[jira] [Commented] (HADOOP-11934) Use of JavaKeyStoreProvider in LdapGroupsMapping causes infinite loop

Hadoop QA (JIRA) Sat, 09 May 2015 21:30:10 -0700

    [ 
https://issues.apache.org/jira/browse/HADOOP-11934?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14537023#comment-14537023
 ]


Hadoop QA commented on HADOOP-11934:
------------------------------------

\\
\\
| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | pre-patch |  14m 32s | Pre-patch trunk compilation is 
healthy. |
| {color:green}+1{color} | @author |   0m  0s | The patch does not contain any 
@author tags. |
| {color:green}+1{color} | tests included |   0m  0s | The patch appears to 
include 1 new or modified test files. |
| {color:green}+1{color} | javac |   7m 27s | There were no new javac warning 
messages. |
| {color:green}+1{color} | javadoc |   9m 32s | There were no new javadoc 
warning messages. |
| {color:green}+1{color} | release audit |   0m 22s | The applied patch does 
not increase the total number of release audit warnings. |
| {color:red}-1{color} | checkstyle |   1m  7s | The applied patch generated  
82 new checkstyle issues (total was 19, now 99). |
| {color:red}-1{color} | whitespace |   0m  5s | The patch has 3  line(s) that 
end in whitespace. Use git apply --whitespace=fix. |
| {color:green}+1{color} | install |   1m 39s | mvn install still works. |
| {color:green}+1{color} | eclipse:eclipse |   0m 32s | The patch built with 
eclipse:eclipse. |
| {color:red}-1{color} | findbugs |   1m 43s | The patch appears to introduce 4 
new Findbugs (version 2.0.3) warnings. |
| {color:green}+1{color} | common tests |  22m 31s | Tests passed in 
hadoop-common. |
| | |  59m 35s | |
\\
\\
|| Reason || Tests ||
| FindBugs | module:hadoop-common |
|  |  Found reliance on default encoding in 
org.apache.hadoop.security.alias.AbstractJavaKeyStoreProvider.bytesToChars(byte[]):in
 
org.apache.hadoop.security.alias.AbstractJavaKeyStoreProvider.bytesToChars(byte[]):
 new String(byte[])  At AbstractJavaKeyStoreProvider.java:[line 176] |
|  |  Switch statement found in 
org.apache.hadoop.security.alias.LocalJavaKeyStoreProvider.addGroupPermissons(char,
 Set) where default case is missing  At LocalJavaKeyStoreProvider.java:Set) 
where default case is missing  At LocalJavaKeyStoreProvider.java:[lines 
147-168] |
|  |  Switch statement found in 
org.apache.hadoop.security.alias.LocalJavaKeyStoreProvider.addOthersPermissons(char,
 Set) where default case is missing  At LocalJavaKeyStoreProvider.java:Set) 
where default case is missing  At LocalJavaKeyStoreProvider.java:[lines 
120-141] |
|  |  Switch statement found in 
org.apache.hadoop.security.alias.LocalJavaKeyStoreProvider.addOwnerPermissions(char,
 Set) where default case is missing  At LocalJavaKeyStoreProvider.java:Set) 
where default case is missing  At LocalJavaKeyStoreProvider.java:[lines 
174-195] |
\\
\\
|| Subsystem || Report/Notes ||
| Patch URL | 
http://issues.apache.org/jira/secure/attachment/12731769/HADOOP-11934.001.patch 
|
| Optional Tests | javadoc javac unit findbugs checkstyle |
| git revision | trunk / a60f78e |
| checkstyle |  
https://builds.apache.org/job/PreCommit-HADOOP-Build/6574/artifact/patchprocess/diffcheckstylehadoop-common.txt
 |
| whitespace | 
https://builds.apache.org/job/PreCommit-HADOOP-Build/6574/artifact/patchprocess/whitespace.txt
 |
| Findbugs warnings | 
https://builds.apache.org/job/PreCommit-HADOOP-Build/6574/artifact/patchprocess/newPatchFindbugsWarningshadoop-common.html
 |
| hadoop-common test log | 
https://builds.apache.org/job/PreCommit-HADOOP-Build/6574/artifact/patchprocess/testrun_hadoop-common.txt
 |
| Test Results | 
https://builds.apache.org/job/PreCommit-HADOOP-Build/6574/testReport/ |
| Java | 1.7.0_55 |
| uname | Linux asf906.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP 
PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux |
| Console output | 
https://builds.apache.org/job/PreCommit-HADOOP-Build/6574/console |


This message was automatically generated.

> Use of JavaKeyStoreProvider in LdapGroupsMapping causes infinite loop
> ---------------------------------------------------------------------
>
>                 Key: HADOOP-11934
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11934
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.6.0
>            Reporter: Mike Yoder
>            Assignee: Larry McCay
>         Attachments: HADOOP-11934.001.patch
>
>
> I was attempting to use the LdapGroupsMapping code and the 
> JavaKeyStoreProvider at the same time, and hit a really interesting, yet 
> fatal, issue.  The code goes into what ought to have been an infinite loop, 
> were it not for it overflowing the stack and Java ending the loop.  Here is a 
> snippet of the stack; my annotations are at the bottom.
> {noformat}
>       at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:370)
>       at org.apache.hadoop.fs.Path.getFileSystem(Path.java:296)
>       at 
> org.apache.hadoop.security.alias.JavaKeyStoreProvider.<init>(JavaKeyStoreProvider.java:88)
>       at 
> org.apache.hadoop.security.alias.JavaKeyStoreProvider.<init>(JavaKeyStoreProvider.java:65)
>       at 
> org.apache.hadoop.security.alias.JavaKeyStoreProvider$Factory.createProvider(JavaKeyStoreProvider.java:291)
>       at 
> org.apache.hadoop.security.alias.CredentialProviderFactory.getProviders(CredentialProviderFactory.java:58)
>       at 
> org.apache.hadoop.conf.Configuration.getPasswordFromCredentialProviders(Configuration.java:1863)
>       at 
> org.apache.hadoop.conf.Configuration.getPassword(Configuration.java:1843)
>       at 
> org.apache.hadoop.security.LdapGroupsMapping.getPassword(LdapGroupsMapping.java:386)
>       at 
> org.apache.hadoop.security.LdapGroupsMapping.setConf(LdapGroupsMapping.java:349)
>       at 
> org.apache.hadoop.util.ReflectionUtils.setConf(ReflectionUtils.java:73)
>       at 
> org.apache.hadoop.util.ReflectionUtils.newInstance(ReflectionUtils.java:133)
>       at org.apache.hadoop.security.Groups.<init>(Groups.java:70)
>       at org.apache.hadoop.security.Groups.<init>(Groups.java:66)
>       at 
> org.apache.hadoop.security.Groups.getUserToGroupsMappingService(Groups.java:280)
>       at 
> org.apache.hadoop.security.UserGroupInformation.initialize(UserGroupInformation.java:283)
>       at 
> org.apache.hadoop.security.UserGroupInformation.ensureInitialized(UserGroupInformation.java:260)
>       at 
> org.apache.hadoop.security.UserGroupInformation.loginUserFromSubject(UserGroupInformation.java:804)
>       at 
> org.apache.hadoop.security.UserGroupInformation.getLoginUser(UserGroupInformation.java:774)
>       at 
> org.apache.hadoop.security.UserGroupInformation.getCurrentUser(UserGroupInformation.java:647)
>       at 
> org.apache.hadoop.fs.FileSystem$Cache$Key.<init>(FileSystem.java:2753)
>       at 
> org.apache.hadoop.fs.FileSystem$Cache$Key.<init>(FileSystem.java:2745)
>       at org.apache.hadoop.fs.FileSystem$Cache.get(FileSystem.java:2611)
>       at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:370)
>       at org.apache.hadoop.fs.Path.getFileSystem(Path.java:296)
>       at 
> org.apache.hadoop.security.alias.JavaKeyStoreProvider.<init>(JavaKeyStoreProvider.java:88)
>       at 
> org.apache.hadoop.security.alias.JavaKeyStoreProvider.<init>(JavaKeyStoreProvider.java:65)
>       at 
> org.apache.hadoop.security.alias.JavaKeyStoreProvider$Factory.createProvider(JavaKeyStoreProvider.java:291)
>       at 
> org.apache.hadoop.security.alias.CredentialProviderFactory.getProviders(CredentialProviderFactory.java:58)
>       at 
> org.apache.hadoop.conf.Configuration.getPasswordFromCredentialProviders(Configuration.java:1863)
>       at 
> org.apache.hadoop.conf.Configuration.getPassword(Configuration.java:1843)
>       at 
> org.apache.hadoop.security.LdapGroupsMapping.getPassword(LdapGroupsMapping.java:386)
>       at 
> org.apache.hadoop.security.LdapGroupsMapping.setConf(LdapGroupsMapping.java:349)
>       at 
> org.apache.hadoop.util.ReflectionUtils.setConf(ReflectionUtils.java:73)
>       at 
> org.apache.hadoop.util.ReflectionUtils.newInstance(ReflectionUtils.java:133)
>       at org.apache.hadoop.security.Groups.<init>(Groups.java:70)
>       at org.apache.hadoop.security.Groups.<init>(Groups.java:66)
>       at 
> org.apache.hadoop.security.Groups.getUserToGroupsMappingService(Groups.java:280)
>       at 
> org.apache.hadoop.security.UserGroupInformation.initialize(UserGroupInformation.java:283)
>       at 
> org.apache.hadoop.security.UserGroupInformation.ensureInitialized(UserGroupInformation.java:260)
>       at 
> org.apache.hadoop.security.UserGroupInformation.loginUserFromSubject(UserGroupInformation.java:804)
>       at 
> org.apache.hadoop.security.UserGroupInformation.getLoginUser(UserGroupInformation.java:774)
>       at 
> org.apache.hadoop.security.UserGroupInformation.getCurrentUser(UserGroupInformation.java:647)
>       at 
> org.apache.hadoop.fs.FileSystem$Cache$Key.<init>(FileSystem.java:2753)
>       at 
> org.apache.hadoop.fs.FileSystem$Cache$Key.<init>(FileSystem.java:2745)
>       at org.apache.hadoop.fs.FileSystem$Cache.get(FileSystem.java:2611)
>       at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:370)
>       at org.apache.hadoop.fs.Path.getFileSystem(Path.java:296){noformat}
> Here's my annotation, going from bottom to top.
> * Somehow we enter Path.getFileSystem()
> * This goes to FileSystem cache stuff, and then it wants the current user
> * So we get to UserGroupInformation.getCurrentUser(), which as you can 
> imagine gets to
> * getUserToGroupsMappingService and thence to LdapGroupsMapping.setConf().
> * That code gets the needed passwords, and we're using the 
> CredentialProvider, so unsurprisingly we get to
> * getPasswordFromCredentialProviders() - which chooses the 
> JavaKeyStoreProvider like I told it to.
> * The JavaKeyStoreProvider, in its constructor, does "fs = 
> path.getFileSystem(conf);"
> * And guess what, we're back in Path.getFileSystem, where we started at the 
> beginning.
> Please let me know if I've somehow configured something incorrectly, but if I 
> have I can't figure out what it is...



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (HADOOP-11934) Use of JavaKeyStoreProvider in LdapGroupsMapping causes infinite loop

Reply via email to