diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index ce02eef5b2..36c910c07d 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -1375,7 +1375,10 @@ Release 0.23.7 - UNRELEASED permissions (Ivan A. Veselovsky via bobby) HADOOP-9067. provide test for LocalFileSystem.reportChecksumFailure - (Ivan A. Veselovsky via bobby) + (Ivan A. Veselovsky via bobby) + + HADOOP-9336. Allow UGI of current connection to be queried. (Daryn Sharp + via kihwal) OPTIMIZATIONS diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java index be18141aef..c43b8a9029 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java @@ -313,6 +313,14 @@ public static String getRemoteAddress() { return (addr == null) ? null : addr.getHostAddress(); } + /** Returns the RPC remote user when invoked inside an RPC. Note this + * may be different than the current user if called within another doAs + * @return connection's UGI or null if not an RPC + */ + public static UserGroupInformation getRemoteUser() { + Call call = CurCall.get(); + return (call != null) ? call.connection.user : null; + } /** Return true if the invocation was through an RPC. */ diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestDoAsEffectiveUser.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestDoAsEffectiveUser.java index 608cfb05cd..217174de49 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestDoAsEffectiveUser.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestDoAsEffectiveUser.java @@ -127,6 +127,7 @@ public interface TestProtocol extends VersionedProtocol { public static final long versionID = 1L; String aMethod() throws IOException; + String getServerRemoteUser() throws IOException; } public class TestImpl implements TestProtocol { @@ -136,6 +137,11 @@ public String aMethod() throws IOException { return UserGroupInformation.getCurrentUser().toString(); } + @Override + public String getServerRemoteUser() throws IOException { + return Server.getRemoteUser().toString(); + } + @Override public long getProtocolVersion(String protocol, long clientVersion) throws IOException { @@ -149,7 +155,23 @@ public ProtocolSignature getProtocolSignature(String protocol, } } - @Test + private void checkRemoteUgi(final Server server, + final UserGroupInformation ugi, final Configuration conf) + throws Exception { + ugi.doAs(new PrivilegedExceptionAction() { + @Override + public Void run() throws IOException { + proxy = RPC.getProxy( + TestProtocol.class, TestProtocol.versionID, + NetUtils.getConnectAddress(server), conf); + Assert.assertEquals(ugi.toString(), proxy.aMethod()); + Assert.assertEquals(ugi.toString(), proxy.getServerRemoteUser()); + return null; + } + }); + } + + @Test(timeout=4000) public void testRealUserSetup() throws IOException { final Configuration conf = new Configuration(); conf.setStrings(ProxyUsers @@ -163,24 +185,13 @@ public void testRealUserSetup() throws IOException { try { server.start(); - final InetSocketAddress addr = NetUtils.getConnectAddress(server); - UserGroupInformation realUserUgi = UserGroupInformation .createRemoteUser(REAL_USER_NAME); + checkRemoteUgi(server, realUserUgi, conf); + UserGroupInformation proxyUserUgi = UserGroupInformation.createProxyUserForTesting( PROXY_USER_NAME, realUserUgi, GROUP_NAMES); - String retVal = proxyUserUgi - .doAs(new PrivilegedExceptionAction() { - @Override - public String run() throws IOException { - proxy = RPC.getProxy(TestProtocol.class, - TestProtocol.versionID, addr, conf); - String ret = proxy.aMethod(); - return ret; - } - }); - - Assert.assertEquals(PROXY_USER_NAME + " (auth:PROXY) via " + REAL_USER_NAME + " (auth:SIMPLE)", retVal); + checkRemoteUgi(server, proxyUserUgi, conf); } catch (Exception e) { e.printStackTrace(); Assert.fail(); @@ -192,7 +203,7 @@ public String run() throws IOException { } } - @Test + @Test(timeout=4000) public void testRealUserAuthorizationSuccess() throws IOException { final Configuration conf = new Configuration(); configureSuperUserIPAddresses(conf, REAL_USER_SHORT_NAME); @@ -206,25 +217,13 @@ public void testRealUserAuthorizationSuccess() throws IOException { try { server.start(); - final InetSocketAddress addr = NetUtils.getConnectAddress(server); - UserGroupInformation realUserUgi = UserGroupInformation .createRemoteUser(REAL_USER_NAME); + checkRemoteUgi(server, realUserUgi, conf); UserGroupInformation proxyUserUgi = UserGroupInformation .createProxyUserForTesting(PROXY_USER_NAME, realUserUgi, GROUP_NAMES); - String retVal = proxyUserUgi - .doAs(new PrivilegedExceptionAction() { - @Override - public String run() throws IOException { - proxy = RPC.getProxy(TestProtocol.class, - TestProtocol.versionID, addr, conf); - String ret = proxy.aMethod(); - return ret; - } - }); - - Assert.assertEquals(PROXY_USER_NAME + " (auth:PROXY) via " + REAL_USER_NAME + " (auth:SIMPLE)", retVal); + checkRemoteUgi(server, proxyUserUgi, conf); } catch (Exception e) { e.printStackTrace(); Assert.fail();