Hadoop Common
  1. Hadoop Common
  2. HADOOP-9431

TestSecurityUtil#testLocalHostNameForNullOrWild on systems where hostname contains capital letters

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Trivial Trivial
    • Resolution: Fixed
    • Affects Version/s: 3.0.0
    • Fix Version/s: 3.0.0
    • Component/s: security, test
    • Labels:
      None
    • Target Version/s:

      Description

      TestSecurityUtil#testLocalHostNameForNullOrWild contains assertions about the principal returned for a null or wildcard hostname. The logic in SecurityUtil#getServerPrincipal converts the local hostname to lower-case. The test method does not perform the same conversion though, so the test passes on systems with a hostname containing no upper-case letters, but it fails if the hostname does contain upper-case letters.

        Issue Links

          Activity

          Hide
          Chris Nauroth added a comment -

          Attaching trivial patch. The corresponding lower-case conversion in the product code is in SecurityUtil#replacePattern.

          Show
          Chris Nauroth added a comment - Attaching trivial patch. The corresponding lower-case conversion in the product code is in SecurityUtil#replacePattern .
          Hide
          Arpit Agarwal added a comment -

          Hi Chris, will the output of SecurityUtil.getServerPrincipal always be lower case? I am not sure from a quick look at it.

          Show
          Arpit Agarwal added a comment - Hi Chris, will the output of SecurityUtil.getServerPrincipal always be lower case? I am not sure from a quick look at it.
          Hide
          Arpit Agarwal added a comment -

          Sorry, you just pointed out that it is.

          +1

          Show
          Arpit Agarwal added a comment - Sorry, you just pointed out that it is. +1
          Hide
          Chris Nauroth added a comment -

          For the case covered by this test, the output always will be lower case. SecurityUtil#getServerPrincipal calls SecurityUtil#replacePattern, and that method always calls String#toLowerCase on the given hostname.

          There is another case where the caller passes a principalConfig that doesn't fit the dynamic config syntax. In this case, it just returns principalConfig as is without conversion. For example, I could hard-code a principal in my config like "cnauroth/MyHost@myrealm". In this case, the method won't perform a conversion on the hostname. This is different from the case covered by this unit test though.

          Show
          Chris Nauroth added a comment - For the case covered by this test, the output always will be lower case. SecurityUtil#getServerPrincipal calls SecurityUtil#replacePattern , and that method always calls String#toLowerCase on the given hostname. There is another case where the caller passes a principalConfig that doesn't fit the dynamic config syntax. In this case, it just returns principalConfig as is without conversion. For example, I could hard-code a principal in my config like "cnauroth/MyHost@myrealm". In this case, the method won't perform a conversion on the hostname. This is different from the case covered by this unit test though.
          Hide
          Chris Nauroth added a comment -

          Oops, our messages crossed. Thanks for the review, Arpit!

          Show
          Chris Nauroth added a comment - Oops, our messages crossed. Thanks for the review, Arpit!
          Hide
          Hadoop QA added a comment -

          +1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12575132/HADOOP-9431.1.patch
          against trunk revision .

          +1 @author. The patch does not contain any @author tags.

          +1 tests included. The patch appears to include 1 new or modified test files.

          +1 tests included appear to have a timeout.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          +1 javadoc. The javadoc tool did not generate any warning messages.

          +1 eclipse:eclipse. The patch built with eclipse:eclipse.

          +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          +1 core tests. The patch passed unit tests in hadoop-common-project/hadoop-common.

          +1 contrib tests. The patch passed contrib unit tests.

          Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/2356//testReport/
          Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/2356//console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - +1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12575132/HADOOP-9431.1.patch against trunk revision . +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 1 new or modified test files. +1 tests included appear to have a timeout. +1 javac . The applied patch does not increase the total number of javac compiler warnings. +1 javadoc . The javadoc tool did not generate any warning messages. +1 eclipse:eclipse . The patch built with eclipse:eclipse. +1 findbugs . The patch does not introduce any new Findbugs (version 1.3.9) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. +1 core tests . The patch passed unit tests in hadoop-common-project/hadoop-common. +1 contrib tests . The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/2356//testReport/ Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/2356//console This message is automatically generated.
          Hide
          Sanjay Radia added a comment -

          +1
          Committed. Thanks Chris.

          Show
          Sanjay Radia added a comment - +1 Committed. Thanks Chris.
          Hide
          Hudson added a comment -

          Integrated in Hadoop-trunk-Commit #3517 (See https://builds.apache.org/job/Hadoop-trunk-Commit/3517/)
          HADOOP-9431 TestSecurityUtil#testLocalHostNameForNullOrWild on systems where hostname contains capital letters (Chris Nauroth via sanjay) (Revision 1460181)

          Result = SUCCESS
          sradia : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1460181
          Files :

          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestSecurityUtil.java
          Show
          Hudson added a comment - Integrated in Hadoop-trunk-Commit #3517 (See https://builds.apache.org/job/Hadoop-trunk-Commit/3517/ ) HADOOP-9431 TestSecurityUtil#testLocalHostNameForNullOrWild on systems where hostname contains capital letters (Chris Nauroth via sanjay) (Revision 1460181) Result = SUCCESS sradia : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1460181 Files : /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestSecurityUtil.java
          Hide
          Chris Nauroth added a comment -

          Thank you, Sanjay!

          Show
          Chris Nauroth added a comment - Thank you, Sanjay!
          Hide
          Hudson added a comment -

          Integrated in Hadoop-Yarn-trunk #165 (See https://builds.apache.org/job/Hadoop-Yarn-trunk/165/)
          HADOOP-9431 TestSecurityUtil#testLocalHostNameForNullOrWild on systems where hostname contains capital letters (Chris Nauroth via sanjay) (Revision 1460181)

          Result = SUCCESS
          sradia : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1460181
          Files :

          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestSecurityUtil.java
          Show
          Hudson added a comment - Integrated in Hadoop-Yarn-trunk #165 (See https://builds.apache.org/job/Hadoop-Yarn-trunk/165/ ) HADOOP-9431 TestSecurityUtil#testLocalHostNameForNullOrWild on systems where hostname contains capital letters (Chris Nauroth via sanjay) (Revision 1460181) Result = SUCCESS sradia : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1460181 Files : /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestSecurityUtil.java
          Hide
          Hudson added a comment -

          Integrated in Hadoop-Hdfs-trunk #1354 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/1354/)
          HADOOP-9431 TestSecurityUtil#testLocalHostNameForNullOrWild on systems where hostname contains capital letters (Chris Nauroth via sanjay) (Revision 1460181)

          Result = FAILURE
          sradia : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1460181
          Files :

          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestSecurityUtil.java
          Show
          Hudson added a comment - Integrated in Hadoop-Hdfs-trunk #1354 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/1354/ ) HADOOP-9431 TestSecurityUtil#testLocalHostNameForNullOrWild on systems where hostname contains capital letters (Chris Nauroth via sanjay) (Revision 1460181) Result = FAILURE sradia : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1460181 Files : /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestSecurityUtil.java
          Hide
          Hudson added a comment -

          Integrated in Hadoop-Mapreduce-trunk #1382 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1382/)
          HADOOP-9431 TestSecurityUtil#testLocalHostNameForNullOrWild on systems where hostname contains capital letters (Chris Nauroth via sanjay) (Revision 1460181)

          Result = SUCCESS
          sradia : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1460181
          Files :

          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
          • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestSecurityUtil.java
          Show
          Hudson added a comment - Integrated in Hadoop-Mapreduce-trunk #1382 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1382/ ) HADOOP-9431 TestSecurityUtil#testLocalHostNameForNullOrWild on systems where hostname contains capital letters (Chris Nauroth via sanjay) (Revision 1460181) Result = SUCCESS sradia : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1460181 Files : /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestSecurityUtil.java
          Hide
          Steven Willis added a comment -

          Nice to see HADOOP-8514 finally get fixed. I guess someone can close that one.

          Show
          Steven Willis added a comment - Nice to see HADOOP-8514 finally get fixed. I guess someone can close that one.
          Hide
          Chris Nauroth added a comment -

          Hi, Steven Willis. So sorry! I completely missed that you had already filed HADOOP-8514 for this issue.

          Show
          Chris Nauroth added a comment - Hi, Steven Willis . So sorry! I completely missed that you had already filed HADOOP-8514 for this issue.
          Hide
          Steven Willis added a comment -

          No problem, I was just going through some old issues I've had an interest in and thought I would re-submit a patch for that one. When my patch no longer applied to trunk cleanly, I realized it had been fixed!

          Show
          Steven Willis added a comment - No problem, I was just going through some old issues I've had an interest in and thought I would re-submit a patch for that one. When my patch no longer applied to trunk cleanly, I realized it had been fixed!

            People

            • Assignee:
              Chris Nauroth
              Reporter:
              Chris Nauroth
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development