HADOOP-10941. Proxy user verification NPEs if remote host is unresolvable (Benoy Antony via stevel).
This commit is contained in:
parent
e286512a71
commit
0ab3f9d564
@ -1240,6 +1240,9 @@ Release 2.8.0 - UNRELEASED
|
||||
HADOOP-11628. SPNEGO auth does not work with CNAMEs in JDK8.
|
||||
(Daryn Sharp via stevel).
|
||||
|
||||
HADOOP-10941. Proxy user verification NPEs if remote host is unresolvable.
|
||||
(Benoy Antony via stevel).
|
||||
|
||||
OPTIMIZATIONS
|
||||
|
||||
HADOOP-12051. ProtobufRpcEngine.invoke() should use Exception.toString()
|
||||
|
@ -108,6 +108,10 @@ public Configuration getConf() {
|
||||
public void authorize(UserGroupInformation user,
|
||||
String remoteAddress) throws AuthorizationException {
|
||||
|
||||
if (user == null) {
|
||||
throw new IllegalArgumentException("user is null.");
|
||||
}
|
||||
|
||||
UserGroupInformation realUser = user.getRealUser();
|
||||
if (realUser == null) {
|
||||
return;
|
||||
|
@ -18,7 +18,6 @@
|
||||
package org.apache.hadoop.util;
|
||||
|
||||
import java.net.InetAddress;
|
||||
|
||||
import java.net.UnknownHostException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
@ -141,6 +140,10 @@ public boolean includes(String ipAddress) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (ipAddress == null) {
|
||||
throw new IllegalArgumentException("ipAddress is null.");
|
||||
}
|
||||
|
||||
//check in the set of ipAddresses
|
||||
if ((ipAddresses != null) && ipAddresses.contains(ipAddress)) {
|
||||
return true;
|
||||
|
@ -334,6 +334,45 @@ public void testIPRange() {
|
||||
assertNotAuthorized(proxyUserUgi, "10.221.0.0");
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void testNullUser() throws Exception {
|
||||
Configuration conf = new Configuration();
|
||||
conf.set(
|
||||
DefaultImpersonationProvider.getTestProvider().
|
||||
getProxySuperuserGroupConfKey(REAL_USER_NAME),
|
||||
"*");
|
||||
conf.set(
|
||||
DefaultImpersonationProvider.getTestProvider().
|
||||
getProxySuperuserIpConfKey(REAL_USER_NAME),
|
||||
PROXY_IP_RANGE);
|
||||
ProxyUsers.refreshSuperUserGroupsConfiguration(conf);
|
||||
// user is null
|
||||
ProxyUsers.authorize(null, "10.222.0.0");
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void testNullIpAddress() throws Exception {
|
||||
Configuration conf = new Configuration();
|
||||
conf.set(
|
||||
DefaultImpersonationProvider.getTestProvider().
|
||||
getProxySuperuserGroupConfKey(REAL_USER_NAME),
|
||||
"*");
|
||||
conf.set(
|
||||
DefaultImpersonationProvider.getTestProvider().
|
||||
getProxySuperuserIpConfKey(REAL_USER_NAME),
|
||||
PROXY_IP_RANGE);
|
||||
ProxyUsers.refreshSuperUserGroupsConfiguration(conf);
|
||||
|
||||
// First try proxying a group that's allowed
|
||||
UserGroupInformation realUserUgi = UserGroupInformation
|
||||
.createRemoteUser(REAL_USER_NAME);
|
||||
UserGroupInformation proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
|
||||
PROXY_USER_NAME, realUserUgi, GROUP_NAMES);
|
||||
|
||||
// remote address is null
|
||||
ProxyUsers.authorize(proxyUserUgi, null);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testWithDuplicateProxyGroups() throws Exception {
|
||||
Configuration conf = new Configuration();
|
||||
|
@ -176,7 +176,15 @@ public void testCIDRs() {
|
||||
|
||||
//test for exclusion with an unknown IP
|
||||
assertFalse(ml.includes("10.119.103.111"));
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void testNullIpAddress() {
|
||||
//create MachineList with a list of of ip ranges specified in CIDR format
|
||||
MachineList ml = new MachineList(CIDR_LIST);
|
||||
|
||||
//test for exclusion with a null IP
|
||||
assertFalse(ml.includes(null));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
Loading…
Reference in New Issue
Block a user