/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.hadoop.security;
import java.io.DataInput;
import java.io.DataOutput;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.StringTokenizer;
import java.util.TreeSet;
import javax.security.auth.login.LoginException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.util.Shell;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.io.WritableUtils;
/** An implementation of UserGroupInformation in the Unix system */
public class UnixUserGroupInformation extends UserGroupInformation {
public static final String DEFAULT_USERNAME = "DrWho";
public static final String DEFAULT_GROUP = "Tardis";
final static public String UGI_PROPERTY_NAME = "hadoop.job.ugi";
final static private HashMap<String, UnixUserGroupInformation> user2UGIMap =
new HashMap<String, UnixUserGroupInformation>();
/** Create an immutable {@link UnixUserGroupInformation} object. */
public static UnixUserGroupInformation createImmutable(String[] ugi) {
return new UnixUserGroupInformation(ugi) {
public void readFields(DataInput in) throws IOException {
throw new UnsupportedOperationException();
}
};
}
private String userName;
private String[] groupNames;
/** Default constructor
*/
public UnixUserGroupInformation() {
}
/** Constructor with parameters user name and its group names.
* The first entry in the groups list is the default group.
*
* @param userName a user's name
* @param groupNames groups list, first of which is the default group
* @exception IllegalArgumentException if any argument is null
*/
public UnixUserGroupInformation(String userName, String[] groupNames) {
setUserGroupNames(userName, groupNames);
}
/** Constructor with parameter user/group names
*
* @param ugi an array containing user/group names, the first
* element of which is the user name, the second of
* which is the default group name.
* @exception IllegalArgumentException if the array size is less than 2
* or any element is null.
*/
public UnixUserGroupInformation(String[] ugi) {
if (ugi==null || ugi.length < 2) {
throw new IllegalArgumentException( "Parameter does contain at least "+
"one user name and one group name");
}
String[] groupNames = new String[ugi.length-1];
System.arraycopy(ugi, 1, groupNames, 0, groupNames.length);
setUserGroupNames(ugi[0], groupNames);
}
/* Set this object's user name and group names
*
* @param userName a user's name
* @param groupNames groups list, the first of which is the default group
* @exception IllegalArgumentException if any argument is null
*/
private void setUserGroupNames(String userName, String[] groupNames) {
if (userName==null || userName.length()==0 ||
groupNames== null || groupNames.length==0) {
throw new IllegalArgumentException(
"Parameters should not be null or an empty string/array");
}
for (int i=0; i<groupNames.length; i++) {
if(groupNames[i] == null || groupNames[i].length() == 0) {
throw new IllegalArgumentException("A null group name at index " + i);
}
}
this.userName = userName;
this.groupNames = groupNames;
}
/** Return an array of group names
*/
public String[] getGroupNames() {
return groupNames;
}
/** Return the user's name
*/
public String getUserName() {
return userName;
}
/* The following two methods implements Writable interface */
final private static String UGI_TECHNOLOGY = "STRING_UGI";
/** Deserialize this object
* First check if this is a UGI in the string format.
* If no, throw an IOException; otherwise
* set this object's fields by reading them from the given data input
*
* @param in input stream
* @exception IOException is thrown if encounter any error when reading
*/
public void readFields(DataInput in) throws IOException {
// read UGI type first
String ugiType = Text.readString(in);
if (!UGI_TECHNOLOGY.equals(ugiType)) {
throw new IOException("Expect UGI prefix: " + UGI_TECHNOLOGY +
", but receive a prefix: " + ugiType);
}
// read this object
userName = Text.readString(in);
int numOfGroups = WritableUtils.readVInt(in);
groupNames = new String[numOfGroups];
for (int i = 0; i < numOfGroups; i++) {
groupNames[i] = Text.readString(in);
}
}
/** Serialize this object
* First write a string marking that this is a UGI in the string format,
* then write this object's serialized form to the given data output
*
* @param out output stream
* @exception IOException if encounter any error during writing
*/
public void write(DataOutput out) throws IOException {
// write a prefix indicating the type of UGI being written
Text.writeString(out, UGI_TECHNOLOGY);
// write this object
Text.writeString(out, userName);
WritableUtils.writeVInt(out, groupNames.length);
for (String groupName : groupNames) {
Text.writeString(out, groupName);
}
}
/* The following two methods deal with transferring UGI through conf.
* In this pass of implementation we store UGI as a string in conf.
* Later we may change it to be a more general approach that stores
* it as a byte array */
/** Store the given <code>ugi</code> as a comma separated string in
* <code>conf</code> as a property <code>attr</code>
*
* The String starts with the user name followed by the default group names,
* and other group names.
*
* @param conf configuration
* @param attr property name
* @param ugi a UnixUserGroupInformation
*/
public static void saveToConf(Configuration conf, String attr,
UnixUserGroupInformation ugi ) {
conf.set(attr, ugi.toString());
}
/** Read a UGI from the given <code>conf</code>
*
* The object is expected to store with the property name <code>attr</code>
* as a comma separated string that starts
* with the user name followed by group names.
* If the property name is not defined, return null.
* It's assumed that there is only one UGI per user. If this user already
* has a UGI in the ugi map, return the ugi in the map.
* Otherwise, construct a UGI from the configuration, store it in the
* ugi map and return it.
*
* @param conf configuration
* @param attr property name
* @return a UnixUGI
* @throws LoginException if the stored string is ill-formatted.
*/
public static UnixUserGroupInformation readFromConf(
Configuration conf, String attr) throws LoginException {
String[] ugi = conf.getStrings(attr);
if(ugi == null) {
return null;
}
UnixUserGroupInformation currentUGI = null;
if (ugi.length>0 ){
currentUGI = user2UGIMap.get(ugi[0]);
}
if (currentUGI == null) {
try {
currentUGI = new UnixUserGroupInformation(ugi);
user2UGIMap.put(currentUGI.getUserName(), currentUGI);
} catch (IllegalArgumentException e) {
throw new LoginException("Login failed: "+e.getMessage());
}
}
return currentUGI;
}
/**
* Get current user's name and the names of all its groups from Unix.
* It's assumed that there is only one UGI per user. If this user already
* has a UGI in the ugi map, return the ugi in the map.
* Otherwise get the current user's information from Unix, store it
* in the map, and return it.
*
* If the current user's UNIX username or groups are configured in such a way
* to throw an Exception, for example if the user uses LDAP, then this method
* will use a the {@link #DEFAULT_USERNAME} and {@link #DEFAULT_GROUP}
* constants.
*/
public static UnixUserGroupInformation login() throws LoginException {
try {
String userName;
// if an exception occurs, then uses the
// default user
try {
userName = getUnixUserName();
} catch (Exception e) {
userName = DEFAULT_USERNAME;
}
// check if this user already has a UGI object in the ugi map
UnixUserGroupInformation ugi = user2UGIMap.get(userName);
if (ugi != null) {
return ugi;
}
/* get groups list from UNIX.
* It's assumed that the first group is the default group.
*/
String[] groupNames;
// if an exception occurs, then uses the
// default group
try {
groupNames = getUnixGroups();
} catch (Exception e) {
groupNames = new String[1];
groupNames[0] = DEFAULT_GROUP;
}
// construct a Unix UGI
ugi = new UnixUserGroupInformation(userName, groupNames);
user2UGIMap.put(ugi.getUserName(), ugi);
return ugi;
} catch (Exception e) {
throw new LoginException("Login failed: "+e.getMessage());
}
}
/** Equivalent to login(conf, false). */
public static UnixUserGroupInformation login(Configuration conf)
throws LoginException {
return login(conf, false);
}
/** Get a user's name & its group names from the given configuration;
* If it is not defined in the configuration, get the current user's
* information from Unix.
* If the user has a UGI in the ugi map, return the one in
* the UGI map.
*
* @param conf either a job configuration or client's configuration
* @param save saving it to conf?
* @return UnixUserGroupInformation a user/group information
* @exception LoginException if not able to get the user/group information
*/
public static UnixUserGroupInformation login(Configuration conf, boolean save
) throws LoginException {
UnixUserGroupInformation ugi = readFromConf(conf, UGI_PROPERTY_NAME);
if (ugi == null) {
ugi = login();
LOG.debug("Unix Login: " + ugi);
if (save) {
saveToConf(conf, UGI_PROPERTY_NAME, ugi);
}
}
return ugi;
}
/* Return a string representation of a string array.
* Two strings are separated by a blank.
*/
private static String toString(String[] strArray) {
if (strArray==null || strArray.length==0) {
return "";
}
StringBuilder buf = new StringBuilder(strArray[0]);
for (int i=1; i<strArray.length; i++) {
buf.append(' ');
buf.append(strArray[i]);
}
return buf.toString();
}
/** Get current user's name from Unix by running the command whoami.
*
* @return current user's name
* @throws IOException if encounter any error while running the command
*/
static String getUnixUserName() throws IOException {
String[] result = executeShellCommand(
new String[]{Shell.USER_NAME_COMMAND});
if (result.length!=1) {
throw new IOException("Expect one token as the result of " +
Shell.USER_NAME_COMMAND + ": " + toString(result));
}
return result[0];
}
/** Get the current user's group list from Unix by running the command groups
*
* @return the groups list that the current user belongs to
* @throws IOException if encounter any error when running the command
*/
private static String[] getUnixGroups() throws IOException {
return executeShellCommand(Shell.getGROUPS_COMMAND());
}
/* Execute a command and return the result as an array of Strings */
private static String[] executeShellCommand(String[] command)
throws IOException {
String groups = Shell.execCommand(command);
StringTokenizer tokenizer = new StringTokenizer(groups);
int numOfTokens = tokenizer.countTokens();
String[] tokens = new String[numOfTokens];
for (int i=0; tokenizer.hasMoreTokens(); i++) {
tokens[i] = tokenizer.nextToken();
}
return tokens;
}
/** Decide if two UGIs are the same
*
* @param other other object
* @return true if they are the same; false otherwise.
*/
public boolean equals(Object other) {
if (this == other) {
return true;
}
if (!(other instanceof UnixUserGroupInformation)) {
return false;
}
UnixUserGroupInformation otherUGI = (UnixUserGroupInformation)other;
// check userName
if (userName == null) {
if (otherUGI.getUserName() != null) {
return false;
}
} else {
if (!userName.equals(otherUGI.getUserName())) {
return false;
}
}
// checkGroupNames
if (groupNames == otherUGI.groupNames) {
return true;
}
if (groupNames.length != otherUGI.groupNames.length) {
return false;
}
// check default group name
if (groupNames.length>0 && !groupNames[0].equals(otherUGI.groupNames[0])) {
return false;
}
// check all group names, ignoring the order
return new TreeSet<String>(Arrays.asList(groupNames)).equals(
new TreeSet<String>(Arrays.asList(otherUGI.groupNames)));
}
/** Returns a hash code for this UGI.
* The hash code for a UGI is the hash code of its user name string.
*
* @return a hash code value for this UGI.
*/
public int hashCode() {
return getUserName().hashCode();
}
/** Convert this object to a string
*
* @return a comma separated string containing the user name and group names
*/
public String toString() {
StringBuilder buf = new StringBuilder();
buf.append(userName);
for (String groupName : groupNames) {
buf.append(',');
buf.append(groupName);
}
return buf.toString();
}
@Override
public String getName() {
return toString();
}
}