HADOOP-10345. Sanitize the the inputs (groups and hosts) for the proxyuser configuration. Contributed by Benoy Antony.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1583454 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Jing Zhao 2014-03-31 20:42:13 +00:00
parent ed64289c80
commit e908bbe807
5 changed files with 58 additions and 3 deletions

View File

@ -318,6 +318,9 @@ Release 2.5.0 - UNRELEASED
HADOOP-10451. Remove unused field and imports from SaslRpcServer.
(Benoy Antony via jing9)
HADOOP-10345. Sanitize the the inputs (groups and hosts) for the proxyuser
configuration. (Benoy Antony via jing9)
OPTIMIZATIONS
BUG FIXES

View File

@ -70,7 +70,7 @@ public static synchronized void refreshSuperUserGroupsConfiguration(Configuratio
String regex = CONF_HADOOP_PROXYUSER_RE+"[^.]*\\"+CONF_GROUPS;
Map<String,String> allMatchKeys = conf.getValByRegex(regex);
for(Entry<String, String> entry : allMatchKeys.entrySet()) {
Collection<String> groups = StringUtils.getStringCollection(entry.getValue());
Collection<String> groups = StringUtils.getTrimmedStringCollection(entry.getValue());
proxyGroups.put(entry.getKey(), groups );
//cache the groups. This is needed for NetGroups
Groups.getUserToGroupsMappingService(conf).cacheGroupsAdd(
@ -82,7 +82,7 @@ public static synchronized void refreshSuperUserGroupsConfiguration(Configuratio
allMatchKeys = conf.getValByRegex(regex);
for(Entry<String, String> entry : allMatchKeys.entrySet()) {
proxyHosts.put(entry.getKey(),
StringUtils.getStringCollection(entry.getValue()));
StringUtils.getTrimmedStringCollection(entry.getValue()));
}
init = true;

View File

@ -28,9 +28,11 @@
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@ -351,12 +353,15 @@ public static Collection<String> getStringCollection(String str, String delim) {
/**
* Splits a comma separated value <code>String</code>, trimming leading and trailing whitespace on each value.
* Duplicate and empty values are removed.
* @param str a comma separated <String> with values
* @return a <code>Collection</code> of <code>String</code> values
*/
public static Collection<String> getTrimmedStringCollection(String str){
return new ArrayList<String>(
Set<String> set = new LinkedHashSet<String>(
Arrays.asList(getTrimmedStrings(str)));
set.remove("");
return set;
}
/**

View File

@ -19,6 +19,7 @@
import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@ -223,6 +224,41 @@ public void testWildcardIP() {
assertNotAuthorized(proxyUserUgi, "1.2.3.5");
}
@Test
public void testWithDuplicateProxyGroups() throws Exception {
Configuration conf = new Configuration();
conf.set(
ProxyUsers.getProxySuperuserGroupConfKey(REAL_USER_NAME),
StringUtils.join(",", Arrays.asList(GROUP_NAMES,GROUP_NAMES)));
conf.set(
ProxyUsers.getProxySuperuserIpConfKey(REAL_USER_NAME),
PROXY_IP);
ProxyUsers.refreshSuperUserGroupsConfiguration(conf);
Collection<String> groupsToBeProxied = ProxyUsers.getProxyGroups().get(
ProxyUsers.getProxySuperuserGroupConfKey(REAL_USER_NAME));
assertEquals (1,groupsToBeProxied.size());
}
@Test
public void testWithDuplicateProxyHosts() throws Exception {
Configuration conf = new Configuration();
conf.set(
ProxyUsers.getProxySuperuserGroupConfKey(REAL_USER_NAME),
StringUtils.join(",", Arrays.asList(GROUP_NAMES)));
conf.set(
ProxyUsers.getProxySuperuserIpConfKey(REAL_USER_NAME),
StringUtils.join(",", Arrays.asList(PROXY_IP,PROXY_IP)));
ProxyUsers.refreshSuperUserGroupsConfiguration(conf);
Collection<String> hosts = ProxyUsers.getProxyHosts().get(
ProxyUsers.getProxySuperuserIpConfKey(REAL_USER_NAME));
assertEquals (1,hosts.size());
}
private void assertNotAuthorized(UserGroupInformation proxyUgi, String host) {
try {
ProxyUsers.authorize(proxyUgi, host, null);

View File

@ -22,9 +22,12 @@
import static org.apache.hadoop.util.StringUtils.TraditionalBinaryPrefix.string2long;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@ -401,6 +404,14 @@ public void testReplaceTokensWinEnvVars() {
"begin %foo%_%bar%_%baz% end", pattern, replacements));
}
@Test
public void testGetUniqueNonEmptyTrimmedStrings (){
final String TO_SPLIT = ",foo, bar,baz,,blah,blah,bar,";
Collection<String> col = StringUtils.getTrimmedStringCollection(TO_SPLIT);
assertEquals(4, col.size());
assertTrue(col.containsAll(Arrays.asList(new String[]{"foo","bar","baz","blah"})));
}
// Benchmark for StringUtils split
public static void main(String []args) {
final String TO_SPLIT = "foo,bar,baz,blah,blah";