HADOOP-10345. Sanitize the the inputs (groups and hosts) for the proxyuser configuration. Contributed by Benoy Antony.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1583454 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Jing Zhao 2014-03-31 20:42:13 +00:00
parent ed64289c80
commit e908bbe807
5 changed files with 58 additions and 3 deletions

View File

@ -318,6 +318,9 @@ Release 2.5.0 - UNRELEASED
HADOOP-10451. Remove unused field and imports from SaslRpcServer. HADOOP-10451. Remove unused field and imports from SaslRpcServer.
(Benoy Antony via jing9) (Benoy Antony via jing9)
HADOOP-10345. Sanitize the the inputs (groups and hosts) for the proxyuser
configuration. (Benoy Antony via jing9)
OPTIMIZATIONS OPTIMIZATIONS
BUG FIXES BUG FIXES

View File

@ -70,7 +70,7 @@ public static synchronized void refreshSuperUserGroupsConfiguration(Configuratio
String regex = CONF_HADOOP_PROXYUSER_RE+"[^.]*\\"+CONF_GROUPS; String regex = CONF_HADOOP_PROXYUSER_RE+"[^.]*\\"+CONF_GROUPS;
Map<String,String> allMatchKeys = conf.getValByRegex(regex); Map<String,String> allMatchKeys = conf.getValByRegex(regex);
for(Entry<String, String> entry : allMatchKeys.entrySet()) { for(Entry<String, String> entry : allMatchKeys.entrySet()) {
Collection<String> groups = StringUtils.getStringCollection(entry.getValue()); Collection<String> groups = StringUtils.getTrimmedStringCollection(entry.getValue());
proxyGroups.put(entry.getKey(), groups ); proxyGroups.put(entry.getKey(), groups );
//cache the groups. This is needed for NetGroups //cache the groups. This is needed for NetGroups
Groups.getUserToGroupsMappingService(conf).cacheGroupsAdd( Groups.getUserToGroupsMappingService(conf).cacheGroupsAdd(
@ -82,7 +82,7 @@ public static synchronized void refreshSuperUserGroupsConfiguration(Configuratio
allMatchKeys = conf.getValByRegex(regex); allMatchKeys = conf.getValByRegex(regex);
for(Entry<String, String> entry : allMatchKeys.entrySet()) { for(Entry<String, String> entry : allMatchKeys.entrySet()) {
proxyHosts.put(entry.getKey(), proxyHosts.put(entry.getKey(),
StringUtils.getStringCollection(entry.getValue())); StringUtils.getTrimmedStringCollection(entry.getValue()));
} }
init = true; init = true;

View File

@ -28,9 +28,11 @@
import java.util.Collection; import java.util.Collection;
import java.util.Date; import java.util.Date;
import java.util.Iterator; import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List; import java.util.List;
import java.util.Locale; import java.util.Locale;
import java.util.Map; import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer; import java.util.StringTokenizer;
import java.util.regex.Matcher; import java.util.regex.Matcher;
import java.util.regex.Pattern; import java.util.regex.Pattern;
@ -351,12 +353,15 @@ public static Collection<String> getStringCollection(String str, String delim) {
/** /**
* Splits a comma separated value <code>String</code>, trimming leading and trailing whitespace on each value. * Splits a comma separated value <code>String</code>, trimming leading and trailing whitespace on each value.
* Duplicate and empty values are removed.
* @param str a comma separated <String> with values * @param str a comma separated <String> with values
* @return a <code>Collection</code> of <code>String</code> values * @return a <code>Collection</code> of <code>String</code> values
*/ */
public static Collection<String> getTrimmedStringCollection(String str){ public static Collection<String> getTrimmedStringCollection(String str){
return new ArrayList<String>( Set<String> set = new LinkedHashSet<String>(
Arrays.asList(getTrimmedStrings(str))); Arrays.asList(getTrimmedStrings(str)));
set.remove("");
return set;
} }
/** /**

View File

@ -19,6 +19,7 @@
import java.io.IOException; import java.io.IOException;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collection;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
@ -223,6 +224,41 @@ public void testWildcardIP() {
assertNotAuthorized(proxyUserUgi, "1.2.3.5"); assertNotAuthorized(proxyUserUgi, "1.2.3.5");
} }
@Test
public void testWithDuplicateProxyGroups() throws Exception {
Configuration conf = new Configuration();
conf.set(
ProxyUsers.getProxySuperuserGroupConfKey(REAL_USER_NAME),
StringUtils.join(",", Arrays.asList(GROUP_NAMES,GROUP_NAMES)));
conf.set(
ProxyUsers.getProxySuperuserIpConfKey(REAL_USER_NAME),
PROXY_IP);
ProxyUsers.refreshSuperUserGroupsConfiguration(conf);
Collection<String> groupsToBeProxied = ProxyUsers.getProxyGroups().get(
ProxyUsers.getProxySuperuserGroupConfKey(REAL_USER_NAME));
assertEquals (1,groupsToBeProxied.size());
}
@Test
public void testWithDuplicateProxyHosts() throws Exception {
Configuration conf = new Configuration();
conf.set(
ProxyUsers.getProxySuperuserGroupConfKey(REAL_USER_NAME),
StringUtils.join(",", Arrays.asList(GROUP_NAMES)));
conf.set(
ProxyUsers.getProxySuperuserIpConfKey(REAL_USER_NAME),
StringUtils.join(",", Arrays.asList(PROXY_IP,PROXY_IP)));
ProxyUsers.refreshSuperUserGroupsConfiguration(conf);
Collection<String> hosts = ProxyUsers.getProxyHosts().get(
ProxyUsers.getProxySuperuserIpConfKey(REAL_USER_NAME));
assertEquals (1,hosts.size());
}
private void assertNotAuthorized(UserGroupInformation proxyUgi, String host) { private void assertNotAuthorized(UserGroupInformation proxyUgi, String host) {
try { try {
ProxyUsers.authorize(proxyUgi, host, null); ProxyUsers.authorize(proxyUgi, host, null);

View File

@ -22,9 +22,12 @@
import static org.apache.hadoop.util.StringUtils.TraditionalBinaryPrefix.string2long; import static org.apache.hadoop.util.StringUtils.TraditionalBinaryPrefix.string2long;
import static org.junit.Assert.assertArrayEquals; import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail; import static org.junit.Assert.fail;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap; import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
@ -401,6 +404,14 @@ public void testReplaceTokensWinEnvVars() {
"begin %foo%_%bar%_%baz% end", pattern, replacements)); "begin %foo%_%bar%_%baz% end", pattern, replacements));
} }
@Test
public void testGetUniqueNonEmptyTrimmedStrings (){
final String TO_SPLIT = ",foo, bar,baz,,blah,blah,bar,";
Collection<String> col = StringUtils.getTrimmedStringCollection(TO_SPLIT);
assertEquals(4, col.size());
assertTrue(col.containsAll(Arrays.asList(new String[]{"foo","bar","baz","blah"})));
}
// Benchmark for StringUtils split // Benchmark for StringUtils split
public static void main(String []args) { public static void main(String []args) {
final String TO_SPLIT = "foo,bar,baz,blah,blah"; final String TO_SPLIT = "foo,bar,baz,blah,blah";