YARN-2847. Linux native container executor segfaults if default banned user detected. Contributed by Olaf Flebbe

(cherry picked from commit 1a0f508b63)
2015-02-13 20:20:07 +00:00 · 2015-02-13 20:20:07 +00:00 · c9cd58d711
parent f507791554
commit c9cd58d711
3 changed files with 24 additions and 6 deletions
--- a/hadoop-yarn-project/CHANGES.txt
+++ b/hadoop-yarn-project/CHANGES.txt
@ -557,6 +557,9 @@ Release 2.7.0 - UNRELEASED
    YARN-3164. RMAdmin command usage prints incorrect command name. 
    (Bibin A Chundatt via xgong)

+    YARN-2847. Linux native container executor segfaults if default banned
+    user detected (Olaf Flebbe via jlowe)
+
 Release 2.6.0 - 2014-11-18

  INCOMPATIBLE CHANGES
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c
@ -684,8 +684,9 @@ struct passwd* check_user(const char *user) {
    return NULL;
  }
  char **banned_users = get_values(BANNED_USERS_KEY);
-  char **banned_user = (banned_users == NULL) ? 
+  banned_users = banned_users == NULL ?
    (char**) DEFAULT_BANNED_USERS : banned_users;
+  char **banned_user = banned_users;
  for(; *banned_user; ++banned_user) {
    if (strcmp(*banned_user, user) == 0) {
      free(user_info);
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/test-container-executor.c
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/test-container-executor.c
@ -89,15 +89,19 @@ void run(const char *cmd) {
  }
 }

-int write_config_file(char *file_name) {
+int write_config_file(char *file_name, int banned) {
  FILE *file;
  file = fopen(file_name, "w");
  if (file == NULL) {
    printf("Failed to open %s.\n", file_name);
    return EXIT_FAILURE;
  }
-  fprintf(file, "banned.users=bannedUser\n");
-  fprintf(file, "min.user.id=500\n");
+  if (banned != 0) {
+    fprintf(file, "banned.users=bannedUser\n");
+    fprintf(file, "min.user.id=500\n");
+  } else {
+    fprintf(file, "min.user.id=0\n");
+  }
  fprintf(file, "allowed.system.users=allowedUser,daemon\n");
  fclose(file);
  return 0;
@ -385,7 +389,7 @@ void test_delete_user() {

  char buffer[100000];
  sprintf(buffer, "%s/test.cfg", app_dir);
-  if (write_config_file(buffer) != 0) {
+  if (write_config_file(buffer, 1) != 0) {
    exit(1);
  }

@ -745,7 +749,7 @@ int main(int argc, char **argv) {
    exit(1);
  }
  
-  if (write_config_file(TEST_ROOT "/test.cfg") != 0) {
+  if (write_config_file(TEST_ROOT "/test.cfg", 1) != 0) {
    exit(1);
  }
  read_config(TEST_ROOT "/test.cfg");
@ -817,6 +821,16 @@ int main(int argc, char **argv) {
  seteuid(0);
  // test_delete_user must run as root since that's how we use the delete_as_user
  test_delete_user();
+  free_configurations();
+
+  printf("\nTrying banned default user()\n");
+  if (write_config_file(TEST_ROOT "/test.cfg", 0) != 0) {
+    exit(1);
+  }
+
+  read_config(TEST_ROOT "/test.cfg");
+  username = "bin";
+  test_check_user();

  run("rm -fr " TEST_ROOT);
  printf("\nFinished tests\n");