[ https://issues.apache.org/jira/browse/HADOOP-11934?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14537023#comment-14537023 ]
Hadoop QA commented on HADOOP-11934: ------------------------------------ \\ \\ | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | pre-patch | 14m 32s | Pre-patch trunk compilation is healthy. | | {color:green}+1{color} | @author | 0m 0s | The patch does not contain any @author tags. | | {color:green}+1{color} | tests included | 0m 0s | The patch appears to include 1 new or modified test files. | | {color:green}+1{color} | javac | 7m 27s | There were no new javac warning messages. | | {color:green}+1{color} | javadoc | 9m 32s | There were no new javadoc warning messages. | | {color:green}+1{color} | release audit | 0m 22s | The applied patch does not increase the total number of release audit warnings. | | {color:red}-1{color} | checkstyle | 1m 7s | The applied patch generated 82 new checkstyle issues (total was 19, now 99). | | {color:red}-1{color} | whitespace | 0m 5s | The patch has 3 line(s) that end in whitespace. Use git apply --whitespace=fix. | | {color:green}+1{color} | install | 1m 39s | mvn install still works. | | {color:green}+1{color} | eclipse:eclipse | 0m 32s | The patch built with eclipse:eclipse. | | {color:red}-1{color} | findbugs | 1m 43s | The patch appears to introduce 4 new Findbugs (version 2.0.3) warnings. | | {color:green}+1{color} | common tests | 22m 31s | Tests passed in hadoop-common. | | | | 59m 35s | | \\ \\ || Reason || Tests || | FindBugs | module:hadoop-common | | | Found reliance on default encoding in org.apache.hadoop.security.alias.AbstractJavaKeyStoreProvider.bytesToChars(byte[]):in org.apache.hadoop.security.alias.AbstractJavaKeyStoreProvider.bytesToChars(byte[]): new String(byte[]) At AbstractJavaKeyStoreProvider.java:[line 176] | | | Switch statement found in org.apache.hadoop.security.alias.LocalJavaKeyStoreProvider.addGroupPermissons(char, Set) where default case is missing At LocalJavaKeyStoreProvider.java:Set) where default case is missing At LocalJavaKeyStoreProvider.java:[lines 147-168] | | | Switch statement found in org.apache.hadoop.security.alias.LocalJavaKeyStoreProvider.addOthersPermissons(char, Set) where default case is missing At LocalJavaKeyStoreProvider.java:Set) where default case is missing At LocalJavaKeyStoreProvider.java:[lines 120-141] | | | Switch statement found in org.apache.hadoop.security.alias.LocalJavaKeyStoreProvider.addOwnerPermissions(char, Set) where default case is missing At LocalJavaKeyStoreProvider.java:Set) where default case is missing At LocalJavaKeyStoreProvider.java:[lines 174-195] | \\ \\ || Subsystem || Report/Notes || | Patch URL | http://issues.apache.org/jira/secure/attachment/12731769/HADOOP-11934.001.patch | | Optional Tests | javadoc javac unit findbugs checkstyle | | git revision | trunk / a60f78e | | checkstyle | https://builds.apache.org/job/PreCommit-HADOOP-Build/6574/artifact/patchprocess/diffcheckstylehadoop-common.txt | | whitespace | https://builds.apache.org/job/PreCommit-HADOOP-Build/6574/artifact/patchprocess/whitespace.txt | | Findbugs warnings | https://builds.apache.org/job/PreCommit-HADOOP-Build/6574/artifact/patchprocess/newPatchFindbugsWarningshadoop-common.html | | hadoop-common test log | https://builds.apache.org/job/PreCommit-HADOOP-Build/6574/artifact/patchprocess/testrun_hadoop-common.txt | | Test Results | https://builds.apache.org/job/PreCommit-HADOOP-Build/6574/testReport/ | | Java | 1.7.0_55 | | uname | Linux asf906.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux | | Console output | https://builds.apache.org/job/PreCommit-HADOOP-Build/6574/console | This message was automatically generated. > Use of JavaKeyStoreProvider in LdapGroupsMapping causes infinite loop > --------------------------------------------------------------------- > > Key: HADOOP-11934 > URL: https://issues.apache.org/jira/browse/HADOOP-11934 > Project: Hadoop Common > Issue Type: Bug > Components: security > Affects Versions: 2.6.0 > Reporter: Mike Yoder > Assignee: Larry McCay > Attachments: HADOOP-11934.001.patch > > > I was attempting to use the LdapGroupsMapping code and the > JavaKeyStoreProvider at the same time, and hit a really interesting, yet > fatal, issue. The code goes into what ought to have been an infinite loop, > were it not for it overflowing the stack and Java ending the loop. Here is a > snippet of the stack; my annotations are at the bottom. > {noformat} > at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:370) > at org.apache.hadoop.fs.Path.getFileSystem(Path.java:296) > at > org.apache.hadoop.security.alias.JavaKeyStoreProvider.<init>(JavaKeyStoreProvider.java:88) > at > org.apache.hadoop.security.alias.JavaKeyStoreProvider.<init>(JavaKeyStoreProvider.java:65) > at > org.apache.hadoop.security.alias.JavaKeyStoreProvider$Factory.createProvider(JavaKeyStoreProvider.java:291) > at > org.apache.hadoop.security.alias.CredentialProviderFactory.getProviders(CredentialProviderFactory.java:58) > at > org.apache.hadoop.conf.Configuration.getPasswordFromCredentialProviders(Configuration.java:1863) > at > org.apache.hadoop.conf.Configuration.getPassword(Configuration.java:1843) > at > org.apache.hadoop.security.LdapGroupsMapping.getPassword(LdapGroupsMapping.java:386) > at > org.apache.hadoop.security.LdapGroupsMapping.setConf(LdapGroupsMapping.java:349) > at > org.apache.hadoop.util.ReflectionUtils.setConf(ReflectionUtils.java:73) > at > org.apache.hadoop.util.ReflectionUtils.newInstance(ReflectionUtils.java:133) > at org.apache.hadoop.security.Groups.<init>(Groups.java:70) > at org.apache.hadoop.security.Groups.<init>(Groups.java:66) > at > org.apache.hadoop.security.Groups.getUserToGroupsMappingService(Groups.java:280) > at > org.apache.hadoop.security.UserGroupInformation.initialize(UserGroupInformation.java:283) > at > org.apache.hadoop.security.UserGroupInformation.ensureInitialized(UserGroupInformation.java:260) > at > org.apache.hadoop.security.UserGroupInformation.loginUserFromSubject(UserGroupInformation.java:804) > at > org.apache.hadoop.security.UserGroupInformation.getLoginUser(UserGroupInformation.java:774) > at > org.apache.hadoop.security.UserGroupInformation.getCurrentUser(UserGroupInformation.java:647) > at > org.apache.hadoop.fs.FileSystem$Cache$Key.<init>(FileSystem.java:2753) > at > org.apache.hadoop.fs.FileSystem$Cache$Key.<init>(FileSystem.java:2745) > at org.apache.hadoop.fs.FileSystem$Cache.get(FileSystem.java:2611) > at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:370) > at org.apache.hadoop.fs.Path.getFileSystem(Path.java:296) > at > org.apache.hadoop.security.alias.JavaKeyStoreProvider.<init>(JavaKeyStoreProvider.java:88) > at > org.apache.hadoop.security.alias.JavaKeyStoreProvider.<init>(JavaKeyStoreProvider.java:65) > at > org.apache.hadoop.security.alias.JavaKeyStoreProvider$Factory.createProvider(JavaKeyStoreProvider.java:291) > at > org.apache.hadoop.security.alias.CredentialProviderFactory.getProviders(CredentialProviderFactory.java:58) > at > org.apache.hadoop.conf.Configuration.getPasswordFromCredentialProviders(Configuration.java:1863) > at > org.apache.hadoop.conf.Configuration.getPassword(Configuration.java:1843) > at > org.apache.hadoop.security.LdapGroupsMapping.getPassword(LdapGroupsMapping.java:386) > at > org.apache.hadoop.security.LdapGroupsMapping.setConf(LdapGroupsMapping.java:349) > at > org.apache.hadoop.util.ReflectionUtils.setConf(ReflectionUtils.java:73) > at > org.apache.hadoop.util.ReflectionUtils.newInstance(ReflectionUtils.java:133) > at org.apache.hadoop.security.Groups.<init>(Groups.java:70) > at org.apache.hadoop.security.Groups.<init>(Groups.java:66) > at > org.apache.hadoop.security.Groups.getUserToGroupsMappingService(Groups.java:280) > at > org.apache.hadoop.security.UserGroupInformation.initialize(UserGroupInformation.java:283) > at > org.apache.hadoop.security.UserGroupInformation.ensureInitialized(UserGroupInformation.java:260) > at > org.apache.hadoop.security.UserGroupInformation.loginUserFromSubject(UserGroupInformation.java:804) > at > org.apache.hadoop.security.UserGroupInformation.getLoginUser(UserGroupInformation.java:774) > at > org.apache.hadoop.security.UserGroupInformation.getCurrentUser(UserGroupInformation.java:647) > at > org.apache.hadoop.fs.FileSystem$Cache$Key.<init>(FileSystem.java:2753) > at > org.apache.hadoop.fs.FileSystem$Cache$Key.<init>(FileSystem.java:2745) > at org.apache.hadoop.fs.FileSystem$Cache.get(FileSystem.java:2611) > at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:370) > at org.apache.hadoop.fs.Path.getFileSystem(Path.java:296){noformat} > Here's my annotation, going from bottom to top. > * Somehow we enter Path.getFileSystem() > * This goes to FileSystem cache stuff, and then it wants the current user > * So we get to UserGroupInformation.getCurrentUser(), which as you can > imagine gets to > * getUserToGroupsMappingService and thence to LdapGroupsMapping.setConf(). > * That code gets the needed passwords, and we're using the > CredentialProvider, so unsurprisingly we get to > * getPasswordFromCredentialProviders() - which chooses the > JavaKeyStoreProvider like I told it to. > * The JavaKeyStoreProvider, in its constructor, does "fs = > path.getFileSystem(conf);" > * And guess what, we're back in Path.getFileSystem, where we started at the > beginning. > Please let me know if I've somehow configured something incorrectly, but if I > have I can't figure out what it is... -- This message was sent by Atlassian JIRA (v6.3.4#6332)