HADOOP-10941. Proxy user verification NPEs if remote host is unresolvable (Benoy Antony via stevel).

This commit is contained in:
Steve Loughran 2015-10-18 14:05:17 +01:00
parent e286512a71
commit 0ab3f9d564
5 changed files with 58 additions and 1 deletions

View File

@ -1240,6 +1240,9 @@ Release 2.8.0 - UNRELEASED
HADOOP-11628. SPNEGO auth does not work with CNAMEs in JDK8.
(Daryn Sharp via stevel).
HADOOP-10941. Proxy user verification NPEs if remote host is unresolvable.
(Benoy Antony via stevel).
OPTIMIZATIONS
HADOOP-12051. ProtobufRpcEngine.invoke() should use Exception.toString()

View File

@ -108,6 +108,10 @@ public Configuration getConf() {
public void authorize(UserGroupInformation user,
String remoteAddress) throws AuthorizationException {
if (user == null) {
throw new IllegalArgumentException("user is null.");
}
UserGroupInformation realUser = user.getRealUser();
if (realUser == null) {
return;

View File

@ -18,7 +18,6 @@
package org.apache.hadoop.util;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.Collection;
@ -141,6 +140,10 @@ public boolean includes(String ipAddress) {
return true;
}
if (ipAddress == null) {
throw new IllegalArgumentException("ipAddress is null.");
}
//check in the set of ipAddresses
if ((ipAddresses != null) && ipAddresses.contains(ipAddress)) {
return true;

View File

@ -334,6 +334,45 @@ public void testIPRange() {
assertNotAuthorized(proxyUserUgi, "10.221.0.0");
}
@Test(expected = IllegalArgumentException.class)
public void testNullUser() throws Exception {
Configuration conf = new Configuration();
conf.set(
DefaultImpersonationProvider.getTestProvider().
getProxySuperuserGroupConfKey(REAL_USER_NAME),
"*");
conf.set(
DefaultImpersonationProvider.getTestProvider().
getProxySuperuserIpConfKey(REAL_USER_NAME),
PROXY_IP_RANGE);
ProxyUsers.refreshSuperUserGroupsConfiguration(conf);
// user is null
ProxyUsers.authorize(null, "10.222.0.0");
}
@Test(expected = IllegalArgumentException.class)
public void testNullIpAddress() throws Exception {
Configuration conf = new Configuration();
conf.set(
DefaultImpersonationProvider.getTestProvider().
getProxySuperuserGroupConfKey(REAL_USER_NAME),
"*");
conf.set(
DefaultImpersonationProvider.getTestProvider().
getProxySuperuserIpConfKey(REAL_USER_NAME),
PROXY_IP_RANGE);
ProxyUsers.refreshSuperUserGroupsConfiguration(conf);
// First try proxying a group that's allowed
UserGroupInformation realUserUgi = UserGroupInformation
.createRemoteUser(REAL_USER_NAME);
UserGroupInformation proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
PROXY_USER_NAME, realUserUgi, GROUP_NAMES);
// remote address is null
ProxyUsers.authorize(proxyUserUgi, null);
}
@Test
public void testWithDuplicateProxyGroups() throws Exception {
Configuration conf = new Configuration();

View File

@ -176,7 +176,15 @@ public void testCIDRs() {
//test for exclusion with an unknown IP
assertFalse(ml.includes("10.119.103.111"));
}
@Test(expected = IllegalArgumentException.class)
public void testNullIpAddress() {
//create MachineList with a list of of ip ranges specified in CIDR format
MachineList ml = new MachineList(CIDR_LIST);
//test for exclusion with a null IP
assertFalse(ml.includes(null));
}
@Test