName.java +++ /dev/null @@ -1,408 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.security; - -import java.io.IOException; -import java.util.ArrayList; -import java.util.List; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -import org.apache.hadoop.classification.InterfaceAudience; -import org.apache.hadoop.classification.InterfaceStability; -import org.apache.hadoop.conf.Configuration; - -import sun.security.krb5.Config; -import sun.security.krb5.KrbException; - -/** - * This class implements parsing and handling of Kerberos principal names. In - * particular, it splits them apart and translates them down into local - * operating system names. - */ -@SuppressWarnings("all") -@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"}) -@InterfaceStability.Evolving -public class KerberosName { - /** The first component of the name */ - private final String serviceName; - /** The second component of the name. It may be null. */ - private final String hostName; - /** The realm of the name. */ - private final String realm; - - /** - * A pattern that matches a Kerberos name with at most 2 components. - */ - private static final Pattern nameParser = - Pattern.compile("([^/@]*)(/([^/@]*))?@([^/@]*)"); - - /** - * A pattern that matches a string with out '$' and then a single - * parameter with $n. - */ - private static Pattern parameterPattern = - Pattern.compile("([^$]*)(\\$(\\d*))?"); - - /** - * A pattern for parsing a auth_to_local rule. - */ - private static final Pattern ruleParser = - Pattern.compile("\\s*((DEFAULT)|(RULE:\\[(\\d*):([^\\]]*)](\\(([^)]*)\\))?"+ - "(s/([^/]*)/([^/]*)/(g)?)?))"); - - /** - * A pattern that recognizes simple/non-simple names. - */ - private static final Pattern nonSimplePattern = Pattern.compile("[/@]"); - - /** - * The list of translation rules. - */ - private static List rules; - - private static String defaultRealm; - private static Config kerbConf; - - static { - try { - kerbConf = Config.getInstance(); - defaultRealm = kerbConf.getDefaultRealm(); - } catch (KrbException ke) { - if(UserGroupInformation.isSecurityEnabled()) - throw new IllegalArgumentException("Can't get Kerberos configuration",ke); - else - defaultRealm=""; - } - } - - /** - * Create a name from the full Kerberos principal name. - * @param name - */ - public KerberosName(String name) { - Matcher match = nameParser.matcher(name); - if (!match.matches()) { - if (name.contains("@")) { - throw new IllegalArgumentException("Malformed Kerberos name: " + name); - } else { - serviceName = name; - hostName = null; - realm = null; - } - } else { - serviceName = match.group(1); - hostName = match.group(3); - realm = match.group(4); - } - } - - /** - * Get the configured default realm. - * @return the default realm from the krb5.conf - */ - public String getDefaultRealm() { - return defaultRealm; - } - - /** - * Put the name back together from the parts. - */ - @Override - public String toString() { - StringBuilder result = new StringBuilder(); - result.append(serviceName); - if (hostName != null) { - result.append('/'); - result.append(hostName); - } - if (realm != null) { - result.append('@'); - result.append(realm); - } - return result.toString(); - } - - /** - * Get the first component of the name. - * @return the first section of the Kerberos principal name - */ - public String getServiceName() { - return serviceName; - } - - /** - * Get the second component of the name. - * @return the second section of the Kerberos principal name, and may be null - */ - public String getHostName() { - return hostName; - } - - /** - * Get the realm of the name. - * @return the realm of the name, may be null - */ - public String getRealm() { - return realm; - } - - /** - * An encoding of a rule for translating kerberos names. - */ - private static class Rule { - private final boolean isDefault; - private final int numOfComponents; - private final String format; - private final Pattern match; - private final Pattern fromPattern; - private final String toPattern; - private final boolean repeat; - - Rule() { - isDefault = true; - numOfComponents = 0; - format = null; - match = null; - fromPattern = null; - toPattern = null; - repeat = false; - } - - Rule(int numOfComponents, String format, String match, String fromPattern, - String toPattern, boolean repeat) { - isDefault = false; - this.numOfComponents = numOfComponents; - this.format = format; - this.match = match == null ? null : Pattern.compile(match); - this.fromPattern = - fromPattern == null ? null : Pattern.compile(fromPattern); - this.toPattern = toPattern; - this.repeat = repeat; - } - - @Override - public String toString() { - StringBuilder buf = new StringBuilder(); - if (isDefault) { - buf.append("DEFAULT"); - } else { - buf.append("RULE:["); - buf.append(numOfComponents); - buf.append(':'); - buf.append(format); - buf.append(']'); - if (match != null) { - buf.append('('); - buf.append(match); - buf.append(')'); - } - if (fromPattern != null) { - buf.append("s/"); - buf.append(fromPattern); - buf.append('/'); - buf.append(toPattern); - buf.append('/'); - if (repeat) { - buf.append('g'); - } - } - } - return buf.toString(); - } - - /** - * Replace the numbered parameters of the form $n where n is from 1 to - * the length of params. Normal text is copied directly and $n is replaced - * by the corresponding parameter. - * @param format the string to replace parameters again - * @param params the list of parameters - * @return the generated string with the parameter references replaced. - * @throws BadFormatString - */ - static String replaceParameters(String format, - String[] params) throws BadFormatString { - Matcher match = parameterPattern.matcher(format); - int start = 0; - StringBuilder result = new StringBuilder(); - while (start < format.length() && match.find(start)) { - result.append(match.group(1)); - String paramNum = match.group(3); - if (paramNum != null) { - try { - int num = Integer.parseInt(paramNum); - if (num < 0 || num > params.length) { - throw new BadFormatString("index " + num + " from " + format + - " is outside of the valid range 0 to " + - (params.length - 1)); - } - result.append(params[num]); - } catch (NumberFormatException nfe) { - throw new BadFormatString("bad format in username mapping in " + - paramNum, nfe); - } - - } - start = match.end(); - } - return result.toString(); - } - - /** - * Replace the matches of the from pattern in the base string with the value - * of the to string. - * @param base the string to transform - * @param from the pattern to look for in the base string - * @param to the string to replace matches of the pattern with - * @param repeat whether the substitution should be repeated - * @return - */ - static String replaceSubstitution(String base, Pattern from, String to, - boolean repeat) { - Matcher match = from.matcher(base); - if (repeat) { - return match.replaceAll(to); - } else { - return match.replaceFirst(to); - } - } - - /** - * Try to apply this rule to the given name represented as a parameter - * array. - * @param params first element is the realm, second and later elements are - * are the components of the name "a/b@FOO" -> {"FOO", "a", "b"} - * @return the short name if this rule applies or null - * @throws IOException throws if something is wrong with the rules - */ - String apply(String[] params) throws IOException { - String result = null; - if (isDefault) { - if (defaultRealm.equals(params[0])) { - result = params[1]; - } - } else if (params.length - 1 == numOfComponents) { - String base = replaceParameters(format, params); - if (match == null || match.matcher(base).matches()) { - if (fromPattern == null) { - result = base; - } else { - result = replaceSubstitution(base, fromPattern, toPattern, repeat); - } - } - } - if (result != null && nonSimplePattern.matcher(result).find()) { - throw new NoMatchingRule("Non-simple name " + result + - " after auth_to_local rule " + this); - } - return result; - } - } - - static List parseRules(String rules) { - List result = new ArrayList(); - String remaining = rules.trim(); - while (remaining.length() > 0) { - Matcher matcher = ruleParser.matcher(remaining); - if (!matcher.lookingAt()) { - throw new IllegalArgumentException("Invalid rule: " + remaining); - } - if (matcher.group(2) != null) { - result.add(new Rule()); - } else { - result.add(new Rule(Integer.parseInt(matcher.group(4)), - matcher.group(5), - matcher.group(7), - matcher.group(9), - matcher.group(10), - "g".equals(matcher.group(11)))); - } - remaining = remaining.substring(matcher.end()); - } - return result; - } - - /** - * Set the static configuration to get the rules. - * @param conf the new configuration - * @throws IOException - */ - public static void setConfiguration(Configuration conf) throws IOException { - String ruleString = conf.get("hadoop.security.auth_to_local", "DEFAULT"); - rules = parseRules(ruleString); - } - - @SuppressWarnings("serial") - public static class BadFormatString extends IOException { - BadFormatString(String msg) { - super(msg); - } - BadFormatString(String msg, Throwable err) { - super(msg, err); - } - } - - @SuppressWarnings("serial") - public static class NoMatchingRule extends IOException { - NoMatchingRule(String msg) { - super(msg); - } - } - - /** - * Get the translation of the principal name into an operating system - * user name. - * @return the short name - * @throws IOException - */ - public String getShortName() throws IOException { - String[] params; - if (hostName == null) { - // if it is already simple, just return it - if (realm == null) { - return serviceName; - } - params = new String[]{realm, serviceName}; - } else { - params = new String[]{realm, serviceName, hostName}; - } - for(Rule r: rules) { - String result = r.apply(params); - if (result != null) { - return result; - } - } - throw new NoMatchingRule("No rules applied to " + toString()); - } - - static void printRules() throws IOException { - int i = 0; - for(Rule r: rules) { - System.out.println(++i + " " + r); - } - } - - public static void main(String[] args) throws Exception { - setConfiguration(new Configuration()); - for(String arg: args) { - KerberosName name = new KerberosName(arg); - System.out.println("Name: " + name + " to " + name.getShortName()); - } - } -} diff --git a/hadoop-common/src/test/java/org/apache/hadoop/security/TestKerberosName.java b/hadoop-common/src/test/java/org/apache/hadoop/security/TestKerberosName.java deleted file mode 100644 index e7255ec7b02..00000000000 --- a/hadoop-common/src/test/java/org/apache/hadoop/security/TestKerberosName.java +++ /dev/null @@ -1,90 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.security; - -import java.io.IOException; - -import org.apache.hadoop.conf.Configuration; -import org.junit.Before; -import org.junit.Test; -import static org.junit.Assert.*; - -public class TestKerberosName { - - @Before - public void setUp() throws Exception { - Configuration conf = new Configuration(); - conf.set("hadoop.security.auth_to_local", - ("RULE:[1:$1@$0](.*@YAHOO\\.COM)s/@.*//\n" + - "RULE:[2:$1](johndoe)s/^.*$/guest/\n" + - "RULE:[2:$1;$2](^.*;admin$)s/;admin$//\n" + - "RULE:[2:$2](root)\n" + - "DEFAULT")); - conf.set("hadoop.security.authentication", "kerberos"); - KerberosName.setConfiguration(conf); - KerberosName.printRules(); - } - - private void checkTranslation(String from, String to) throws Exception { - System.out.println("Translate " + from); - KerberosName nm = new KerberosName(from); - String simple = nm.getShortName(); - System.out.println("to " + simple); - assertEquals("short name incorrect", to, simple); - } - - @Test - public void testRules() throws Exception { - checkTranslation("omalley@APACHE.ORG", "omalley"); - checkTranslation("hdfs/10.0.0.1@APACHE.ORG", "hdfs"); - checkTranslation("oom@YAHOO.COM", "oom"); - checkTranslation("johndoe/zoo@FOO.COM", "guest"); - checkTranslation("joe/admin@FOO.COM", "joe"); - checkTranslation("joe/root@FOO.COM", "root"); - } - - private void checkBadName(String name) { - System.out.println("Checking " + name + " to ensure it is bad."); - try { - new KerberosName(name); - fail("didn't get exception for " + name); - } catch (IllegalArgumentException iae) { - // PASS - } - } - - private void checkBadTranslation(String from) { - System.out.println("Checking bad translation for " + from); - KerberosName nm = new KerberosName(from); - try { - nm.getShortName(); - fail("didn't get exception for " + from); - } catch (IOException ie) { - // PASS - } - } - - @Test - public void testAntiPatterns() throws Exception { - checkBadName("owen/owen/owen@FOO.COM"); - checkBadName("owen@foo/bar.com"); - checkBadTranslation("foo@ACME.COM"); - checkBadTranslation("root/joe@FOO.COM"); - } -}