Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HADOOP-6620. NPE if renewer is passed as null in getDelegationToken. Contributed by Jitendra Pandey. 

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@953896 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Jakob Homan 2010-06-11 22:48:15 +00:00
parent 6378822a67
commit fbdb249460
4 changed files with 51 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES.txt
View File

@ -81,6 +81,9 @@ Trunk (unreleased changes)
HADOOP-6603. Provide workaround for issue with Kerberos not resolving HADOOP-6603. Provide workaround for issue with Kerberos not resolving
cross-realm principal (Kan Zhang and Jitendra Pandey via jghoman) cross-realm principal (Kan Zhang and Jitendra Pandey via jghoman)
HADOOP-6620. NPE if renewer is passed as null in getDelegationToken.
(Jitendra Pandey via jghoman)
Release 0.21.0 - Unreleased Release 0.21.0 - Unreleased
INCOMPATIBLE CHANGES INCOMPATIBLE CHANGES

22
src/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenIdentifier.java
View File

@ -49,8 +49,16 @@ extends TokenIdentifier {
} }
public AbstractDelegationTokenIdentifier(Text owner, Text renewer, Text realUser) { public AbstractDelegationTokenIdentifier(Text owner, Text renewer, Text realUser) {
this.owner = owner; if (owner == null) {
this.renewer = renewer; this.owner = new Text();
} else {
this.owner = owner;
}
if (renewer == null) {
this.renewer = new Text();
} else {
this.renewer = renewer;
}
if (realUser == null) { if (realUser == null) {
this.realUser = new Text(); this.realUser = new Text();
} else { } else {
@ -170,4 +178,14 @@ extends TokenIdentifier {
WritableUtils.writeVInt(out, sequenceNumber); WritableUtils.writeVInt(out, sequenceNumber);
WritableUtils.writeVInt(out, masterKeyId); WritableUtils.writeVInt(out, masterKeyId);
} }
public String toString() {
StringBuilder buffer = new StringBuilder();
buffer
.append("owner=" + owner + ", renewer=" + renewer + ", realUser="
+ realUser + ", issueDate=" + issueDate + ", maxDate=" + maxDate
+ ", sequenceNumber=" + sequenceNumber + ", masterKeyId="
+ masterKeyId);
return buffer.toString();
}
} }

11
src/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java
View File

@ -178,6 +178,7 @@ extends AbstractDelegationTokenIdentifier>
@Override @Override
protected synchronized byte[] createPassword(TokenIdent identifier) { protected synchronized byte[] createPassword(TokenIdent identifier) {
LOG.info("Creating password for identifier: "+identifier);
int sequenceNum; int sequenceNum;
long now = System.currentTimeMillis(); long now = System.currentTimeMillis();
sequenceNum = ++delegationTokenSequenceNumber; sequenceNum = ++delegationTokenSequenceNumber;
@ -220,12 +221,13 @@ extends AbstractDelegationTokenIdentifier>
DataInputStream in = new DataInputStream(buf); DataInputStream in = new DataInputStream(buf);
TokenIdent id = createIdentifier(); TokenIdent id = createIdentifier();
id.readFields(in); id.readFields(in);
LOG.info("Token renewal requested for identifier: "+id);
if (id.getMaxDate() < now) { if (id.getMaxDate() < now) {
throw new InvalidToken("User " + renewer + throw new InvalidToken("User " + renewer +
" tried to renew an expired token"); " tried to renew an expired token");
} }
if (id.getRenewer() == null) { if ((id.getRenewer() == null) || ("".equals(id.getRenewer().toString()))) {
throw new AccessControlException("User " + renewer + throw new AccessControlException("User " + renewer +
" tried to renew a token without " + " tried to renew a token without " +
"a renewer"); "a renewer");
@ -271,13 +273,16 @@ extends AbstractDelegationTokenIdentifier>
DataInputStream in = new DataInputStream(buf); DataInputStream in = new DataInputStream(buf);
TokenIdent id = createIdentifier(); TokenIdent id = createIdentifier();
id.readFields(in); id.readFields(in);
LOG.info("Token cancelation requested for identifier: "+id);
if (id.getUser() == null) { if (id.getUser() == null) {
throw new InvalidToken("Token with no owner"); throw new InvalidToken("Token with no owner");
} }
String owner = id.getUser().getUserName(); String owner = id.getUser().getUserName();
Text renewer = id.getRenewer(); Text renewer = id.getRenewer();
if (!canceller.equals(owner) if (!canceller.equals(owner)
&& (renewer == null || !canceller.equals(renewer.toString()))) { && (renewer == null || "".equals(renewer.toString()) || !canceller
.equals(renewer.toString()))) {
throw new AccessControlException(canceller throw new AccessControlException(canceller
+ " is not authorized to cancel the token"); + " is not authorized to cancel the token");
} }

20
src/test/core/org/apache/hadoop/security/token/delegation/TestDelegationToken.java
View File

@ -365,4 +365,24 @@ public class TestDelegationToken {
dtSecretManager.stopThreads(); dtSecretManager.stopThreads();
} }
} }
@Test
public void testDelegationTokenNullRenewer() throws Exception {
TestDelegationTokenSecretManager dtSecretManager =
new TestDelegationTokenSecretManager(24*60*60*1000,
10*1000,1*1000,3600000);
dtSecretManager.startThreads();
TestDelegationTokenIdentifier dtId = new TestDelegationTokenIdentifier(new Text(
"theuser"), null, null);
Token<TestDelegationTokenIdentifier> token = new Token<TestDelegationTokenIdentifier>(
dtId, dtSecretManager);
Assert.assertTrue(token != null);
try {
dtSecretManager.renewToken(token, "");
Assert.fail("Renewal must not succeed");
} catch (IOException e) {
//PASS
}
}
} }