HADOOP-10345. Sanitize the the inputs (groups and hosts) for the proxyuser configuration. Contributed by Benoy Antony.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1583454 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
ed64289c80
commit
e908bbe807
|
@ -318,6 +318,9 @@ Release 2.5.0 - UNRELEASED
|
|||
HADOOP-10451. Remove unused field and imports from SaslRpcServer.
|
||||
(Benoy Antony via jing9)
|
||||
|
||||
HADOOP-10345. Sanitize the the inputs (groups and hosts) for the proxyuser
|
||||
configuration. (Benoy Antony via jing9)
|
||||
|
||||
OPTIMIZATIONS
|
||||
|
||||
BUG FIXES
|
||||
|
|
|
@ -70,7 +70,7 @@ public class ProxyUsers {
|
|||
String regex = CONF_HADOOP_PROXYUSER_RE+"[^.]*\\"+CONF_GROUPS;
|
||||
Map<String,String> allMatchKeys = conf.getValByRegex(regex);
|
||||
for(Entry<String, String> entry : allMatchKeys.entrySet()) {
|
||||
Collection<String> groups = StringUtils.getStringCollection(entry.getValue());
|
||||
Collection<String> groups = StringUtils.getTrimmedStringCollection(entry.getValue());
|
||||
proxyGroups.put(entry.getKey(), groups );
|
||||
//cache the groups. This is needed for NetGroups
|
||||
Groups.getUserToGroupsMappingService(conf).cacheGroupsAdd(
|
||||
|
@ -82,7 +82,7 @@ public class ProxyUsers {
|
|||
allMatchKeys = conf.getValByRegex(regex);
|
||||
for(Entry<String, String> entry : allMatchKeys.entrySet()) {
|
||||
proxyHosts.put(entry.getKey(),
|
||||
StringUtils.getStringCollection(entry.getValue()));
|
||||
StringUtils.getTrimmedStringCollection(entry.getValue()));
|
||||
}
|
||||
|
||||
init = true;
|
||||
|
|
|
@ -28,9 +28,11 @@ import java.util.Arrays;
|
|||
import java.util.Collection;
|
||||
import java.util.Date;
|
||||
import java.util.Iterator;
|
||||
import java.util.LinkedHashSet;
|
||||
import java.util.List;
|
||||
import java.util.Locale;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import java.util.StringTokenizer;
|
||||
import java.util.regex.Matcher;
|
||||
import java.util.regex.Pattern;
|
||||
|
@ -351,12 +353,15 @@ public class StringUtils {
|
|||
|
||||
/**
|
||||
* Splits a comma separated value <code>String</code>, trimming leading and trailing whitespace on each value.
|
||||
* Duplicate and empty values are removed.
|
||||
* @param str a comma separated <String> with values
|
||||
* @return a <code>Collection</code> of <code>String</code> values
|
||||
*/
|
||||
public static Collection<String> getTrimmedStringCollection(String str){
|
||||
return new ArrayList<String>(
|
||||
Set<String> set = new LinkedHashSet<String>(
|
||||
Arrays.asList(getTrimmedStrings(str)));
|
||||
set.remove("");
|
||||
return set;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -19,6 +19,7 @@ package org.apache.hadoop.security.authorize;
|
|||
|
||||
import java.io.IOException;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collection;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
@ -223,6 +224,41 @@ public class TestProxyUsers {
|
|||
assertNotAuthorized(proxyUserUgi, "1.2.3.5");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testWithDuplicateProxyGroups() throws Exception {
|
||||
Configuration conf = new Configuration();
|
||||
conf.set(
|
||||
ProxyUsers.getProxySuperuserGroupConfKey(REAL_USER_NAME),
|
||||
StringUtils.join(",", Arrays.asList(GROUP_NAMES,GROUP_NAMES)));
|
||||
conf.set(
|
||||
ProxyUsers.getProxySuperuserIpConfKey(REAL_USER_NAME),
|
||||
PROXY_IP);
|
||||
ProxyUsers.refreshSuperUserGroupsConfiguration(conf);
|
||||
|
||||
Collection<String> groupsToBeProxied = ProxyUsers.getProxyGroups().get(
|
||||
ProxyUsers.getProxySuperuserGroupConfKey(REAL_USER_NAME));
|
||||
|
||||
assertEquals (1,groupsToBeProxied.size());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testWithDuplicateProxyHosts() throws Exception {
|
||||
Configuration conf = new Configuration();
|
||||
conf.set(
|
||||
ProxyUsers.getProxySuperuserGroupConfKey(REAL_USER_NAME),
|
||||
StringUtils.join(",", Arrays.asList(GROUP_NAMES)));
|
||||
conf.set(
|
||||
ProxyUsers.getProxySuperuserIpConfKey(REAL_USER_NAME),
|
||||
StringUtils.join(",", Arrays.asList(PROXY_IP,PROXY_IP)));
|
||||
ProxyUsers.refreshSuperUserGroupsConfiguration(conf);
|
||||
|
||||
Collection<String> hosts = ProxyUsers.getProxyHosts().get(
|
||||
ProxyUsers.getProxySuperuserIpConfKey(REAL_USER_NAME));
|
||||
|
||||
assertEquals (1,hosts.size());
|
||||
}
|
||||
|
||||
|
||||
private void assertNotAuthorized(UserGroupInformation proxyUgi, String host) {
|
||||
try {
|
||||
ProxyUsers.authorize(proxyUgi, host, null);
|
||||
|
|
|
@ -22,9 +22,12 @@ import static org.apache.hadoop.util.StringUtils.TraditionalBinaryPrefix.long2St
|
|||
import static org.apache.hadoop.util.StringUtils.TraditionalBinaryPrefix.string2long;
|
||||
import static org.junit.Assert.assertArrayEquals;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.junit.Assert.fail;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collection;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
@ -401,6 +404,14 @@ public class TestStringUtils extends UnitTestcaseTimeLimit {
|
|||
"begin %foo%_%bar%_%baz% end", pattern, replacements));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testGetUniqueNonEmptyTrimmedStrings (){
|
||||
final String TO_SPLIT = ",foo, bar,baz,,blah,blah,bar,";
|
||||
Collection<String> col = StringUtils.getTrimmedStringCollection(TO_SPLIT);
|
||||
assertEquals(4, col.size());
|
||||
assertTrue(col.containsAll(Arrays.asList(new String[]{"foo","bar","baz","blah"})));
|
||||
}
|
||||
|
||||
// Benchmark for StringUtils split
|
||||
public static void main(String []args) {
|
||||
final String TO_SPLIT = "foo,bar,baz,blah,blah";
|
||||
|
|
Loading…
Reference in New Issue