Beispiel #1
0
        internal static bool IsValidRequestor(ServletContext context, string remoteUser,
                                              Configuration conf)
        {
            if (remoteUser == null)
            {
                // This really shouldn't happen...
                Log.Warn("Received null remoteUser while authorizing access to getImage servlet");
                return(false);
            }
            ICollection <string> validRequestors = new HashSet <string>();

            validRequestors.AddItem(SecurityUtil.GetServerPrincipal(conf.Get(DFSConfigKeys.DfsNamenodeKerberosPrincipalKey
                                                                             ), NameNode.GetAddress(conf).GetHostName()));
            try
            {
                validRequestors.AddItem(SecurityUtil.GetServerPrincipal(conf.Get(DFSConfigKeys.DfsSecondaryNamenodeKerberosPrincipalKey
                                                                                 ), SecondaryNameNode.GetHttpAddress(conf).GetHostName()));
            }
            catch (Exception e)
            {
                // Don't halt if SecondaryNameNode principal could not be added.
                Log.Debug("SecondaryNameNode principal could not be added", e);
                string msg = string.Format("SecondaryNameNode principal not considered, %s = %s, %s = %s"
                                           , DFSConfigKeys.DfsSecondaryNamenodeKerberosPrincipalKey, conf.Get(DFSConfigKeys
                                                                                                              .DfsSecondaryNamenodeKerberosPrincipalKey), DFSConfigKeys.DfsNamenodeSecondaryHttpAddressKey
                                           , conf.GetTrimmed(DFSConfigKeys.DfsNamenodeSecondaryHttpAddressKey, DFSConfigKeys
                                                             .DfsNamenodeSecondaryHttpAddressDefault));
                Log.Warn(msg);
            }
            if (HAUtil.IsHAEnabled(conf, DFSUtil.GetNamenodeNameServiceId(conf)))
            {
                Configuration otherNnConf = HAUtil.GetConfForOtherNode(conf);
                validRequestors.AddItem(SecurityUtil.GetServerPrincipal(otherNnConf.Get(DFSConfigKeys
                                                                                        .DfsNamenodeKerberosPrincipalKey), NameNode.GetAddress(otherNnConf).GetHostName(
                                                                            )));
            }
            foreach (string v in validRequestors)
            {
                if (v != null && v.Equals(remoteUser))
                {
                    Log.Info("ImageServlet allowing checkpointer: " + remoteUser);
                    return(true);
                }
            }
            if (HttpServer2.UserHasAdministratorAccess(context, remoteUser))
            {
                Log.Info("ImageServlet allowing administrator: " + remoteUser);
                return(true);
            }
            Log.Info("ImageServlet rejecting: " + remoteUser);
            return(false);
        }