HADOOP-7172. SecureIO should not check owner on non-secure clusters that have no native support. Contributed by Todd Lipcon
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1095958 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
99ebad8e75
commit
dc16490ad3
|
@ -596,6 +596,9 @@ Release 0.22.0 - Unreleased
|
||||||
HADOOP-7229. Do not default to an absolute path for kinit in Kerberos
|
HADOOP-7229. Do not default to an absolute path for kinit in Kerberos
|
||||||
auto-renewal thread. (Aaron T. Myers via todd)
|
auto-renewal thread. (Aaron T. Myers via todd)
|
||||||
|
|
||||||
|
HADOOP-7172. SecureIO should not check owner on non-secure
|
||||||
|
clusters that have no native support. (todd via eli)
|
||||||
|
|
||||||
Release 0.21.1 - Unreleased
|
Release 0.21.1 - Unreleased
|
||||||
|
|
||||||
IMPROVEMENTS
|
IMPROVEMENTS
|
||||||
|
|
|
@ -91,23 +91,32 @@ public class SecureIOUtils {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Open the given File for read access, verifying the expected user/group
|
* Open the given File for read access, verifying the expected user/group
|
||||||
* constraints.
|
* constraints if security is enabled.
|
||||||
|
*
|
||||||
|
* Note that this function provides no additional checks if Hadoop
|
||||||
|
* security is disabled, since doing the checks would be too expensive
|
||||||
|
* when native libraries are not available.
|
||||||
|
*
|
||||||
* @param f the file that we are trying to open
|
* @param f the file that we are trying to open
|
||||||
* @param expectedOwner the expected user owner for the file
|
* @param expectedOwner the expected user owner for the file
|
||||||
* @param expectedGroup the expected group owner for the file
|
* @param expectedGroup the expected group owner for the file
|
||||||
* @throws IOException if an IO Error occurred, or the user/group does not
|
* @throws IOException if an IO Error occurred, or security is enabled and
|
||||||
* match
|
* the user/group does not match
|
||||||
*/
|
*/
|
||||||
public static FileInputStream openForRead(File f, String expectedOwner,
|
public static FileInputStream openForRead(File f, String expectedOwner,
|
||||||
String expectedGroup) throws IOException {
|
String expectedGroup) throws IOException {
|
||||||
if (skipSecurity) {
|
if (!UserGroupInformation.isSecurityEnabled()) {
|
||||||
// Subject to race conditions but this is the best we can do
|
|
||||||
FileStatus status =
|
|
||||||
rawFilesystem.getFileStatus(new Path(f.getAbsolutePath()));
|
|
||||||
checkStat(f, status.getOwner(), status.getGroup(),
|
|
||||||
expectedOwner, expectedGroup);
|
|
||||||
return new FileInputStream(f);
|
return new FileInputStream(f);
|
||||||
}
|
}
|
||||||
|
return forceSecureOpenForRead(f, expectedOwner, expectedGroup);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Same as openForRead() except that it will run even if security is off.
|
||||||
|
* This is used by unit tests.
|
||||||
|
*/
|
||||||
|
static FileInputStream forceSecureOpenForRead(File f, String expectedOwner,
|
||||||
|
String expectedGroup) throws IOException {
|
||||||
|
|
||||||
FileInputStream fis = new FileInputStream(f);
|
FileInputStream fis = new FileInputStream(f);
|
||||||
boolean success = false;
|
boolean success = false;
|
||||||
|
|
|
@ -64,11 +64,20 @@ public class TestSecureIOUtils {
|
||||||
.openForRead(testFilePath, realOwner, realGroup).close();
|
.openForRead(testFilePath, realOwner, realGroup).close();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test(expected=IOException.class)
|
@Test
|
||||||
public void testReadIncorrectlyRestrictedWithSecurity() throws IOException {
|
public void testReadIncorrectlyRestrictedWithSecurity() throws IOException {
|
||||||
|
// this will only run if libs are available
|
||||||
|
assumeTrue(NativeIO.isAvailable());
|
||||||
|
|
||||||
|
System.out.println("Running test with native libs...");
|
||||||
|
|
||||||
|
try {
|
||||||
SecureIOUtils
|
SecureIOUtils
|
||||||
.openForRead(testFilePath, "invalidUser", null).close();
|
.forceSecureOpenForRead(testFilePath, "invalidUser", null).close();
|
||||||
fail("Didn't throw expection for wrong ownership!");
|
fail("Didn't throw expection for wrong ownership!");
|
||||||
|
} catch (IOException ioe) {
|
||||||
|
// expected
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
Loading…
Reference in New Issue