/// <exception cref="System.Exception"/> private void TokenGenerationAndVerification(BlockTokenSecretManager master, BlockTokenSecretManager slave) { // single-mode tokens foreach (BlockTokenSecretManager.AccessMode mode in BlockTokenSecretManager.AccessMode .Values()) { // generated by master Org.Apache.Hadoop.Security.Token.Token <BlockTokenIdentifier> token1 = master.GenerateToken (block1, EnumSet.Of(mode)); master.CheckAccess(token1, null, block1, mode); slave.CheckAccess(token1, null, block1, mode); // generated by slave Org.Apache.Hadoop.Security.Token.Token <BlockTokenIdentifier> token2 = slave.GenerateToken (block2, EnumSet.Of(mode)); master.CheckAccess(token2, null, block2, mode); slave.CheckAccess(token2, null, block2, mode); } // multi-mode tokens Org.Apache.Hadoop.Security.Token.Token <BlockTokenIdentifier> mtoken = master.GenerateToken (block3, EnumSet.AllOf <BlockTokenSecretManager.AccessMode>()); foreach (BlockTokenSecretManager.AccessMode mode_1 in BlockTokenSecretManager.AccessMode .Values()) { master.CheckAccess(mtoken, null, block3, mode_1); slave.CheckAccess(mtoken, null, block3, mode_1); } }
public virtual void TestBlockTokenRpcLeak() { Configuration conf = new Configuration(); conf.Set(CommonConfigurationKeysPublic.HadoopSecurityAuthentication, "kerberos"); UserGroupInformation.SetConfiguration(conf); Assume.AssumeTrue(FdDir.Exists()); BlockTokenSecretManager sm = new BlockTokenSecretManager(blockKeyUpdateInterval, blockTokenLifetime, 0, "fake-pool", null); Org.Apache.Hadoop.Security.Token.Token <BlockTokenIdentifier> token = sm.GenerateToken (block3, EnumSet.AllOf <BlockTokenSecretManager.AccessMode>()); Server server = CreateMockDatanode(sm, token, conf); server.Start(); IPEndPoint addr = NetUtils.GetConnectAddress(server); DatanodeID fakeDnId = DFSTestUtil.GetLocalDatanodeID(addr.Port); ExtendedBlock b = new ExtendedBlock("fake-pool", new Org.Apache.Hadoop.Hdfs.Protocol.Block (12345L)); LocatedBlock fakeBlock = new LocatedBlock(b, new DatanodeInfo[0]); fakeBlock.SetBlockToken(token); // Create another RPC proxy with the same configuration - this will never // attempt to connect anywhere -- but it causes the refcount on the // RPC "Client" object to stay above 0 such that RPC.stopProxy doesn't // actually close the TCP connections to the real target DN. ClientDatanodeProtocol proxyToNoWhere = RPC.GetProxy <ClientDatanodeProtocol>(ClientDatanodeProtocol .versionID, new IPEndPoint("1.1.1.1", 1), UserGroupInformation.CreateRemoteUser( "junk"), conf, NetUtils.GetDefaultSocketFactory(conf)); ClientDatanodeProtocol proxy = null; int fdsAtStart = CountOpenFileDescriptors(); try { long endTime = Time.Now() + 3000; while (Time.Now() < endTime) { proxy = DFSUtil.CreateClientDatanodeProtocolProxy(fakeDnId, conf, 1000, false, fakeBlock ); NUnit.Framework.Assert.AreEqual(block3.GetBlockId(), proxy.GetReplicaVisibleLength (block3)); if (proxy != null) { RPC.StopProxy(proxy); } Log.Info("Num open fds:" + CountOpenFileDescriptors()); } int fdsAtEnd = CountOpenFileDescriptors(); if (fdsAtEnd - fdsAtStart > 50) { NUnit.Framework.Assert.Fail("Leaked " + (fdsAtEnd - fdsAtStart) + " fds!"); } } finally { server.Stop(); } RPC.StopProxy(proxyToNoWhere); }
/// <exception cref="System.IO.IOException"/> private BlockTokenIdentifier GenerateTokenId(BlockTokenSecretManager sm, ExtendedBlock block, EnumSet <BlockTokenSecretManager.AccessMode> accessModes) { Org.Apache.Hadoop.Security.Token.Token <BlockTokenIdentifier> token = sm.GenerateToken (block, accessModes); BlockTokenIdentifier id = sm.CreateIdentifier(); id.ReadFields(new DataInputStream(new ByteArrayInputStream(token.GetIdentifier()) )); return(id); }
public virtual void TestBlockTokenRpc() { Configuration conf = new Configuration(); conf.Set(CommonConfigurationKeysPublic.HadoopSecurityAuthentication, "kerberos"); UserGroupInformation.SetConfiguration(conf); BlockTokenSecretManager sm = new BlockTokenSecretManager(blockKeyUpdateInterval, blockTokenLifetime, 0, "fake-pool", null); Org.Apache.Hadoop.Security.Token.Token <BlockTokenIdentifier> token = sm.GenerateToken (block3, EnumSet.AllOf <BlockTokenSecretManager.AccessMode>()); Server server = CreateMockDatanode(sm, token, conf); server.Start(); IPEndPoint addr = NetUtils.GetConnectAddress(server); UserGroupInformation ticket = UserGroupInformation.CreateRemoteUser(block3.ToString ()); ticket.AddToken(token); ClientDatanodeProtocol proxy = null; try { proxy = DFSUtil.CreateClientDatanodeProtocolProxy(addr, ticket, conf, NetUtils.GetDefaultSocketFactory (conf)); NUnit.Framework.Assert.AreEqual(block3.GetBlockId(), proxy.GetReplicaVisibleLength (block3)); } finally { server.Stop(); if (proxy != null) { RPC.StopProxy(proxy); } } }