/// <exception cref="System.IO.IOException"/> private void VerifyTokenWithTamperedUserName(Configuration conf, TestClientToAMTokens.CustomAM am, Org.Apache.Hadoop.Security.Token.Token <ClientToAMTokenIdentifier> token) { // Malicious user, messes with appId UserGroupInformation ugi = UserGroupInformation.CreateRemoteUser("me"); ClientToAMTokenIdentifier maliciousID = new ClientToAMTokenIdentifier(am.appAttemptId , "evilOrc"); VerifyTamperedToken(conf, am, token, ugi, maliciousID); }
public ClientToAMTokenIdentifierForTest(ClientToAMTokenIdentifier tokenIdentifier , string message) { YarnSecurityTestClientAMTokenProtos.ClientToAMTokenIdentifierForTestProto.Builder builder = YarnSecurityTestClientAMTokenProtos.ClientToAMTokenIdentifierForTestProto .NewBuilder(); builder.SetAppAttemptId(tokenIdentifier.GetProto().GetAppAttemptId()); builder.SetClientName(tokenIdentifier.GetProto().GetClientName()); builder.SetMessage(message); proto = ((YarnSecurityTestClientAMTokenProtos.ClientToAMTokenIdentifierForTestProto )builder.Build()); }
/// <exception cref="System.IO.IOException"/> private void VerifyTokenWithTamperedID(Configuration conf, TestClientToAMTokens.CustomAM am, Org.Apache.Hadoop.Security.Token.Token <ClientToAMTokenIdentifier> token) { // Malicious user, messes with appId UserGroupInformation ugi = UserGroupInformation.CreateRemoteUser("me"); ClientToAMTokenIdentifier maliciousID = new ClientToAMTokenIdentifier(BuilderUtils .NewApplicationAttemptId(BuilderUtils.NewApplicationId(am.appAttemptId.GetApplicationId ().GetClusterTimestamp(), 42), 43), UserGroupInformation.GetCurrentUser().GetShortUserName ()); VerifyTamperedToken(conf, am, token, ugi, maliciousID); }
public virtual void TestClientToAMTokenIdentifier() { ApplicationAttemptId appAttemptId = ApplicationAttemptId.NewInstance(ApplicationId .NewInstance(1, 1), 1); string clientName = "user"; ClientToAMTokenIdentifier token = new ClientToAMTokenIdentifier(appAttemptId, clientName ); ClientToAMTokenIdentifier anotherToken = new ClientToAMTokenIdentifier(); byte[] tokenContent = token.GetBytes(); DataInputBuffer dib = new DataInputBuffer(); dib.Reset(tokenContent, tokenContent.Length); anotherToken.ReadFields(dib); // verify the whole record equals with original record NUnit.Framework.Assert.AreEqual("Token is not the same after serialization " + "and deserialization." , token, anotherToken); NUnit.Framework.Assert.AreEqual("ApplicationAttemptId from proto is not the same with original token" , anotherToken.GetApplicationAttemptID(), appAttemptId); NUnit.Framework.Assert.AreEqual("clientName from proto is not the same with original token" , anotherToken.GetClientName(), clientName); }
private void VerifyTamperedToken(Configuration conf, TestClientToAMTokens.CustomAM am, Org.Apache.Hadoop.Security.Token.Token <ClientToAMTokenIdentifier> token, UserGroupInformation ugi, ClientToAMTokenIdentifier maliciousID) { Org.Apache.Hadoop.Security.Token.Token <ClientToAMTokenIdentifier> maliciousToken = new Org.Apache.Hadoop.Security.Token.Token <ClientToAMTokenIdentifier>(maliciousID .GetBytes(), token.GetPassword(), token.GetKind(), token.GetService()); ugi.AddToken(maliciousToken); try { ugi.DoAs(new _PrivilegedExceptionAction_338(am, conf)); } catch (Exception e) { NUnit.Framework.Assert.AreEqual(typeof(RemoteException).FullName, e.GetType().FullName ); e = ((RemoteException)e).UnwrapRemoteException(); NUnit.Framework.Assert.AreEqual(typeof(SaslException).GetCanonicalName(), e.GetType ().GetCanonicalName()); NUnit.Framework.Assert.IsTrue(e.Message.Contains("DIGEST-MD5: digest response format violation. " + "Mismatched response.")); NUnit.Framework.Assert.IsFalse(am.pinged); } }