From a469833639c7a5ef525a108a1ac70213881e627d Mon Sep 17 00:00:00 2001 From: Steve Loughran Date: Tue, 30 Sep 2014 17:30:06 -0700 Subject: [PATCH] HADOOP-11117 UGI HadoopLoginModule doesn't catch & wrap all kerberos-related exceptions (stevel) --- .../hadoop-common/CHANGES.txt | 3 +++ .../java/org/apache/hadoop/security/User.java | 3 ++- .../hadoop/security/UserGroupInformation.java | 18 ++++++++++++++++-- .../security/TestUserGroupInformation.java | 3 ++- 4 files changed, 23 insertions(+), 4 deletions(-) diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index 95ea5b6e5d..da51fd0e1a 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -918,6 +918,9 @@ Release 2.6.0 - UNRELEASED HADOOP-11145. TestFairCallQueue fails. (Akira AJISAKA via cnauroth) + HADOOP-11117 UGI HadoopLoginModule doesn't catch & wrap all + kerberos-related exceptions (stevel) + Release 2.5.1 - 2014-09-05 INCOMPATIBLE CHANGES diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/User.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/User.java index 8d9b28b0d1..236e9626f2 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/User.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/User.java @@ -47,7 +47,8 @@ class User implements Principal { try { shortName = new HadoopKerberosName(name).getShortName(); } catch (IOException ioe) { - throw new IllegalArgumentException("Illegal principal name " + name, ioe); + throw new IllegalArgumentException("Illegal principal name " + name + +": " + ioe.toString(), ioe); } fullName = name; diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java index 1b024eb13e..45328c7b79 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java @@ -178,7 +178,21 @@ public class UserGroupInformation { } // if we found the user, add our principal if (user != null) { - subject.getPrincipals().add(new User(user.getName())); + if (LOG.isDebugEnabled()) { + LOG.debug("Using user: \"" + user + "\" with name " + user.getName()); + } + + User userEntry = null; + try { + userEntry = new User(user.getName()); + } catch (Exception e) { + throw (LoginException)(new LoginException(e.toString()).initCause(e)); + } + if (LOG.isDebugEnabled()) { + LOG.debug("User entry: \"" + userEntry.toString() + "\"" ); + } + + subject.getPrincipals().add(userEntry); return true; } LOG.error("Can't find user in " + subject); @@ -931,7 +945,7 @@ public class UserGroupInformation { metrics.loginFailure.add(Time.now() - start); } throw new IOException("Login failure for " + user + " from keytab " + - path, le); + path+ ": " + le, le); } LOG.info("Login successful for user " + keytabPrincipal + " using keytab file " + keytabFile); diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java index d676782572..48b9b99928 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java @@ -340,7 +340,8 @@ public class TestUserGroupInformation { } catch (IllegalArgumentException e) { String expect = (userName == null || userName.isEmpty()) ? "Null user" : "Illegal principal name "+userName; - assertEquals(expect, e.getMessage()); + assertTrue("Did not find "+ expect + " in " + e, + e.toString().contains(expect)); } }