PageRenderTime 83ms CodeModel.GetById 14ms RepoModel.GetById 0ms app.codeStats 0ms

/src/java/org/apache/hadoop/security/ShellBasedUnixGroupsNetgroupMapping.java

https://github.com/RS1999ent/hadoop-common
Java | 151 lines | 74 code | 14 blank | 63 comment | 9 complexity | bf371039440eb51bcb24d0461dc84e84 MD5 | raw file
    

  1. /**
    2. 

  2.  * Licensed to the Apache Software Foundation (ASF) under one
    3. 

  3.  * or more contributor license agreements.  See the NOTICE file
    4. 

  4.  * distributed with this work for additional information
    5. 

  5.  * regarding copyright ownership.  The ASF licenses this file
    6. 

  6.  * to you under the Apache License, Version 2.0 (the
    7. 

  7.  * "License"); you may not use this file except in compliance
    8. 

  8.  * with the License.  You may obtain a copy of the License at
    9. 

  9.  *
    10. 

  10.  *     http://www.apache.org/licenses/LICENSE-2.0
    11. 

  11.  *
    12. 

  12.  * Unless required by applicable law or agreed to in writing, software
    13. 

  13.  * distributed under the License is distributed on an "AS IS" BASIS,
    14. 

  14.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    15. 

  15.  * See the License for the specific language governing permissions and
    16. 

  16.  * limitations under the License.
    17. 

  17.  */
    18. 

  18. package org.apache.hadoop.security;
    19. 

  19. 

  20. import java.io.IOException;
    21. 

  21. import java.util.LinkedList;
    22. 

  22. import java.util.List;
    23. 

  23. import java.util.Map;
    24. 

  24. import java.util.Set;
    25. 

  25. import java.util.HashSet;
    26. 

  26. import java.util.StringTokenizer;
    27. 

  27. import java.util.concurrent.ConcurrentHashMap;
    28. 

  28. 

  29. import org.apache.hadoop.classification.InterfaceAudience;
    30. 

  30. import org.apache.hadoop.classification.InterfaceStability;
    31. 

  31. 

  32. import org.apache.commons.logging.Log;
    33. 

  33. import org.apache.commons.logging.LogFactory;
    34. 

  34. import org.apache.hadoop.util.Shell;
    35. 

  35. import org.apache.hadoop.util.Shell.ExitCodeException;
    36. 

  36. 

  37. import org.apache.hadoop.security.NetgroupCache;
    38. 

  38. 

  39. /**
    40. 

  40.  * A simple shell-based implementation of {@link GroupMappingServiceProvider} 
    41. 

  41.  * that exec's the <code>groups</code> shell command to fetch the group
    42. 

  42.  * memberships of a given user.
    43. 

  43.  */
    44. 

  44. @InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"})
    45. 

  45. @InterfaceStability.Evolving
    46. 

  46. public class ShellBasedUnixGroupsNetgroupMapping
    47. 

  47.   extends ShellBasedUnixGroupsMapping {
    48. 

  48.   
    49. 

  49.   private static final Log LOG =
    50. 

  50.     LogFactory.getLog(ShellBasedUnixGroupsNetgroupMapping.class);
    51. 

  51. 

  52.   /**
    53. 

  53.    * Get unix groups (parent) and netgroups for given user
    54. 

  54.    *
    55. 

  55.    * @param user get groups and netgroups for this user
    56. 

  56.    * @return groups and netgroups for user
    57. 

  57.    */
    58. 

  58.   @Override
    59. 

  59.   public List<String> getGroups(String user) throws IOException {
    60. 

  60.     // parent get unix groups
    61. 

  61.     List<String> groups = new LinkedList<String>(super.getGroups(user));
    62. 

  62.     NetgroupCache.getNetgroups(user, groups);
    63. 

  63.     return groups;
    64. 

  64.   }
    65. 

  65. 

  66.   /**
    67. 

  67.    * Refresh the netgroup cache
    68. 

  68.    */
    69. 

  69.   @Override
    70. 

  70.   public void cacheGroupsRefresh() throws IOException {
    71. 

  71.     List<String> groups = NetgroupCache.getNetgroupNames();
    72. 

  72.     NetgroupCache.clear();
    73. 

  73.     cacheGroupsAdd(groups);
    74. 

  74.   }
    75. 

  75. 

  76.   /**
    77. 

  77.    * Add a group to cache, only netgroups are cached
    78. 

  78.    *
    79. 

  79.    * @param groups list of group names to add to cache
    80. 

  80.    */
    81. 

  81.   @Override
    82. 

  82.   public void cacheGroupsAdd(List<String> groups) throws IOException {
    83. 

  83.     for(String group: groups) {
    84. 

  84.       if(group.length() == 0) {
    85. 

  85.         // better safe than sorry (should never happen)
    86. 

  86.       } else if(group.charAt(0) == '@') {
    87. 

  87.         if(!NetgroupCache.isCached(group)) {
    88. 

  88.           NetgroupCache.add(group, getUsersForNetgroup(group));
    89. 

  89.         }
    90. 

  90.       } else {
    91. 

  91.         // unix group, not caching
    92. 

  92.       }
    93. 

  93.     }
    94. 

  94.   }
    95. 

  95. 

  96.   /**
    97. 

  97.    * Gets users for a netgroup
    98. 

  98.    *
    99. 

  99.    * @param netgroup return users for this netgroup
    100. 

  100.    * @return list of users for a given netgroup
    101. 

  101.    */
    102. 

  102.   protected List<String> getUsersForNetgroup(String netgroup) 
    103. 

  103.     throws IOException {
    104. 

  104. 

  105.     List<String> users = new LinkedList<String>();
    106. 

  106. 

  107.     // returns a string similar to this:
    108. 

  108.     // group               ( , user, ) ( domain, user1, host.com )
    109. 

  109.     String usersRaw = execShellGetUserForNetgroup(netgroup);
    110. 

  110.     // get rid of spaces, makes splitting much easier
    111. 

  111.     usersRaw = usersRaw.replaceAll(" +", "");
    112. 

  112.     // remove netgroup name at the beginning of the string
    113. 

  113.     usersRaw = usersRaw.replaceFirst(
    114. 

  114.       netgroup.replaceFirst("@", "") + "[()]+",
    115. 

  115.       "");
    116. 

  116.     // split string into user infos
    117. 

  117.     String[] userInfos = usersRaw.split("[()]+");
    118. 

  118.     for(String userInfo : userInfos) {
    119. 

  119.       // userInfo: xxx,user,yyy (xxx, yyy can be empty strings)
    120. 

  120.       // get rid of everything before first and after last comma
    121. 

  121.       String user = userInfo.replaceFirst("[^,]*,", "");
    122. 

  122.       user = user.replaceFirst(",.*$", "");
    123. 

  123.       // voila! got username!
    124. 

  124.       users.add(user);
    125. 

  125.     }
    126. 

  126. 

  127.     return users;
    128. 

  128.   }
    129. 

  129. 

  130.   /**
    131. 

  131.    * Calls shell to get users for a netgroup by calling getent
    132. 

  132.    * netgroup, this is a low level function that just returns string
    133. 

  133.    * that 
    134. 

  134.    *
    135. 

  135.    * @param netgroup get users for this netgroup
    136. 

  136.    * @return string of users for a given netgroup in getent netgroups format
    137. 

  137.    */
    138. 

  138.   protected String execShellGetUserForNetgroup(final String netgroup)
    139. 

  139.       throws IOException {
    140. 

  140.     String result = "";
    141. 

  141.     try {
    142. 

  142.       // shell command does not expect '@' at the begining of the group name
    143. 

  143.       result = Shell.execCommand(
    144. 

  144.         Shell.getUsersForNetgroupCommand(netgroup.substring(1)));
    145. 

  145.     } catch (ExitCodeException e) {
    146. 

  146.       // if we didn't get the group - just return empty list;
    147. 

  147.       LOG.warn("error getting users for netgroup " + netgroup, e);
    148. 

  148.     }
    149. 

  149.     return result;
    150. 

  150.   }
    151. 

  151. }
    152. 

  152.