HADOOP-6620. NPE if renewer is passed as null in getDelegationToken. Contributed by Jitendra Pandey.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@953896 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Jakob Homan 2010-06-11 22:48:15 +00:00
parent 6378822a67
commit fbdb249460
4 changed files with 51 additions and 5 deletions

View File

@ -81,6 +81,9 @@ Trunk (unreleased changes)
HADOOP-6603. Provide workaround for issue with Kerberos not resolving
cross-realm principal (Kan Zhang and Jitendra Pandey via jghoman)
HADOOP-6620. NPE if renewer is passed as null in getDelegationToken.
(Jitendra Pandey via jghoman)
Release 0.21.0 - Unreleased
INCOMPATIBLE CHANGES

View File

@ -49,8 +49,16 @@ extends TokenIdentifier {
}
public AbstractDelegationTokenIdentifier(Text owner, Text renewer, Text realUser) {
this.owner = owner;
this.renewer = renewer;
if (owner == null) {
this.owner = new Text();
} else {
this.owner = owner;
}
if (renewer == null) {
this.renewer = new Text();
} else {
this.renewer = renewer;
}
if (realUser == null) {
this.realUser = new Text();
} else {
@ -170,4 +178,14 @@ extends TokenIdentifier {
WritableUtils.writeVInt(out, sequenceNumber);
WritableUtils.writeVInt(out, masterKeyId);
}
public String toString() {
StringBuilder buffer = new StringBuilder();
buffer
.append("owner=" + owner + ", renewer=" + renewer + ", realUser="
+ realUser + ", issueDate=" + issueDate + ", maxDate=" + maxDate
+ ", sequenceNumber=" + sequenceNumber + ", masterKeyId="
+ masterKeyId);
return buffer.toString();
}
}

View File

@ -178,6 +178,7 @@ extends AbstractDelegationTokenIdentifier>
@Override
protected synchronized byte[] createPassword(TokenIdent identifier) {
LOG.info("Creating password for identifier: "+identifier);
int sequenceNum;
long now = System.currentTimeMillis();
sequenceNum = ++delegationTokenSequenceNumber;
@ -220,12 +221,13 @@ extends AbstractDelegationTokenIdentifier>
DataInputStream in = new DataInputStream(buf);
TokenIdent id = createIdentifier();
id.readFields(in);
LOG.info("Token renewal requested for identifier: "+id);
if (id.getMaxDate() < now) {
throw new InvalidToken("User " + renewer +
" tried to renew an expired token");
}
if (id.getRenewer() == null) {
if ((id.getRenewer() == null) || ("".equals(id.getRenewer().toString()))) {
throw new AccessControlException("User " + renewer +
" tried to renew a token without " +
"a renewer");
@ -271,13 +273,16 @@ extends AbstractDelegationTokenIdentifier>
DataInputStream in = new DataInputStream(buf);
TokenIdent id = createIdentifier();
id.readFields(in);
LOG.info("Token cancelation requested for identifier: "+id);
if (id.getUser() == null) {
throw new InvalidToken("Token with no owner");
}
String owner = id.getUser().getUserName();
Text renewer = id.getRenewer();
if (!canceller.equals(owner)
&& (renewer == null || !canceller.equals(renewer.toString()))) {
&& (renewer == null || "".equals(renewer.toString()) || !canceller
.equals(renewer.toString()))) {
throw new AccessControlException(canceller
+ " is not authorized to cancel the token");
}

View File

@ -365,4 +365,24 @@ public class TestDelegationToken {
dtSecretManager.stopThreads();
}
}
@Test
public void testDelegationTokenNullRenewer() throws Exception {
TestDelegationTokenSecretManager dtSecretManager =
new TestDelegationTokenSecretManager(24*60*60*1000,
10*1000,1*1000,3600000);
dtSecretManager.startThreads();
TestDelegationTokenIdentifier dtId = new TestDelegationTokenIdentifier(new Text(
"theuser"), null, null);
Token<TestDelegationTokenIdentifier> token = new Token<TestDelegationTokenIdentifier>(
dtId, dtSecretManager);
Assert.assertTrue(token != null);
try {
dtSecretManager.renewToken(token, "");
Assert.fail("Renewal must not succeed");
} catch (IOException e) {
//PASS
}
}
}