From b6c24472f31c1509699b5b4d0c0f9fb5db69a49a Mon Sep 17 00:00:00 2001 From: Chris Nauroth Date: Fri, 22 Aug 2014 04:05:18 +0000 Subject: [PATCH] HADOOP-10989. Work around buggy getgrouplist() implementations on Linux that return 0 on failure. Contributed by Chris Nauroth. git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1619659 13f79535-47bb-0310-9956-ffa450edef68 --- hadoop-common-project/hadoop-common/CHANGES.txt | 3 +++ .../src/org/apache/hadoop/security/hadoop_user_info.c | 10 ++++++++++ 2 files changed, 13 insertions(+) diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index 655df79264..52fc3e0eec 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -686,6 +686,9 @@ Release 2.6.0 - UNRELEASED HADOOP-10488. TestKeyProviderFactory fails randomly. (tucu) + HADOOP-10989. Work around buggy getgrouplist() implementations on Linux that + return 0 on failure. (cnauroth) + Release 2.5.0 - 2014-08-11 INCOMPATIBLE CHANGES diff --git a/hadoop-common-project/hadoop-common/src/main/native/src/org/apache/hadoop/security/hadoop_user_info.c b/hadoop-common-project/hadoop-common/src/main/native/src/org/apache/hadoop/security/hadoop_user_info.c index ca288ec7da..e2438b1b06 100644 --- a/hadoop-common-project/hadoop-common/src/main/native/src/org/apache/hadoop/security/hadoop_user_info.c +++ b/hadoop-common-project/hadoop-common/src/main/native/src/org/apache/hadoop/security/hadoop_user_info.c @@ -193,7 +193,17 @@ int hadoop_user_info_getgroups(struct hadoop_user_info *uinfo) ngroups = uinfo->gids_size; ret = getgrouplist(uinfo->pwd.pw_name, uinfo->pwd.pw_gid, uinfo->gids, &ngroups); + // Return value is different on Linux vs. FreeBSD. Linux: the number of groups + // or -1 on error. FreeBSD: 0 on success or -1 on error. Unfortunately, we + // can't accept a 0 return on Linux, because buggy implementations have been + // observed to return 0 but leave the other out parameters in an indeterminate + // state. This deviates from the man page, but it has been observed in + // practice. See issue HADOOP-10989 for details. +#ifdef __linux__ + if (ret > 0) { +#else if (ret >= 0) { +#endif uinfo->num_gids = ngroups; ret = put_primary_gid_first(uinfo); if (ret) {