Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HADOOP-10562: Merging r1592002 from trunk to branch-2. 

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1592003 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Arpit Agarwal 2014-05-02 18:39:07 +00:00
parent 86e5a7f96d
commit cb889486aa
2 changed files with 18 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hadoop-common-project/hadoop-common/CHANGES.txt
View File

@ -105,6 +105,9 @@ Release 2.5.0 - UNRELEASED
HADOOP-10543. RemoteException's unwrapRemoteException method failed for HADOOP-10543. RemoteException's unwrapRemoteException method failed for
PathIOException. (Yongjun Zhang via atm) PathIOException. (Yongjun Zhang via atm)
HADOOP-10562. Namenode exits on exception without printing stack trace
in AbstractDelegationTokenSecretManager. (Arpit Agarwal)
Release 2.4.1 - UNRELEASED Release 2.4.1 - UNRELEASED
INCOMPATIBLE CHANGES INCOMPATIBLE CHANGES

36
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java
View File

@ -209,8 +209,7 @@ extends AbstractDelegationTokenIdentifier>
currentTokens.put(identifier, new DelegationTokenInformation(renewDate, currentTokens.put(identifier, new DelegationTokenInformation(renewDate,
password, getTrackingIdIfEnabled(identifier))); password, getTrackingIdIfEnabled(identifier)));
} else { } else {
throw new IOException( throw new IOException("Same delegation token being added twice.");
"Same delegation token being added twice.");
} }
} }
@ -355,27 +354,24 @@ extends AbstractDelegationTokenIdentifier>
*/ */
public synchronized long renewToken(Token<TokenIdent> token, public synchronized long renewToken(Token<TokenIdent> token,
String renewer) throws InvalidToken, IOException { String renewer) throws InvalidToken, IOException {
long now = Time.now();
ByteArrayInputStream buf = new ByteArrayInputStream(token.getIdentifier()); ByteArrayInputStream buf = new ByteArrayInputStream(token.getIdentifier());
DataInputStream in = new DataInputStream(buf); DataInputStream in = new DataInputStream(buf);
TokenIdent id = createIdentifier(); TokenIdent id = createIdentifier();
id.readFields(in); id.readFields(in);
LOG.info("Token renewal requested for identifier: "+id); LOG.info("Token renewal for identifier: " + id + "; total currentTokens "
+ currentTokens.size());
long now = Time.now();
if (id.getMaxDate() < now) { if (id.getMaxDate() < now) {
throw new InvalidToken("User " + renewer + throw new InvalidToken(renewer + " tried to renew an expired token");
" tried to renew an expired token");
} }
if ((id.getRenewer() == null) || (id.getRenewer().toString().isEmpty())) { if ((id.getRenewer() == null) || (id.getRenewer().toString().isEmpty())) {
throw new AccessControlException("User " + renewer + throw new AccessControlException(renewer +
" tried to renew a token without " + " tried to renew a token without a renewer");
"a renewer");
} }
if (!id.getRenewer().toString().equals(renewer)) { if (!id.getRenewer().toString().equals(renewer)) {
throw new AccessControlException("Client " + renewer + throw new AccessControlException(renewer +
" tries to renew a token with " + " tries to renew a token with renewer " + id.getRenewer());
"renewer specified as " +
id.getRenewer());
} }
DelegationKey key = allKeys.get(id.getMasterKeyId()); DelegationKey key = allKeys.get(id.getMasterKeyId());
if (key == null) { if (key == null) {
@ -386,8 +382,8 @@ extends AbstractDelegationTokenIdentifier>
} }
byte[] password = createPassword(token.getIdentifier(), key.getKey()); byte[] password = createPassword(token.getIdentifier(), key.getKey());
if (!Arrays.equals(password, token.getPassword())) { if (!Arrays.equals(password, token.getPassword())) {
throw new AccessControlException("Client " + renewer throw new AccessControlException(renewer +
+ " is trying to renew a token with " + "wrong password"); " is trying to renew a token with wrong password");
} }
long renewTime = Math.min(id.getMaxDate(), now + tokenRenewInterval); long renewTime = Math.min(id.getMaxDate(), now + tokenRenewInterval);
String trackingId = getTrackingIdIfEnabled(id); String trackingId = getTrackingIdIfEnabled(id);
@ -429,8 +425,7 @@ extends AbstractDelegationTokenIdentifier>
throw new AccessControlException(canceller throw new AccessControlException(canceller
+ " is not authorized to cancel the token"); + " is not authorized to cancel the token");
} }
DelegationTokenInformation info = null; DelegationTokenInformation info = currentTokens.remove(id);
info = currentTokens.remove(id);
if (info == null) { if (info == null) {
throw new InvalidToken("Token not found"); throw new InvalidToken("Token not found");
} }
@ -554,14 +549,11 @@ extends AbstractDelegationTokenIdentifier>
try { try {
Thread.sleep(Math.min(5000, keyUpdateInterval)); // 5 seconds Thread.sleep(Math.min(5000, keyUpdateInterval)); // 5 seconds
} catch (InterruptedException ie) { } catch (InterruptedException ie) {
LOG LOG.error("ExpiredTokenRemover received " + ie);
.error("InterruptedExcpetion recieved for ExpiredTokenRemover thread "
+ ie);
} }
} }
} catch (Throwable t) { } catch (Throwable t) {
LOG.error("ExpiredTokenRemover thread received unexpected exception. " LOG.error("ExpiredTokenRemover thread received unexpected exception", t);
+ t);
Runtime.getRuntime().exit(-1); Runtime.getRuntime().exit(-1);
} }
} }