public virtual void TestLogin()
{
string userPrincipal = Runtime.GetProperty("user.principal");
string userKeyTab = Runtime.GetProperty("user.keytab");
NUnit.Framework.Assert.IsNotNull("User principal was not specified", userPrincipal
);
NUnit.Framework.Assert.IsNotNull("User keytab was not specified", userKeyTab);
Configuration conf = new Configuration();
conf.Set(CommonConfigurationKeys.HadoopSecurityAuthentication, "kerberos");
UserGroupInformation.SetConfiguration(conf);
UserGroupInformation ugi = UserGroupInformation.LoginUserFromKeytabAndReturnUGI(userPrincipal
, userKeyTab);
Assert.Equal(UserGroupInformation.AuthenticationMethod.Kerberos
, ugi.GetAuthenticationMethod());
try
{
UserGroupInformation.LoginUserFromKeytabAndReturnUGI("*****@*****.**", userKeyTab
);
NUnit.Framework.Assert.Fail("Login should have failed");
}
catch (Exception ex)
{
Runtime.PrintStackTrace(ex);
}
}
public virtual void TestSecureNameNode()
{
MiniDFSCluster cluster = null;
try
{
string nnPrincipal = Runtime.GetProperty("dfs.namenode.kerberos.principal");
string nnSpnegoPrincipal = Runtime.GetProperty("dfs.namenode.kerberos.internal.spnego.principal"
);
string nnKeyTab = Runtime.GetProperty("dfs.namenode.keytab.file");
NUnit.Framework.Assert.IsNotNull("NameNode principal was not specified", nnPrincipal
);
NUnit.Framework.Assert.IsNotNull("NameNode SPNEGO principal was not specified", nnSpnegoPrincipal
);
NUnit.Framework.Assert.IsNotNull("NameNode keytab was not specified", nnKeyTab);
Configuration conf = new HdfsConfiguration();
conf.Set(CommonConfigurationKeys.HadoopSecurityAuthentication, "kerberos");
conf.Set(DFSConfigKeys.DfsNamenodeKerberosPrincipalKey, nnPrincipal);
conf.Set(DFSConfigKeys.DfsNamenodeKerberosInternalSpnegoPrincipalKey, nnSpnegoPrincipal
);
conf.Set(DFSConfigKeys.DfsNamenodeKeytabFileKey, nnKeyTab);
cluster = new MiniDFSCluster.Builder(conf).NumDataNodes(NumOfDatanodes).Build();
MiniDFSCluster clusterRef = cluster;
cluster.WaitActive();
FileSystem fsForCurrentUser = cluster.GetFileSystem();
fsForCurrentUser.Mkdirs(new Path("/tmp"));
fsForCurrentUser.SetPermission(new Path("/tmp"), new FsPermission((short)511));
// The user specified should not be a superuser
string userPrincipal = Runtime.GetProperty("user.principal");
string userKeyTab = Runtime.GetProperty("user.keytab");
NUnit.Framework.Assert.IsNotNull("User principal was not specified", userPrincipal
);
NUnit.Framework.Assert.IsNotNull("User keytab was not specified", userKeyTab);
UserGroupInformation ugi = UserGroupInformation.LoginUserFromKeytabAndReturnUGI(userPrincipal
, userKeyTab);
FileSystem fs = ugi.DoAs(new _PrivilegedExceptionAction_105(clusterRef));
try
{
Path p = new Path("/users");
fs.Mkdirs(p);
NUnit.Framework.Assert.Fail("User must not be allowed to write in /");
}
catch (IOException)
{
}
Path p_1 = new Path("/tmp/alpha");
fs.Mkdirs(p_1);
NUnit.Framework.Assert.IsNotNull(fs.ListStatus(p_1));
NUnit.Framework.Assert.AreEqual(UserGroupInformation.AuthenticationMethod.Kerberos
, ugi.GetAuthenticationMethod());
}
finally
{
if (cluster != null)
{
cluster.Shutdown();
}
}
}
/// <exception cref="System.Exception"/>
public static void Main(string[] args)
{
if (args.Length != 4)
{
System.Console.Error.WriteLine("usage: ManualTestKeytabLogins <principal 1> <keytab 1> <principal 2> <keytab 2>"
);
System.Environment.Exit(1);
}
UserGroupInformation ugi1 = UserGroupInformation.LoginUserFromKeytabAndReturnUGI(
args[0], args[1]);
System.Console.Out.WriteLine("UGI 1 = " + ugi1);
Assert.True(ugi1.GetUserName().Equals(args[0]));
UserGroupInformation ugi2 = UserGroupInformation.LoginUserFromKeytabAndReturnUGI(
args[2], args[3]);
System.Console.Out.WriteLine("UGI 2 = " + ugi2);
Assert.True(ugi2.GetUserName().Equals(args[2]));
}
/// <summary>Login via a UGI.</summary>
/// <remarks>Login via a UGI. Requres UGI to have been set up</remarks>
/// <param name="user">username</param>
/// <param name="keytab">keytab to list</param>
/// <returns>the UGI</returns>
/// <exception cref="System.IO.IOException"/>
public static UserGroupInformation LoginUGI(string user, FilePath keytab)
{
Log.Info("Logging in as {} from {}", user, keytab);
return(UserGroupInformation.LoginUserFromKeytabAndReturnUGI(user, keytab.GetAbsolutePath
()));
}
