HADOOP-11077. NPE if hosts not specified in ProxyUsers. (gchanan via tucu)
This commit is contained in:
parent
16a4558fda
commit
d0e2116502
|
@ -442,6 +442,8 @@ Release 2.6.0 - UNRELEASED
|
|||
HADOOP-10925. Compilation fails in native link0 function on Windows.
|
||||
(cnauroth)
|
||||
|
||||
HADOOP-11077. NPE if hosts not specified in ProxyUsers. (gchanan via tucu)
|
||||
|
||||
Release 2.5.1 - UNRELEASED
|
||||
|
||||
INCOMPATIBLE CHANGES
|
||||
|
|
|
@ -123,7 +123,7 @@ public class DefaultImpersonationProvider implements ImpersonationProvider {
|
|||
MachineList MachineList = proxyHosts.get(
|
||||
getProxySuperuserIpConfKey(realUser.getShortUserName()));
|
||||
|
||||
if(!MachineList.includes(remoteAddress)) {
|
||||
if(MachineList == null || !MachineList.includes(remoteAddress)) {
|
||||
throw new AuthorizationException("Unauthorized connection for super-user: "
|
||||
+ realUser.getUserName() + " from IP " + remoteAddress);
|
||||
}
|
||||
|
|
|
@ -478,6 +478,21 @@ public class TestProxyUsers {
|
|||
assertNotAuthorized(proxyUserUgi, "1.2.3.5");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testNoHostsForUsers() throws Exception {
|
||||
Configuration conf = new Configuration(false);
|
||||
conf.set("y." + REAL_USER_NAME + ".users",
|
||||
StringUtils.join(",", Arrays.asList(AUTHORIZED_PROXY_USER_NAME)));
|
||||
ProxyUsers.refreshSuperUserGroupsConfiguration(conf, "y");
|
||||
|
||||
UserGroupInformation realUserUgi = UserGroupInformation
|
||||
.createRemoteUser(REAL_USER_NAME);
|
||||
UserGroupInformation proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
|
||||
AUTHORIZED_PROXY_USER_NAME, realUserUgi, GROUP_NAMES);
|
||||
|
||||
// IP doesn't matter
|
||||
assertNotAuthorized(proxyUserUgi, "1.2.3.4");
|
||||
}
|
||||
|
||||
private void assertNotAuthorized(UserGroupInformation proxyUgi, String host) {
|
||||
try {
|
||||
|
|
Loading…
Reference in New Issue