big-data/hadoop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HDDS-1259. OzoneFS classpath separation is broken by the token validation. Contributed by Elek Marton.

Browse Source 
Closes #604
This commit is contained in:
Elek, Márton 2019-03-15 17:43:01 +01:00 committed by Xiaoyu Yao
parent a7f5e742a6
commit dc21655f2a
2 changed files with 25 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
hadoop-ozone/ozonefs/src/main/java/org/apache/hadoop/fs/ozone/OzoneClientAdapterImpl.java
View File

@ -30,6 +30,7 @@
import org.apache.hadoop.hdds.client.ReplicationFactor; import org.apache.hadoop.hdds.client.ReplicationFactor;
import org.apache.hadoop.hdds.client.ReplicationType; import org.apache.hadoop.hdds.client.ReplicationType;
import org.apache.hadoop.hdds.conf.OzoneConfiguration; import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.hdds.security.x509.SecurityConfig;
import org.apache.hadoop.io.Text; import org.apache.hadoop.io.Text;
import org.apache.hadoop.ozone.OzoneConfigKeys; import org.apache.hadoop.ozone.OzoneConfigKeys;
import org.apache.hadoop.ozone.client.ObjectStore; import org.apache.hadoop.ozone.client.ObjectStore;
@ -60,7 +61,7 @@ public class OzoneClientAdapterImpl implements OzoneClientAdapter {
private ReplicationType replicationType; private ReplicationType replicationType;
private ReplicationFactor replicationFactor; private ReplicationFactor replicationFactor;
private OzoneFSStorageStatistics storageStatistics; private OzoneFSStorageStatistics storageStatistics;
private boolean securityEnabled;
/** /**
* Create new OzoneClientAdapter implementation. * Create new OzoneClientAdapter implementation.
* *
@ -104,12 +105,24 @@ public OzoneClientAdapterImpl(OzoneConfiguration conf, String volumeStr,
} }
public OzoneClientAdapterImpl(String omHost, int omPort, public OzoneClientAdapterImpl(String omHost, int omPort,
OzoneConfiguration conf, String volumeStr, String bucketStr, Configuration hadoopConf, String volumeStr, String bucketStr,
OzoneFSStorageStatistics storageStatistics) throws IOException { OzoneFSStorageStatistics storageStatistics) throws IOException {
ClassLoader contextClassLoader = ClassLoader contextClassLoader =
Thread.currentThread().getContextClassLoader(); Thread.currentThread().getContextClassLoader();
Thread.currentThread().setContextClassLoader(null); Thread.currentThread().setContextClassLoader(null);
OzoneConfiguration conf;
if (hadoopConf instanceof OzoneConfiguration) {
conf = (OzoneConfiguration) hadoopConf;
} else {
conf = new OzoneConfiguration(hadoopConf);
}
SecurityConfig secConfig = new SecurityConfig(conf);
if (secConfig.isSecurityEnabled()) {
this.securityEnabled = true;
}
try { try {
String replicationTypeConf = String replicationTypeConf =
@ -276,10 +289,14 @@ public Iterator<BasicKeyInfo> listKeys(String pathKey) {
@Override @Override
public Token<OzoneTokenIdentifier> getDelegationToken(String renewer) public Token<OzoneTokenIdentifier> getDelegationToken(String renewer)
throws IOException { throws IOException {
Token<OzoneTokenIdentifier> token = if (!securityEnabled) {
ozoneClient.getObjectStore().getDelegationToken(new Text(renewer)); return null;
token.setKind(OzoneTokenIdentifier.KIND_NAME); } else {
return token; Token<OzoneTokenIdentifier> token =
ozoneClient.getObjectStore().getDelegationToken(new Text(renewer));
token.setKind(OzoneTokenIdentifier.KIND_NAME);
return token;
}
} }
/** /**

18
hadoop-ozone/ozonefs/src/main/java/org/apache/hadoop/fs/ozone/OzoneFileSystem.java
View File

@ -48,8 +48,6 @@
import org.apache.hadoop.fs.PathIsNotEmptyDirectoryException; import org.apache.hadoop.fs.PathIsNotEmptyDirectoryException;
import org.apache.hadoop.fs.GlobalStorageStatistics; import org.apache.hadoop.fs.GlobalStorageStatistics;
import org.apache.hadoop.fs.permission.FsPermission; import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.hdds.security.x509.SecurityConfig;
import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.util.Progressable; import org.apache.hadoop.util.Progressable;
@ -87,7 +85,6 @@ public class OzoneFileSystem extends FileSystem {
private Path workingDir; private Path workingDir;
private OzoneClientAdapter adapter; private OzoneClientAdapter adapter;
private boolean securityEnabled;
private OzoneFSStorageStatistics storageStatistics; private OzoneFSStorageStatistics storageStatistics;
@ -174,19 +171,9 @@ public void initialize(URI name, Configuration conf) throws IOException {
OzoneClientAdapterFactory.createAdapter(volumeStr, bucketStr); OzoneClientAdapterFactory.createAdapter(volumeStr, bucketStr);
} }
} else { } else {
OzoneConfiguration ozoneConfiguration;
if (conf instanceof OzoneConfiguration) {
ozoneConfiguration = (OzoneConfiguration) conf;
} else {
ozoneConfiguration = new OzoneConfiguration(conf);
}
SecurityConfig secConfig = new SecurityConfig(ozoneConfiguration);
if (secConfig.isSecurityEnabled()) {
this.securityEnabled = true;
}
this.adapter = new OzoneClientAdapterImpl(omHost, this.adapter = new OzoneClientAdapterImpl(omHost,
Integer.parseInt(omPort), ozoneConfiguration, Integer.parseInt(omPort), conf,
volumeStr, bucketStr, storageStatistics); volumeStr, bucketStr, storageStatistics);
} }
@ -701,8 +688,7 @@ public Path getWorkingDirectory() {
@Override @Override
public Token<?> getDelegationToken(String renewer) throws IOException { public Token<?> getDelegationToken(String renewer) throws IOException {
return securityEnabled? adapter.getDelegationToken(renewer) : return adapter.getDelegationToken(renewer);
super.getDelegationToken(renewer);
} }
/** /**