예제 #1
0
 /// <exception cref="System.Exception"/>
 private void TokenGenerationAndVerification(BlockTokenSecretManager master, BlockTokenSecretManager
                                             slave)
 {
     // single-mode tokens
     foreach (BlockTokenSecretManager.AccessMode mode in BlockTokenSecretManager.AccessMode
              .Values())
     {
         // generated by master
         Org.Apache.Hadoop.Security.Token.Token <BlockTokenIdentifier> token1 = master.GenerateToken
                                                                                    (block1, EnumSet.Of(mode));
         master.CheckAccess(token1, null, block1, mode);
         slave.CheckAccess(token1, null, block1, mode);
         // generated by slave
         Org.Apache.Hadoop.Security.Token.Token <BlockTokenIdentifier> token2 = slave.GenerateToken
                                                                                    (block2, EnumSet.Of(mode));
         master.CheckAccess(token2, null, block2, mode);
         slave.CheckAccess(token2, null, block2, mode);
     }
     // multi-mode tokens
     Org.Apache.Hadoop.Security.Token.Token <BlockTokenIdentifier> mtoken = master.GenerateToken
                                                                                (block3, EnumSet.AllOf <BlockTokenSecretManager.AccessMode>());
     foreach (BlockTokenSecretManager.AccessMode mode_1 in BlockTokenSecretManager.AccessMode
              .Values())
     {
         master.CheckAccess(mtoken, null, block3, mode_1);
         slave.CheckAccess(mtoken, null, block3, mode_1);
     }
 }
 /// <summary>
 /// Add a block pool Id and corresponding
 /// <see cref="BlockTokenSecretManager"/>
 /// to map
 /// </summary>
 /// <param name="bpid">block pool Id</param>
 /// <param name="secretMgr">
 ///
 /// <see cref="BlockTokenSecretManager"/>
 /// </param>
 public virtual void AddBlockPool(string bpid, BlockTokenSecretManager secretMgr)
 {
     lock (this)
     {
         map[bpid] = secretMgr;
     }
 }
예제 #3
0
        public virtual void TestBlockTokenRpcLeak()
        {
            Configuration conf = new Configuration();

            conf.Set(CommonConfigurationKeysPublic.HadoopSecurityAuthentication, "kerberos");
            UserGroupInformation.SetConfiguration(conf);
            Assume.AssumeTrue(FdDir.Exists());
            BlockTokenSecretManager sm = new BlockTokenSecretManager(blockKeyUpdateInterval,
                                                                     blockTokenLifetime, 0, "fake-pool", null);

            Org.Apache.Hadoop.Security.Token.Token <BlockTokenIdentifier> token = sm.GenerateToken
                                                                                      (block3, EnumSet.AllOf <BlockTokenSecretManager.AccessMode>());
            Server server = CreateMockDatanode(sm, token, conf);

            server.Start();
            IPEndPoint    addr     = NetUtils.GetConnectAddress(server);
            DatanodeID    fakeDnId = DFSTestUtil.GetLocalDatanodeID(addr.Port);
            ExtendedBlock b        = new ExtendedBlock("fake-pool", new Org.Apache.Hadoop.Hdfs.Protocol.Block
                                                           (12345L));
            LocatedBlock fakeBlock = new LocatedBlock(b, new DatanodeInfo[0]);

            fakeBlock.SetBlockToken(token);
            // Create another RPC proxy with the same configuration - this will never
            // attempt to connect anywhere -- but it causes the refcount on the
            // RPC "Client" object to stay above 0 such that RPC.stopProxy doesn't
            // actually close the TCP connections to the real target DN.
            ClientDatanodeProtocol proxyToNoWhere = RPC.GetProxy <ClientDatanodeProtocol>(ClientDatanodeProtocol
                                                                                          .versionID, new IPEndPoint("1.1.1.1", 1), UserGroupInformation.CreateRemoteUser(
                                                                                              "junk"), conf, NetUtils.GetDefaultSocketFactory(conf));
            ClientDatanodeProtocol proxy = null;
            int fdsAtStart = CountOpenFileDescriptors();

            try
            {
                long endTime = Time.Now() + 3000;
                while (Time.Now() < endTime)
                {
                    proxy = DFSUtil.CreateClientDatanodeProtocolProxy(fakeDnId, conf, 1000, false, fakeBlock
                                                                      );
                    NUnit.Framework.Assert.AreEqual(block3.GetBlockId(), proxy.GetReplicaVisibleLength
                                                        (block3));
                    if (proxy != null)
                    {
                        RPC.StopProxy(proxy);
                    }
                    Log.Info("Num open fds:" + CountOpenFileDescriptors());
                }
                int fdsAtEnd = CountOpenFileDescriptors();
                if (fdsAtEnd - fdsAtStart > 50)
                {
                    NUnit.Framework.Assert.Fail("Leaked " + (fdsAtEnd - fdsAtStart) + " fds!");
                }
            }
            finally
            {
                server.Stop();
            }
            RPC.StopProxy(proxyToNoWhere);
        }
예제 #4
0
        /// <exception cref="System.IO.IOException"/>
        private BlockTokenIdentifier GenerateTokenId(BlockTokenSecretManager sm, ExtendedBlock
                                                     block, EnumSet <BlockTokenSecretManager.AccessMode> accessModes)
        {
            Org.Apache.Hadoop.Security.Token.Token <BlockTokenIdentifier> token = sm.GenerateToken
                                                                                      (block, accessModes);
            BlockTokenIdentifier id = sm.CreateIdentifier();

            id.ReadFields(new DataInputStream(new ByteArrayInputStream(token.GetIdentifier())
                                              ));
            return(id);
        }
 internal virtual BlockTokenSecretManager Get(string bpid)
 {
     lock (this)
     {
         BlockTokenSecretManager secretMgr = map[bpid];
         if (secretMgr == null)
         {
             throw new ArgumentException("Block pool " + bpid + " is not found");
         }
         return(secretMgr);
     }
 }
예제 #6
0
        public virtual void TestWritable()
        {
            TestWritable.TestWritable(new BlockTokenIdentifier());
            BlockTokenSecretManager sm = new BlockTokenSecretManager(blockKeyUpdateInterval,
                                                                     blockTokenLifetime, 0, "fake-pool", null);

            TestWritable.TestWritable(GenerateTokenId(sm, block1, EnumSet.AllOf <BlockTokenSecretManager.AccessMode
                                                                                 >()));
            TestWritable.TestWritable(GenerateTokenId(sm, block2, EnumSet.Of(BlockTokenSecretManager.AccessMode
                                                                             .Write)));
            TestWritable.TestWritable(GenerateTokenId(sm, block3, EnumSet.NoneOf <BlockTokenSecretManager.AccessMode
                                                                                  >()));
        }
예제 #7
0
        public virtual void TestBlockTokenSecretManager()
        {
            BlockTokenSecretManager masterHandler = new BlockTokenSecretManager(blockKeyUpdateInterval
                                                                                , blockTokenLifetime, 0, "fake-pool", null);
            BlockTokenSecretManager slaveHandler = new BlockTokenSecretManager(blockKeyUpdateInterval
                                                                               , blockTokenLifetime, "fake-pool", null);
            ExportedBlockKeys keys = masterHandler.ExportKeys();

            slaveHandler.AddKeys(keys);
            TokenGenerationAndVerification(masterHandler, slaveHandler);
            // key updating
            masterHandler.UpdateKeys();
            TokenGenerationAndVerification(masterHandler, slaveHandler);
            keys = masterHandler.ExportKeys();
            slaveHandler.AddKeys(keys);
            TokenGenerationAndVerification(masterHandler, slaveHandler);
        }
예제 #8
0
        /// <exception cref="System.IO.IOException"/>
        /// <exception cref="Com.Google.Protobuf.ServiceException"/>
        private static Server CreateMockDatanode(BlockTokenSecretManager sm, Org.Apache.Hadoop.Security.Token.Token
                                                 <BlockTokenIdentifier> token, Configuration conf)
        {
            ClientDatanodeProtocolPB mockDN = Org.Mockito.Mockito.Mock <ClientDatanodeProtocolPB
                                                                        >();
            BlockTokenIdentifier id = sm.CreateIdentifier();

            id.ReadFields(new DataInputStream(new ByteArrayInputStream(token.GetIdentifier())
                                              ));
            Org.Mockito.Mockito.DoAnswer(new TestBlockToken.GetLengthAnswer(sm, id)).When(mockDN
                                                                                          ).GetReplicaVisibleLength(Matchers.Any <RpcController>(), Matchers.Any <ClientDatanodeProtocolProtos.GetReplicaVisibleLengthRequestProto
                                                                                                                                                                  >());
            RPC.SetProtocolEngine(conf, typeof(ClientDatanodeProtocolPB), typeof(ProtobufRpcEngine
                                                                                 ));
            BlockingService service = ClientDatanodeProtocolProtos.ClientDatanodeProtocolService
                                      .NewReflectiveBlockingService(mockDN);

            return(new RPC.Builder(conf).SetProtocol(typeof(ClientDatanodeProtocolPB)).SetInstance
                       (service).SetBindAddress(Address).SetPort(0).SetNumHandlers(5).SetVerbose(true).
                   SetSecretManager(sm).Build());
        }
예제 #9
0
        public virtual void TestBlockTokenRpc()
        {
            Configuration conf = new Configuration();

            conf.Set(CommonConfigurationKeysPublic.HadoopSecurityAuthentication, "kerberos");
            UserGroupInformation.SetConfiguration(conf);
            BlockTokenSecretManager sm = new BlockTokenSecretManager(blockKeyUpdateInterval,
                                                                     blockTokenLifetime, 0, "fake-pool", null);

            Org.Apache.Hadoop.Security.Token.Token <BlockTokenIdentifier> token = sm.GenerateToken
                                                                                      (block3, EnumSet.AllOf <BlockTokenSecretManager.AccessMode>());
            Server server = CreateMockDatanode(sm, token, conf);

            server.Start();
            IPEndPoint           addr   = NetUtils.GetConnectAddress(server);
            UserGroupInformation ticket = UserGroupInformation.CreateRemoteUser(block3.ToString
                                                                                    ());

            ticket.AddToken(token);
            ClientDatanodeProtocol proxy = null;

            try
            {
                proxy = DFSUtil.CreateClientDatanodeProtocolProxy(addr, ticket, conf, NetUtils.GetDefaultSocketFactory
                                                                      (conf));
                NUnit.Framework.Assert.AreEqual(block3.GetBlockId(), proxy.GetReplicaVisibleLength
                                                    (block3));
            }
            finally
            {
                server.Stop();
                if (proxy != null)
                {
                    RPC.StopProxy(proxy);
                }
            }
        }
예제 #10
0
        public virtual void TestBlockPoolTokenSecretManager()
        {
            BlockPoolTokenSecretManager bpMgr = new BlockPoolTokenSecretManager();

            // Test BlockPoolSecretManager with upto 10 block pools
            for (int i = 0; i < 10; i++)
            {
                string bpid = Sharpen.Extensions.ToString(i);
                BlockTokenSecretManager masterHandler = new BlockTokenSecretManager(blockKeyUpdateInterval
                                                                                    , blockTokenLifetime, 0, "fake-pool", null);
                BlockTokenSecretManager slaveHandler = new BlockTokenSecretManager(blockKeyUpdateInterval
                                                                                   , blockTokenLifetime, "fake-pool", null);
                bpMgr.AddBlockPool(bpid, slaveHandler);
                ExportedBlockKeys keys = masterHandler.ExportKeys();
                bpMgr.AddKeys(bpid, keys);
                TokenGenerationAndVerification(masterHandler, bpMgr.Get(bpid));
                // Test key updating
                masterHandler.UpdateKeys();
                TokenGenerationAndVerification(masterHandler, bpMgr.Get(bpid));
                keys = masterHandler.ExportKeys();
                bpMgr.AddKeys(bpid, keys);
                TokenGenerationAndVerification(masterHandler, bpMgr.Get(bpid));
            }
        }
예제 #11
0
 /// <summary>set access token lifetime.</summary>
 public static void SetBlockTokenLifetime(BlockTokenSecretManager handler, long tokenLifetime
                                          )
 {
     handler.SetTokenLifetime(tokenLifetime);
 }
예제 #12
0
 /// <summary>check if an access token is expired.</summary>
 /// <remarks>
 /// check if an access token is expired. return true when token is expired,
 /// false otherwise
 /// </remarks>
 /// <exception cref="System.IO.IOException"/>
 public static bool IsBlockTokenExpired(Org.Apache.Hadoop.Security.Token.Token <BlockTokenIdentifier
                                                                                > token)
 {
     return(BlockTokenSecretManager.IsTokenExpired(token));
 }
예제 #13
0
 public GetLengthAnswer(BlockTokenSecretManager sm, BlockTokenIdentifier ident)
 {
     this.sm    = sm;
     this.ident = ident;
 }