[hadoop] branch branch-2.10 updated: HADOOP-17164 UGI loginUserFromKeytab doesn't set the last login time (#2194)

Wed, 05 Aug 2020 09:04:22 -0700 

This is an automated email from the ASF dual-hosted git repository.

liuml07 pushed a commit to branch branch-2.10
in repository https://gitbox.apache.org/repos/asf/hadoop.git


The following commit(s) were added to refs/heads/branch-2.10 by this push:
     new 4eb1f81  HADOOP-17164 UGI loginUserFromKeytab doesn't set the last 
login time (#2194)
4eb1f81 is described below

commit 4eb1f818763c619112e0422cf6968ffcd53d22ee
Author: sguggilam <sandeepbit...@gmail.com>
AuthorDate: Wed Aug 5 09:04:01 2020 -0700

    HADOOP-17164 UGI loginUserFromKeytab doesn't set the last login time (#2194)
    
    Contributed by Sandeep Guggilam.
    
    Signed-off-by: Mingliang Liu <lium...@apache.org>
    Signed-off-by: Steve Loughran <ste...@apache.org>
---
 .../hadoop/security/UserGroupInformation.java      | 10 ++++++++
 .../hadoop/security/TestUGILoginFromKeytab.java    | 29 +++++++++++++++++++++-
 2 files changed, 38 insertions(+), 1 deletion(-)

diff --git 
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
 
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
index b2cd395..07cd314 100644
--- 
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
+++ 
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
@@ -644,6 +644,15 @@ public class UserGroupInformation {
   }
 
   /**
+   * Set the last login time for logged in user
+   *
+   * @param loginTime the number of milliseconds since the beginning of time
+   */
+  private void setLastLogin(long loginTime) {
+    user.setLastLogin(loginTime);
+  }
+
+  /**
    * Create a UserGroupInformation for the given subject.
    * This does not change the subject or acquire new credentials.
    * @param subject the user's subject
@@ -1096,6 +1105,7 @@ public class UserGroupInformation {
       metrics.loginSuccess.add(Time.now() - start);
       loginUser = new UserGroupInformation(subject);
       loginUser.setLogin(login);
+      loginUser.setLastLogin(start);
       loginUser.setAuthenticationMethod(AuthenticationMethod.KERBEROS);
     } catch (LoginException le) {
       if (start > 0) {
diff --git 
a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUGILoginFromKeytab.java
 
b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUGILoginFromKeytab.java
index 61fbf89..66c2af4 100644
--- 
a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUGILoginFromKeytab.java
+++ 
b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUGILoginFromKeytab.java
@@ -21,6 +21,7 @@ package org.apache.hadoop.security;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.fs.CommonConfigurationKeys;
 import org.apache.hadoop.minikdc.MiniKdc;
+import org.apache.hadoop.util.Time;
 import org.junit.After;
 import org.junit.Assert;
 import org.junit.Before;
@@ -64,11 +65,35 @@ public class TestUGILoginFromKeytab {
   }
 
   /**
+   * Login from keytab using the MiniKDC.
+   */
+  @Test
+  public void testUGILoginFromKeytab() throws Exception {
+    long beforeLogin = Time.now();
+    String principal = "foo";
+    File keytab = new File(workDir, "foo.keytab");
+    kdc.createPrincipal(keytab, principal);
+
+    UserGroupInformation.loginUserFromKeytab(principal, keytab.getPath());
+    UserGroupInformation ugi = UserGroupInformation.getLoginUser();
+    Assert.assertTrue("UGI should be configured to login from keytab",
+        ugi.isFromKeytab());
+
+    User user = ugi.getSubject().getPrincipals(User.class).iterator().next();
+    Assert.assertNotNull(user.getLogin());
+
+    Assert.assertTrue(
+        "User login time is less than before login time, " + "beforeLoginTime:"
+            + beforeLogin + " userLoginTime:" + user.getLastLogin(),
+        user.getLastLogin() > beforeLogin);
+  }
+
+  /**
    * Login from keytab using the MiniKDC and verify the UGI can successfully
    * relogin from keytab as well. This will catch regressions like 
HADOOP-10786.
    */
   @Test
-  public void testUGILoginFromKeytab() throws Exception {
+  public void testUGIReloginFromKeytab() throws Exception {
     UserGroupInformation.setShouldRenewImmediatelyForTests(true);
     String principal = "foo";
     File keytab = new File(workDir, "foo.keytab");
@@ -82,6 +107,8 @@ public class TestUGILoginFromKeytab {
     // Verify relogin from keytab.
     User user = ugi.getSubject().getPrincipals(User.class).iterator().next();
     final long firstLogin = user.getLastLogin();
+    // Sleep for 2 secs to have a difference between first and second login
+    Thread.sleep(2000);
     ugi.reloginFromKeytab();
     final long secondLogin = user.getLastLogin();
     Assert.assertTrue("User should have been able to relogin from keytab",


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-commits-h...@hadoop.apache.org

Reply via email to