HADOOP-7172. SecureIO should not check owner on non-secure clusters that have no native support. Contributed by Todd Lipcon

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1095958 13f79535-47bb-0310-9956-ffa450edef68
2011-04-22 16:19:46 +00:00 · 2011-04-22 16:19:46 +00:00 · dc16490ad3
parent 99ebad8e75
commit dc16490ad3
3 changed files with 34 additions and 13 deletions
--- a/CHANGES.txt
+++ b/CHANGES.txt
@ -596,6 +596,9 @@ Release 0.22.0 - Unreleased
    HADOOP-7229. Do not default to an absolute path for kinit in Kerberos
    auto-renewal thread. (Aaron T. Myers via todd)

+    HADOOP-7172. SecureIO should not check owner on non-secure
+    clusters that have no native support. (todd via eli)
+
 Release 0.21.1 - Unreleased

  IMPROVEMENTS
--- a/src/java/org/apache/hadoop/io/SecureIOUtils.java
+++ b/src/java/org/apache/hadoop/io/SecureIOUtils.java
@ -91,23 +91,32 @@ public class SecureIOUtils {

  /**
   * Open the given File for read access, verifying the expected user/group
-   * constraints.
+   * constraints if security is enabled.
+   *
+   * Note that this function provides no additional checks if Hadoop
+   * security is disabled, since doing the checks would be too expensive
+   * when native libraries are not available.
+   *
   * @param f the file that we are trying to open
   * @param expectedOwner the expected user owner for the file
   * @param expectedGroup the expected group owner for the file
-   * @throws IOException if an IO Error occurred, or the user/group does not 
-   * match
+   * @throws IOException if an IO Error occurred, or security is enabled and
+   * the user/group does not match
   */
  public static FileInputStream openForRead(File f, String expectedOwner, 
      String expectedGroup) throws IOException {
-    if (skipSecurity) {
-      // Subject to race conditions but this is the best we can do
-      FileStatus status =
-        rawFilesystem.getFileStatus(new Path(f.getAbsolutePath()));
-      checkStat(f, status.getOwner(), status.getGroup(),
-          expectedOwner, expectedGroup);
+    if (!UserGroupInformation.isSecurityEnabled()) {
      return new FileInputStream(f);
    }
+    return forceSecureOpenForRead(f, expectedOwner, expectedGroup);
+  }
+
+  /**
+   * Same as openForRead() except that it will run even if security is off.
+   * This is used by unit tests.
+   */
+  static FileInputStream forceSecureOpenForRead(File f, String expectedOwner,
+      String expectedGroup) throws IOException {

    FileInputStream fis = new FileInputStream(f);
    boolean success = false;
--- a/src/test/core/org/apache/hadoop/io/TestSecureIOUtils.java
+++ b/src/test/core/org/apache/hadoop/io/TestSecureIOUtils.java
@ -64,11 +64,20 @@ public class TestSecureIOUtils {
      .openForRead(testFilePath, realOwner, realGroup).close();
  }

-  @Test(expected=IOException.class)
+  @Test
  public void testReadIncorrectlyRestrictedWithSecurity() throws IOException {
-    SecureIOUtils
-      .openForRead(testFilePath, "invalidUser", null).close();
-    fail("Didn't throw expection for wrong ownership!");
+    // this will only run if libs are available
+    assumeTrue(NativeIO.isAvailable());
+
+    System.out.println("Running test with native libs...");
+
+    try {
+      SecureIOUtils
+        .forceSecureOpenForRead(testFilePath, "invalidUser", null).close();
+      fail("Didn't throw expection for wrong ownership!");
+    } catch (IOException ioe) {
+      // expected
+    }
  }

  @Test