From dc21655f2a477196ccc5173666b73d11865eeaf5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Elek=2C=20M=C3=A1rton?= <elek@users.noreply.github.com>
Date: Fri, 15 Mar 2019 17:43:01 +0100
Subject: [PATCH] HDDS-1259. OzoneFS classpath separation is broken by the
 token validation. Contributed by Elek Marton.

 Closes #604
---
 .../fs/ozone/OzoneClientAdapterImpl.java      | 29 +++++++++++++++----
 .../hadoop/fs/ozone/OzoneFileSystem.java      | 18 ++----------
 2 files changed, 25 insertions(+), 22 deletions(-)

diff --git a/hadoop-ozone/ozonefs/src/main/java/org/apache/hadoop/fs/ozone/OzoneClientAdapterImpl.java b/hadoop-ozone/ozonefs/src/main/java/org/apache/hadoop/fs/ozone/OzoneClientAdapterImpl.java
index 1ea126169f..1dbfa95035 100644
--- a/hadoop-ozone/ozonefs/src/main/java/org/apache/hadoop/fs/ozone/OzoneClientAdapterImpl.java
+++ b/hadoop-ozone/ozonefs/src/main/java/org/apache/hadoop/fs/ozone/OzoneClientAdapterImpl.java
@@ -30,6 +30,7 @@
 import org.apache.hadoop.hdds.client.ReplicationFactor;
 import org.apache.hadoop.hdds.client.ReplicationType;
 import org.apache.hadoop.hdds.conf.OzoneConfiguration;
+import org.apache.hadoop.hdds.security.x509.SecurityConfig;
 import org.apache.hadoop.io.Text;
 import org.apache.hadoop.ozone.OzoneConfigKeys;
 import org.apache.hadoop.ozone.client.ObjectStore;
@@ -60,7 +61,7 @@ public class OzoneClientAdapterImpl implements OzoneClientAdapter {
   private ReplicationType replicationType;
   private ReplicationFactor replicationFactor;
   private OzoneFSStorageStatistics storageStatistics;
-
+  private boolean securityEnabled;
   /**
    * Create new OzoneClientAdapter implementation.
    *
@@ -104,12 +105,24 @@ public OzoneClientAdapterImpl(OzoneConfiguration conf, String volumeStr,
   }
 
   public OzoneClientAdapterImpl(String omHost, int omPort,
-      OzoneConfiguration conf, String volumeStr, String bucketStr,
+      Configuration hadoopConf, String volumeStr, String bucketStr,
       OzoneFSStorageStatistics storageStatistics) throws IOException {
 
     ClassLoader contextClassLoader =
         Thread.currentThread().getContextClassLoader();
     Thread.currentThread().setContextClassLoader(null);
+    OzoneConfiguration conf;
+    if (hadoopConf instanceof OzoneConfiguration) {
+      conf = (OzoneConfiguration) hadoopConf;
+    } else {
+      conf = new OzoneConfiguration(hadoopConf);
+    }
+
+    SecurityConfig secConfig = new SecurityConfig(conf);
+
+    if (secConfig.isSecurityEnabled()) {
+      this.securityEnabled = true;
+    }
 
     try {
       String replicationTypeConf =
@@ -276,10 +289,14 @@ public Iterator<BasicKeyInfo> listKeys(String pathKey) {
   @Override
   public Token<OzoneTokenIdentifier> getDelegationToken(String renewer)
       throws IOException {
-    Token<OzoneTokenIdentifier> token =
-        ozoneClient.getObjectStore().getDelegationToken(new Text(renewer));
-    token.setKind(OzoneTokenIdentifier.KIND_NAME);
-    return token;
+    if (!securityEnabled) {
+      return null;
+    } else {
+      Token<OzoneTokenIdentifier> token =
+          ozoneClient.getObjectStore().getDelegationToken(new Text(renewer));
+      token.setKind(OzoneTokenIdentifier.KIND_NAME);
+      return token;
+    }
   }
 
   /**
diff --git a/hadoop-ozone/ozonefs/src/main/java/org/apache/hadoop/fs/ozone/OzoneFileSystem.java b/hadoop-ozone/ozonefs/src/main/java/org/apache/hadoop/fs/ozone/OzoneFileSystem.java
index 3cfbebf4c3..97f5c8e047 100644
--- a/hadoop-ozone/ozonefs/src/main/java/org/apache/hadoop/fs/ozone/OzoneFileSystem.java
+++ b/hadoop-ozone/ozonefs/src/main/java/org/apache/hadoop/fs/ozone/OzoneFileSystem.java
@@ -48,8 +48,6 @@
 import org.apache.hadoop.fs.PathIsNotEmptyDirectoryException;
 import org.apache.hadoop.fs.GlobalStorageStatistics;
 import org.apache.hadoop.fs.permission.FsPermission;
-import org.apache.hadoop.hdds.conf.OzoneConfiguration;
-import org.apache.hadoop.hdds.security.x509.SecurityConfig;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.security.token.Token;
 import org.apache.hadoop.util.Progressable;
@@ -87,7 +85,6 @@ public class OzoneFileSystem extends FileSystem {
   private Path workingDir;
 
   private OzoneClientAdapter adapter;
-  private boolean securityEnabled;
 
   private OzoneFSStorageStatistics storageStatistics;
 
@@ -174,19 +171,9 @@ public void initialize(URI name, Configuration conf) throws IOException {
               OzoneClientAdapterFactory.createAdapter(volumeStr, bucketStr);
         }
       } else {
-        OzoneConfiguration ozoneConfiguration;
-        if (conf instanceof OzoneConfiguration) {
-          ozoneConfiguration = (OzoneConfiguration) conf;
-        } else {
-          ozoneConfiguration = new OzoneConfiguration(conf);
-        }
 
-        SecurityConfig secConfig = new SecurityConfig(ozoneConfiguration);
-        if (secConfig.isSecurityEnabled()) {
-          this.securityEnabled = true;
-        }
         this.adapter = new OzoneClientAdapterImpl(omHost,
-            Integer.parseInt(omPort), ozoneConfiguration,
+            Integer.parseInt(omPort), conf,
             volumeStr, bucketStr, storageStatistics);
       }
 
@@ -701,8 +688,7 @@ public Path getWorkingDirectory() {
 
   @Override
   public Token<?> getDelegationToken(String renewer) throws IOException {
-    return securityEnabled? adapter.getDelegationToken(renewer) :
-        super.getDelegationToken(renewer);
+    return adapter.getDelegationToken(renewer);
   }
 
   /**