From 1a0f508b6386b1c26ec606f6d73afddaa191b7d8 Mon Sep 17 00:00:00 2001 From: Jason Lowe Date: Fri, 13 Feb 2015 20:20:07 +0000 Subject: [PATCH] YARN-2847. Linux native container executor segfaults if default banned user detected. Contributed by Olaf Flebbe --- hadoop-yarn-project/CHANGES.txt | 3 +++ .../impl/container-executor.c | 3 ++- .../test/test-container-executor.c | 24 +++++++++++++++---- 3 files changed, 24 insertions(+), 6 deletions(-) diff --git a/hadoop-yarn-project/CHANGES.txt b/hadoop-yarn-project/CHANGES.txt index cd9b4675f2..1644268ad7 100644 --- a/hadoop-yarn-project/CHANGES.txt +++ b/hadoop-yarn-project/CHANGES.txt @@ -593,6 +593,9 @@ Release 2.7.0 - UNRELEASED YARN-3164. RMAdmin command usage prints incorrect command name. (Bibin A Chundatt via xgong) + YARN-2847. Linux native container executor segfaults if default banned + user detected (Olaf Flebbe via jlowe) + Release 2.6.0 - 2014-11-18 INCOMPATIBLE CHANGES diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c index 04d02326fe..edfd25f767 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c @@ -684,8 +684,9 @@ struct passwd* check_user(const char *user) { return NULL; } char **banned_users = get_values(BANNED_USERS_KEY); - char **banned_user = (banned_users == NULL) ? + banned_users = banned_users == NULL ? (char**) DEFAULT_BANNED_USERS : banned_users; + char **banned_user = banned_users; for(; *banned_user; ++banned_user) { if (strcmp(*banned_user, user) == 0) { free(user_info); diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/test-container-executor.c b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/test-container-executor.c index 7f08e069ab..be6cc4958f 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/test-container-executor.c +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/test-container-executor.c @@ -89,15 +89,19 @@ void run(const char *cmd) { } } -int write_config_file(char *file_name) { +int write_config_file(char *file_name, int banned) { FILE *file; file = fopen(file_name, "w"); if (file == NULL) { printf("Failed to open %s.\n", file_name); return EXIT_FAILURE; } - fprintf(file, "banned.users=bannedUser\n"); - fprintf(file, "min.user.id=500\n"); + if (banned != 0) { + fprintf(file, "banned.users=bannedUser\n"); + fprintf(file, "min.user.id=500\n"); + } else { + fprintf(file, "min.user.id=0\n"); + } fprintf(file, "allowed.system.users=allowedUser,daemon\n"); fclose(file); return 0; @@ -385,7 +389,7 @@ void test_delete_user() { char buffer[100000]; sprintf(buffer, "%s/test.cfg", app_dir); - if (write_config_file(buffer) != 0) { + if (write_config_file(buffer, 1) != 0) { exit(1); } @@ -745,7 +749,7 @@ int main(int argc, char **argv) { exit(1); } - if (write_config_file(TEST_ROOT "/test.cfg") != 0) { + if (write_config_file(TEST_ROOT "/test.cfg", 1) != 0) { exit(1); } read_config(TEST_ROOT "/test.cfg"); @@ -817,6 +821,16 @@ int main(int argc, char **argv) { seteuid(0); // test_delete_user must run as root since that's how we use the delete_as_user test_delete_user(); + free_configurations(); + + printf("\nTrying banned default user()\n"); + if (write_config_file(TEST_ROOT "/test.cfg", 0) != 0) { + exit(1); + } + + read_config(TEST_ROOT "/test.cfg"); + username = "bin"; + test_check_user(); run("rm -fr " TEST_ROOT); printf("\nFinished tests\n");