/// <exception cref="System.Exception"/> public virtual RegisterApplicationMasterResponse RegisterAppAttempt(bool wait) { if (wait) { WaitForState(RMAppAttemptState.Launched); } responseId = 0; RegisterApplicationMasterRequest req = Org.Apache.Hadoop.Yarn.Util.Records.NewRecord <RegisterApplicationMasterRequest>(); req.SetHost(string.Empty); req.SetRpcPort(1); req.SetTrackingUrl(string.Empty); if (ugi == null) { ugi = UserGroupInformation.CreateRemoteUser(attemptId.ToString()); Org.Apache.Hadoop.Security.Token.Token <AMRMTokenIdentifier> token = context.GetRMApps ()[attemptId.GetApplicationId()].GetRMAppAttempt(attemptId).GetAMRMToken(); ugi.AddTokenIdentifier(token.DecodeIdentifier()); } try { return(ugi.DoAs(new _PrivilegedExceptionAction_117(this, req))); } catch (UndeclaredThrowableException e) { throw (Exception)e.InnerException; } }
/// <exception cref="System.IO.IOException"/> /// <exception cref="System.Exception"/> internal static string GetDelegationToken(NamenodeProtocols nn, HttpServletRequest request, Configuration conf, UserGroupInformation ugi) { Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = ugi.DoAs (new _PrivilegedExceptionAction_39(nn, ugi)); return(token == null ? null : token.EncodeToUrlString()); }
public virtual void TestDelegationTokenRpc() { ClientProtocol mockNN = Org.Mockito.Mockito.Mock <ClientProtocol>(); FSNamesystem mockNameSys = Org.Mockito.Mockito.Mock <FSNamesystem>(); DelegationTokenSecretManager sm = new DelegationTokenSecretManager(DFSConfigKeys. DfsNamenodeDelegationKeyUpdateIntervalDefault, DFSConfigKeys.DfsNamenodeDelegationKeyUpdateIntervalDefault , DFSConfigKeys.DfsNamenodeDelegationTokenMaxLifetimeDefault, 3600000, mockNameSys ); sm.StartThreads(); Org.Apache.Hadoop.Ipc.Server server = new RPC.Builder(conf).SetProtocol(typeof(ClientProtocol )).SetInstance(mockNN).SetBindAddress(Address).SetPort(0).SetNumHandlers(5).SetVerbose (true).SetSecretManager(sm).Build(); server.Start(); UserGroupInformation current = UserGroupInformation.GetCurrentUser(); IPEndPoint addr = NetUtils.GetConnectAddress(server); string user = current.GetUserName(); Text owner = new Text(user); DelegationTokenIdentifier dtId = new DelegationTokenIdentifier(owner, owner, null ); Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier>(dtId, sm); SecurityUtil.SetTokenService(token, addr); Log.Info("Service for token is " + token.GetService()); current.AddToken(token); current.DoAs(new _PrivilegedExceptionAction_100(addr, server)); }
public virtual void CancelDelegationToken <_T0>(Org.Apache.Hadoop.Security.Token.Token <_T0> token) where _T0 : AbstractDelegationTokenIdentifier { dfs.CancelDelegationToken((Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier >)token); }
internal static bool CheckEqual(Org.Apache.Hadoop.Security.Token.Token <TokenIdentifier > a, Org.Apache.Hadoop.Security.Token.Token <TokenIdentifier> b) { return(Arrays.Equals(a.GetIdentifier(), b.GetIdentifier()) && Arrays.Equals(a.GetPassword (), b.GetPassword()) && IsEqual(a.GetKind(), b.GetKind()) && IsEqual(a.GetService (), b.GetService())); }
public virtual long RenewDelegationToken <_T0>(Org.Apache.Hadoop.Security.Token.Token <_T0> token) where _T0 : AbstractDelegationTokenIdentifier { return(dfs.RenewDelegationToken((Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier >)token)); }
public virtual void TestSecureHAToken() { Configuration conf = DFSTestUtil.NewHAConfiguration(LogicalName); conf.SetBoolean(DFSConfigKeys.DfsNamenodeDelegationTokenAlwaysUseKey, true); MiniDFSCluster cluster = null; WebHdfsFileSystem fs = null; try { cluster = new MiniDFSCluster.Builder(conf).NnTopology(topo).NumDataNodes(0).Build (); HATestUtil.SetFailoverConfigurations(cluster, conf, LogicalName); cluster.WaitActive(); fs = Org.Mockito.Mockito.Spy((WebHdfsFileSystem)FileSystem.Get(WebhdfsUri, conf)); FileSystemTestHelper.AddFileSystemForTesting(WebhdfsUri, conf, fs); cluster.TransitionToActive(0); Org.Apache.Hadoop.Security.Token.Token <object> token = ((Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier>)fs.GetDelegationToken(null)); cluster.ShutdownNameNode(0); cluster.TransitionToActive(1); token.Renew(conf); token.Cancel(conf); Org.Mockito.Mockito.Verify(fs).RenewDelegationToken(token); Org.Mockito.Mockito.Verify(fs).CancelDelegationToken(token); } finally { IOUtils.Cleanup(null, fs); if (cluster != null) { cluster.Shutdown(); } } }
/// <exception cref="System.IO.IOException"/> public override TokenIdent CancelToken(Org.Apache.Hadoop.Security.Token.Token <TokenIdent > token, string canceller) { lock (this) { ByteArrayInputStream buf = new ByteArrayInputStream(token.GetIdentifier()); DataInputStream @in = new DataInputStream(buf); TokenIdent id = CreateIdentifier(); id.ReadFields(@in); try { if (!currentTokens.Contains(id)) { // See if token can be retrieved and placed in currentTokens GetTokenInfo(id); } return(base.CancelToken(token, canceller)); } catch (Exception e) { Log.Error("Exception while checking if token exist !!", e); return(id); } } }
/// <summary>Clone a token.</summary> /// <param name="other">the token to clone</param> public Token(Org.Apache.Hadoop.Security.Token.Token <T> other) { this.identifier = other.identifier; this.password = other.password; this.kind = other.kind; this.service = other.service; }
// Test the DT mast key in the state-store when the mast key is being rolled. /// <exception cref="System.Exception"/> public virtual void TestRMDTMasterKeyStateOnRollingMasterKey() { MemoryRMStateStore memStore = new MemoryRMStateStore(); memStore.Init(conf); RMStateStore.RMState rmState = memStore.GetState(); IDictionary <RMDelegationTokenIdentifier, long> rmDTState = rmState.GetRMDTSecretManagerState ().GetTokenState(); ICollection <DelegationKey> rmDTMasterKeyState = rmState.GetRMDTSecretManagerState ().GetMasterKeyState(); MockRM rm1 = new TestRMDelegationTokens.MyMockRM(this, conf, memStore); rm1.Start(); // on rm start, two master keys are created. // One is created at RMDTSecretMgr.startThreads.updateCurrentKey(); // the other is created on the first run of // tokenRemoverThread.rollMasterKey() RMDelegationTokenSecretManager dtSecretManager = rm1.GetRMContext().GetRMDelegationTokenSecretManager (); // assert all master keys are saved NUnit.Framework.Assert.AreEqual(dtSecretManager.GetAllMasterKeys(), rmDTMasterKeyState ); ICollection <DelegationKey> expiringKeys = new HashSet <DelegationKey>(); Sharpen.Collections.AddAll(expiringKeys, dtSecretManager.GetAllMasterKeys()); // request to generate a RMDelegationToken GetDelegationTokenRequest request = Org.Mockito.Mockito.Mock <GetDelegationTokenRequest >(); Org.Mockito.Mockito.When(request.GetRenewer()).ThenReturn("renewer1"); GetDelegationTokenResponse response = rm1.GetClientRMService().GetDelegationToken (request); Org.Apache.Hadoop.Yarn.Api.Records.Token delegationToken = response.GetRMDelegationToken (); Org.Apache.Hadoop.Security.Token.Token <RMDelegationTokenIdentifier> token1 = ConverterUtils .ConvertFromYarn(delegationToken, (Text)null); RMDelegationTokenIdentifier dtId1 = token1.DecodeIdentifier(); // For all keys that still remain in memory, we should have them stored // in state-store also. while (((TestRMDelegationTokens.TestRMDelegationTokenSecretManager)dtSecretManager ).numUpdatedKeys.Get() < 3) { ((TestRMDelegationTokens.TestRMDelegationTokenSecretManager)dtSecretManager).CheckCurrentKeyInStateStore (rmDTMasterKeyState); Sharpen.Thread.Sleep(100); } // wait for token to expire and remove from state-store // rollMasterKey is called every 1 second. int count = 0; while (rmDTState.Contains(dtId1) && count < 100) { Sharpen.Thread.Sleep(100); count++; } rm1.Stop(); }
/// <exception cref="System.IO.IOException"/> public override void WriteBlock(ExtendedBlock blk, StorageType storageType, Org.Apache.Hadoop.Security.Token.Token <BlockTokenIdentifier> blockToken, string clientName, DatanodeInfo[] targets, StorageType [] targetStorageTypes, DatanodeInfo source, BlockConstructionStage stage, int pipelineSize , long minBytesRcvd, long maxBytesRcvd, long latestGenerationStamp, DataChecksum requestedChecksum, CachingStrategy cachingStrategy, bool allowLazyPersist, bool pinning, bool[] targetPinnings) { DataTransferProtos.ClientOperationHeaderProto header = DataTransferProtoUtil.BuildClientHeader (blk, clientName, blockToken); DataTransferProtos.ChecksumProto checksumProto = DataTransferProtoUtil.ToProto(requestedChecksum ); DataTransferProtos.OpWriteBlockProto.Builder proto = DataTransferProtos.OpWriteBlockProto .NewBuilder().SetHeader(header).SetStorageType(PBHelper.ConvertStorageType(storageType )).AddAllTargets(PBHelper.Convert(targets, 1)).AddAllTargetStorageTypes(PBHelper .ConvertStorageTypes(targetStorageTypes, 1)).SetStage(DataTransferProtoUtil.ToProto (stage)).SetPipelineSize(pipelineSize).SetMinBytesRcvd(minBytesRcvd).SetMaxBytesRcvd (maxBytesRcvd).SetLatestGenerationStamp(latestGenerationStamp).SetRequestedChecksum (checksumProto).SetCachingStrategy(GetCachingStrategy(cachingStrategy)).SetAllowLazyPersist (allowLazyPersist).SetPinning(pinning).AddAllTargetPinnings(PBHelper.Convert(targetPinnings , 1)); if (source != null) { proto.SetSource(PBHelper.ConvertDatanodeInfo(source)); } Send(@out, OP.WriteBlock, ((DataTransferProtos.OpWriteBlockProto)proto.Build())); }
public virtual void TestAddRemoveRenewAction() { Text service = new Text("myservice"); Configuration conf = Org.Mockito.Mockito.Mock <Configuration>(); Org.Apache.Hadoop.Security.Token.Token <object> token = Org.Mockito.Mockito.Mock <Org.Apache.Hadoop.Security.Token.Token >(); Org.Mockito.Mockito.DoReturn(service).When(token).GetService(); Org.Mockito.Mockito.DoAnswer(new _Answer_61()).When(token).Renew(Any <Configuration >()); TestDelegationTokenRenewer.RenewableFileSystem fs = Org.Mockito.Mockito.Mock <TestDelegationTokenRenewer.RenewableFileSystem >(); Org.Mockito.Mockito.DoReturn(conf).When(fs).GetConf(); Org.Mockito.Mockito.DoReturn(token).When(fs).GetRenewToken(); renewer.AddRenewAction(fs); Assert.Equal("FileSystem not added to DelegationTokenRenewer", 1, renewer.GetRenewQueueLength()); Thread.Sleep(RenewCycle * 2); Org.Mockito.Mockito.Verify(token, Org.Mockito.Mockito.AtLeast(2)).Renew(Eq(conf)); Org.Mockito.Mockito.Verify(token, Org.Mockito.Mockito.AtMost(3)).Renew(Eq(conf)); Org.Mockito.Mockito.Verify(token, Org.Mockito.Mockito.Never()).Cancel(Any <Configuration >()); renewer.RemoveRenewAction(fs); Org.Mockito.Mockito.Verify(token).Cancel(Eq(conf)); Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).GetDelegationToken(null ); Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).SetDelegationToken(Any <Org.Apache.Hadoop.Security.Token.Token>()); Assert.Equal("FileSystem not removed from DelegationTokenRenewer" , 0, renewer.GetRenewQueueLength()); }
public virtual void TestStopRenewalWhenFsGone() { Configuration conf = Org.Mockito.Mockito.Mock <Configuration>(); Org.Apache.Hadoop.Security.Token.Token <object> token = Org.Mockito.Mockito.Mock <Org.Apache.Hadoop.Security.Token.Token >(); Org.Mockito.Mockito.DoReturn(new Text("myservice")).When(token).GetService(); Org.Mockito.Mockito.DoAnswer(new _Answer_157()).When(token).Renew(Any <Configuration >()); TestDelegationTokenRenewer.RenewableFileSystem fs = Org.Mockito.Mockito.Mock <TestDelegationTokenRenewer.RenewableFileSystem >(); Org.Mockito.Mockito.DoReturn(conf).When(fs).GetConf(); Org.Mockito.Mockito.DoReturn(token).When(fs).GetRenewToken(); renewer.AddRenewAction(fs); Assert.Equal(1, renewer.GetRenewQueueLength()); Thread.Sleep(RenewCycle); Org.Mockito.Mockito.Verify(token, Org.Mockito.Mockito.AtLeast(1)).Renew(Eq(conf)); Org.Mockito.Mockito.Verify(token, Org.Mockito.Mockito.AtMost(2)).Renew(Eq(conf)); // drop weak ref fs = null; System.GC.Collect(); System.GC.Collect(); System.GC.Collect(); // next renew should detect the fs as gone Thread.Sleep(RenewCycle); Org.Mockito.Mockito.Verify(token, Org.Mockito.Mockito.AtLeast(1)).Renew(Eq(conf)); Org.Mockito.Mockito.Verify(token, Org.Mockito.Mockito.AtMost(2)).Renew(Eq(conf)); Assert.Equal(0, renewer.GetRenewQueueLength()); }
/// <exception cref="System.IO.IOException"/> /// <exception cref="System.Exception"/> public virtual void TestMultipleTokensDoNotDeadlock() { Configuration conf = Org.Mockito.Mockito.Mock <Configuration>(); FileSystem fs = Org.Mockito.Mockito.Mock <FileSystem>(); Org.Mockito.Mockito.DoReturn(conf).When(fs).GetConf(); long distantFuture = Time.Now() + 3600 * 1000; // 1h Org.Apache.Hadoop.Security.Token.Token <object> token1 = Org.Mockito.Mockito.Mock < Org.Apache.Hadoop.Security.Token.Token>(); Org.Mockito.Mockito.DoReturn(new Text("myservice1")).When(token1).GetService(); Org.Mockito.Mockito.DoReturn(distantFuture).When(token1).Renew(Eq(conf)); Org.Apache.Hadoop.Security.Token.Token <object> token2 = Org.Mockito.Mockito.Mock < Org.Apache.Hadoop.Security.Token.Token>(); Org.Mockito.Mockito.DoReturn(new Text("myservice2")).When(token2).GetService(); Org.Mockito.Mockito.DoReturn(distantFuture).When(token2).Renew(Eq(conf)); TestDelegationTokenRenewer.RenewableFileSystem fs1 = Org.Mockito.Mockito.Mock <TestDelegationTokenRenewer.RenewableFileSystem >(); Org.Mockito.Mockito.DoReturn(conf).When(fs1).GetConf(); Org.Mockito.Mockito.DoReturn(token1).When(fs1).GetRenewToken(); TestDelegationTokenRenewer.RenewableFileSystem fs2 = Org.Mockito.Mockito.Mock <TestDelegationTokenRenewer.RenewableFileSystem >(); Org.Mockito.Mockito.DoReturn(conf).When(fs2).GetConf(); Org.Mockito.Mockito.DoReturn(token2).When(fs2).GetRenewToken(); renewer.AddRenewAction(fs1); renewer.AddRenewAction(fs2); Assert.Equal(2, renewer.GetRenewQueueLength()); renewer.RemoveRenewAction(fs1); Assert.Equal(1, renewer.GetRenewQueueLength()); renewer.RemoveRenewAction(fs2); Assert.Equal(0, renewer.GetRenewQueueLength()); Org.Mockito.Mockito.Verify(token1).Cancel(Eq(conf)); Org.Mockito.Mockito.Verify(token2).Cancel(Eq(conf)); }
public virtual void TestNodeHeartBeatResponse() { NodeHeartbeatResponse record = Org.Apache.Hadoop.Yarn.Util.Records.NewRecord <NodeHeartbeatResponse >(); IDictionary <ApplicationId, ByteBuffer> appCredentials = new Dictionary <ApplicationId , ByteBuffer>(); Credentials app1Cred = new Credentials(); Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token1 = new Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier>(); token1.SetKind(new Text("kind1")); app1Cred.AddToken(new Text("token1"), token1); Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token2 = new Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier>(); token2.SetKind(new Text("kind2")); app1Cred.AddToken(new Text("token2"), token2); DataOutputBuffer dob = new DataOutputBuffer(); app1Cred.WriteTokenStorageToStream(dob); ByteBuffer byteBuffer1 = ByteBuffer.Wrap(dob.GetData(), 0, dob.GetLength()); appCredentials[ApplicationId.NewInstance(1234, 1)] = byteBuffer1; record.SetSystemCredentialsForApps(appCredentials); NodeHeartbeatResponse proto = new NodeHeartbeatResponsePBImpl(((NodeHeartbeatResponsePBImpl )record).GetProto()); NUnit.Framework.Assert.AreEqual(appCredentials, proto.GetSystemCredentialsForApps ()); }
public virtual void TestGetNewTokenOnRenewFailure() { Text service = new Text("myservice"); Configuration conf = Org.Mockito.Mockito.Mock <Configuration>(); Org.Apache.Hadoop.Security.Token.Token <object> token1 = Org.Mockito.Mockito.Mock < Org.Apache.Hadoop.Security.Token.Token>(); Org.Mockito.Mockito.DoReturn(service).When(token1).GetService(); Org.Mockito.Mockito.DoThrow(new IOException("boom")).When(token1).Renew(Eq(conf)); Org.Apache.Hadoop.Security.Token.Token <object> token2 = Org.Mockito.Mockito.Mock < Org.Apache.Hadoop.Security.Token.Token>(); Org.Mockito.Mockito.DoReturn(service).When(token2).GetService(); Org.Mockito.Mockito.DoAnswer(new _Answer_117()).When(token2).Renew(Eq(conf)); TestDelegationTokenRenewer.RenewableFileSystem fs = Org.Mockito.Mockito.Mock <TestDelegationTokenRenewer.RenewableFileSystem >(); Org.Mockito.Mockito.DoReturn(conf).When(fs).GetConf(); Org.Mockito.Mockito.DoReturn(token1).DoReturn(token2).When(fs).GetRenewToken(); Org.Mockito.Mockito.DoReturn(token2).When(fs).GetDelegationToken(null); Org.Mockito.Mockito.DoAnswer(new _Answer_128(token2)).When(fs).AddDelegationTokens (null, null); renewer.AddRenewAction(fs); Assert.Equal(1, renewer.GetRenewQueueLength()); Thread.Sleep(RenewCycle); Org.Mockito.Mockito.Verify(fs).GetRenewToken(); Org.Mockito.Mockito.Verify(token1, Org.Mockito.Mockito.AtLeast(1)).Renew(Eq(conf) ); Org.Mockito.Mockito.Verify(token1, Org.Mockito.Mockito.AtMost(2)).Renew(Eq(conf)); Org.Mockito.Mockito.Verify(fs).AddDelegationTokens(null, null); Org.Mockito.Mockito.Verify(fs).SetDelegationToken(Eq(token2)); Assert.Equal(1, renewer.GetRenewQueueLength()); renewer.RemoveRenewAction(fs); Org.Mockito.Mockito.Verify(token2).Cancel(Eq(conf)); Assert.Equal(0, renewer.GetRenewQueueLength()); }
private void AddJobToken(JobID jobId, string user, Org.Apache.Hadoop.Security.Token.Token <JobTokenIdentifier> jobToken) { userRsrc[jobId.ToString()] = user; secretManager.AddTokenForJob(jobId.ToString(), jobToken); Log.Info("Added token for " + jobId.ToString()); }
/// <exception cref="System.IO.IOException"/> public virtual GetDelegationTokenResponse GetDelegationToken(GetDelegationTokenRequest request) { UserGroupInformation ugi = UserGroupInformation.GetCurrentUser(); // Verify that the connection is kerberos authenticated if (!this.IsAllowedDelegationTokenOp()) { throw new IOException("Delegation Token can be issued only with kerberos authentication" ); } GetDelegationTokenResponse response = this.recordFactory.NewRecordInstance <GetDelegationTokenResponse >(); string user = ugi.GetUserName(); Text owner = new Text(user); Text realUser = null; if (ugi.GetRealUser() != null) { realUser = new Text(ugi.GetRealUser().GetUserName()); } MRDelegationTokenIdentifier tokenIdentifier = new MRDelegationTokenIdentifier(owner , new Text(request.GetRenewer()), realUser); Org.Apache.Hadoop.Security.Token.Token <MRDelegationTokenIdentifier> realJHSToken = new Org.Apache.Hadoop.Security.Token.Token <MRDelegationTokenIdentifier>(tokenIdentifier , this._enclosing.jhsDTSecretManager); Org.Apache.Hadoop.Yarn.Api.Records.Token mrDToken = Org.Apache.Hadoop.Yarn.Api.Records.Token .NewInstance(realJHSToken.GetIdentifier(), realJHSToken.GetKind().ToString(), realJHSToken .GetPassword(), realJHSToken.GetService().ToString()); response.SetDelegationToken(mrDToken); return(response); }
public _PrivilegedExceptionAction_333(TestDelegationToken.TestDelegationTokenSecretManager dtSecretManager, Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier > token) { this.dtSecretManager = dtSecretManager; this.token = token; }
public virtual void TestDelegationTokenSelector() { TestDelegationToken.TestDelegationTokenSecretManager dtSecretManager = new TestDelegationToken.TestDelegationTokenSecretManager (24 * 60 * 60 * 1000, 10 * 1000, 1 * 1000, 3600000); try { dtSecretManager.StartThreads(); AbstractDelegationTokenSelector ds = new AbstractDelegationTokenSelector <TestDelegationToken.TestDelegationTokenIdentifier >(Kind); //Creates a collection of tokens Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier > token1 = GenerateDelegationToken(dtSecretManager, "SomeUser1", "JobTracker"); token1.SetService(new Text("MY-SERVICE1")); Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier > token2 = GenerateDelegationToken(dtSecretManager, "SomeUser2", "JobTracker"); token2.SetService(new Text("MY-SERVICE2")); IList <Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier > > tokens = new AList <Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier > >(); tokens.AddItem(token1); tokens.AddItem(token2); //try to select a token with a given service name (created earlier) Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier > t = ds.SelectToken(new Text("MY-SERVICE1"), tokens); Assert.Equal(t, token1); } finally { dtSecretManager.StopThreads(); } }
public virtual void TestTokenBySuperUser() { TestSaslRPC.TestTokenSecretManager sm = new TestSaslRPC.TestTokenSecretManager(); Configuration newConf = new Configuration(masterConf); SecurityUtil.SetAuthenticationMethod(UserGroupInformation.AuthenticationMethod.Kerberos , newConf); UserGroupInformation.SetConfiguration(newConf); Server server = new RPC.Builder(newConf).SetProtocol(typeof(TestDoAsEffectiveUser.TestProtocol )).SetInstance(new TestDoAsEffectiveUser.TestImpl(this)).SetBindAddress(Address) .SetPort(0).SetNumHandlers(5).SetVerbose(true).SetSecretManager(sm).Build(); server.Start(); UserGroupInformation current = UserGroupInformation.CreateUserForTesting(RealUserName , GroupNames); RefreshConf(newConf); IPEndPoint addr = NetUtils.GetConnectAddress(server); TestSaslRPC.TestTokenIdentifier tokenId = new TestSaslRPC.TestTokenIdentifier(new Org.Apache.Hadoop.IO.Text(current.GetUserName()), new Org.Apache.Hadoop.IO.Text( "SomeSuperUser")); Org.Apache.Hadoop.Security.Token.Token <TestSaslRPC.TestTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token <TestSaslRPC.TestTokenIdentifier>(tokenId, sm); SecurityUtil.SetTokenService(token, addr); current.AddToken(token); string retVal = current.DoAs(new _PrivilegedExceptionAction_509(this, addr, newConf , server)); string expected = RealUserName + " (auth:TOKEN) via SomeSuperUser (auth:SIMPLE)"; Assert.Equal(retVal + "!=" + expected, expected, retVal); }
/// <exception cref="System.IO.IOException"/> public virtual void CancelToken <_T0>(Org.Apache.Hadoop.Security.Token.Token <_T0> token, string canceler) where _T0 : AbstractDelegationTokenIdentifier { canceler = (canceler != null) ? canceler : VerifyToken(token).GetShortUserName(); secretManager.CancelToken(token, canceler); }
/// <exception cref="System.IO.IOException"/> private BlockReaderLocalLegacy(DFSClient.Conf conf, string hdfsfile, ExtendedBlock block, Org.Apache.Hadoop.Security.Token.Token <BlockTokenIdentifier> token, long startOffset, long length, BlockLocalPathInfo pathinfo, FileInputStream dataIn) : this(conf, hdfsfile, block, token, startOffset, length, pathinfo, DataChecksum. NewDataChecksum(DataChecksum.Type.Null, 4), false, dataIn, startOffset, null) { }
/// <exception cref="System.IO.IOException"/> internal static DataInputBuffer CreateFakeCredentials(Random r, int nTok) { Credentials creds = new Credentials(); byte[] password = new byte[20]; Text kind = new Text(); Text service = new Text(); Text alias = new Text(); for (int i = 0; i < nTok; ++i) { byte[] identifier = Sharpen.Runtime.GetBytesForString(("idef" + i)); r.NextBytes(password); kind.Set("kind" + i); service.Set("service" + i); alias.Set("token" + i); Org.Apache.Hadoop.Security.Token.Token token = new Org.Apache.Hadoop.Security.Token.Token (identifier, password, kind, service); creds.AddToken(alias, token); } DataOutputBuffer buf = new DataOutputBuffer(); creds.WriteTokenStorageToStream(buf); DataInputBuffer ret = new DataInputBuffer(); ret.Reset(buf.GetData(), 0, buf.GetLength()); return(ret); }
/// <summary>Test that delegation tokens continue to work after the failover.</summary> /// <exception cref="System.IO.IOException"/> public virtual void TestDelegationTokensAfterFailover() { Configuration conf = new Configuration(); conf.SetBoolean(DFSConfigKeys.DfsNamenodeDelegationTokenAlwaysUseKey, true); MiniDFSCluster cluster = new MiniDFSCluster.Builder(conf).NnTopology(MiniDFSNNTopology .SimpleHATopology()).NumDataNodes(0).Build(); try { cluster.WaitActive(); cluster.TransitionToActive(0); NameNode nn1 = cluster.GetNameNode(0); NameNode nn2 = cluster.GetNameNode(1); string renewer = UserGroupInformation.GetLoginUser().GetUserName(); Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = nn1.GetRpcServer ().GetDelegationToken(new Text(renewer)); Log.Info("Failing over to NN 1"); cluster.TransitionToStandby(0); cluster.TransitionToActive(1); nn2.GetRpcServer().RenewDelegationToken(token); nn2.GetRpcServer().CancelDelegationToken(token); token = nn2.GetRpcServer().GetDelegationToken(new Text(renewer)); NUnit.Framework.Assert.IsTrue(token != null); } finally { cluster.Shutdown(); } }
public virtual void TestJobTokenRpc() { TaskUmbilicalProtocol mockTT = Org.Mockito.Mockito.Mock <TaskUmbilicalProtocol>(); Org.Mockito.Mockito.DoReturn(TaskUmbilicalProtocol.versionID).When(mockTT).GetProtocolVersion (Matchers.AnyString(), Matchers.AnyLong()); Org.Mockito.Mockito.DoReturn(ProtocolSignature.GetProtocolSignature(mockTT, typeof( TaskUmbilicalProtocol).FullName, TaskUmbilicalProtocol.versionID, 0)).When(mockTT ).GetProtocolSignature(Matchers.AnyString(), Matchers.AnyLong(), Matchers.AnyInt ()); JobTokenSecretManager sm = new JobTokenSecretManager(); Server server = new RPC.Builder(conf).SetProtocol(typeof(TaskUmbilicalProtocol)). SetInstance(mockTT).SetBindAddress(Address).SetPort(0).SetNumHandlers(5).SetVerbose (true).SetSecretManager(sm).Build(); server.Start(); UserGroupInformation current = UserGroupInformation.GetCurrentUser(); IPEndPoint addr = NetUtils.GetConnectAddress(server); string jobId = current.GetUserName(); JobTokenIdentifier tokenId = new JobTokenIdentifier(new Text(jobId)); Org.Apache.Hadoop.Security.Token.Token <JobTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token <JobTokenIdentifier>(tokenId, sm); sm.AddTokenForJob(jobId, token); SecurityUtil.SetTokenService(token, addr); Log.Info("Service address for token is " + token.GetService()); current.AddToken(token); current.DoAs(new _PrivilegedExceptionAction_110(addr, server)); }
/// <exception cref="System.IO.IOException"/> private static UserGroupInformation GetTokenUGI(ServletContext context, HttpServletRequest request, string tokenString, Configuration conf) { Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier>(); token.DecodeFromUrlString(tokenString); IPEndPoint serviceAddress = GetNNServiceAddress(context, request); if (serviceAddress != null) { SecurityUtil.SetTokenService(token, serviceAddress); token.SetKind(DelegationTokenIdentifier.HdfsDelegationKind); } ByteArrayInputStream buf = new ByteArrayInputStream(token.GetIdentifier()); DataInputStream @in = new DataInputStream(buf); DelegationTokenIdentifier id = new DelegationTokenIdentifier(); id.ReadFields(@in); if (context != null) { NameNode nn = NameNodeHttpServer.GetNameNodeFromContext(context); if (nn != null) { // Verify the token. nn.GetNamesystem().VerifyToken(id, token.GetPassword()); } } UserGroupInformation ugi = id.GetUser(); ugi.AddToken(token); return(ugi); }
public virtual void TestDTManager() { Configuration conf = new Configuration(false); conf.SetLong(DelegationTokenManager.UpdateInterval, DayInSecs); conf.SetLong(DelegationTokenManager.MaxLifetime, DayInSecs); conf.SetLong(DelegationTokenManager.RenewInterval, DayInSecs); conf.SetLong(DelegationTokenManager.RemovalScanInterval, DayInSecs); conf.GetBoolean(DelegationTokenManager.EnableZkKey, enableZKKey); DelegationTokenManager tm = new DelegationTokenManager(conf, new Text("foo")); tm.Init(); Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = (Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier>)tm.CreateToken(UserGroupInformation.GetCurrentUser() , "foo"); NUnit.Framework.Assert.IsNotNull(token); tm.VerifyToken(token); Assert.True(tm.RenewToken(token, "foo") > Runtime.CurrentTimeMillis ()); tm.CancelToken(token, "foo"); try { tm.VerifyToken(token); NUnit.Framework.Assert.Fail(); } catch (IOException) { } catch (Exception) { //NOP NUnit.Framework.Assert.Fail(); } tm.Destroy(); }
/// <summary> /// A helper function to serialize the JobTokenIdentifier to be sent to the /// ShuffleHandler as ServiceData. /// </summary> /// <param name="jobToken"> /// the job token to be used for authentication of /// shuffle data requests. /// </param> /// <returns>the serialized version of the jobToken.</returns> /// <exception cref="System.IO.IOException"/> public static ByteBuffer SerializeServiceData(Org.Apache.Hadoop.Security.Token.Token <JobTokenIdentifier> jobToken) { //TODO these bytes should be versioned DataOutputBuffer jobToken_dob = new DataOutputBuffer(); jobToken.Write(jobToken_dob); return ByteBuffer.Wrap(jobToken_dob.GetData(), 0, jobToken_dob.GetLength()); }
/// <exception cref="System.IO.IOException"/> public override void BlockChecksum(ExtendedBlock blk, Org.Apache.Hadoop.Security.Token.Token <BlockTokenIdentifier> blockToken) { DataTransferProtos.OpBlockChecksumProto proto = ((DataTransferProtos.OpBlockChecksumProto )DataTransferProtos.OpBlockChecksumProto.NewBuilder().SetHeader(DataTransferProtoUtil .BuildBaseHeader(blk, blockToken)).Build()); Send(@out, OP.BlockChecksum, proto); }