[ 
https://issues.apache.org/jira/browse/HADOOP-15213?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16356697#comment-16356697
 ] 

Dhirendra Khanka commented on HADOOP-15213:
-------------------------------------------

Ok so forget Jni implementation, what about ShellBasedUnixGroupsNetgroupMapping 
 I tested below code on the cluster for ShellBasedUnixGroupsNetgroupMapping
{code:java}
package com.teradata;

import org.apache.hadoop.fs.*;
import org.apache.hadoop.util.GenericOptionsParser;

import java.io.IOException;
import java.util.LinkedList;
import java.util.List;

import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.security.*;
import org.apache.hadoop.util.Shell;
import org.apache.hadoop.util.Shell.ExitCodeException;

public class usernetgroups {
        public static void main(String[] args) throws Exception {

                FileSystem fs = FileSystem.get(new Configuration());
                Configuration conf = new Configuration();
                String[] otherArgs = new GenericOptionsParser(conf, 
args).getRemainingArgs();
                if (otherArgs.length != 0) {
                        try {
                        //      System.out.print("ShellBasedUnixGroupsMapping 
for user : "+ otherArgs[0]+"--> " );
                                ShellBasedUnixGroupsMapping map = new 
ShellBasedUnixGroupsMapping();
                        //      System.out.println(map.getGroups(otherArgs[0]));
                                
                        //      
System.out.print("ShellBasedUnixGroupsNetgroupMapping for user : "+ 
otherArgs[0]+"--> " );
                                ShellBasedUnixGroupsNetgroupMapping map1 = new 
ShellBasedUnixGroupsNetgroupMapping();
                        //      
System.out.println(map1.getGroups(otherArgs[0]).toString());
                    

                                String netgroups  = 
getUsersForNetgroup(otherArgs[1]).toString();
                                System.out.println("netgroup users--> " + 
netgroups);
                                
                        } catch (Exception e) {
                                // TODO: handle exception
                                System.out.println(e.getMessage());
                        }
                }
        }
          protected static List<String> getUsersForNetgroup(String netgroup) 
                            throws IOException {

                            List<String> users = new LinkedList<String>();

                            // returns a string similar to this:
                            // group               ( , user, ) ( domain, user1, 
host.com )
                            String usersRaw = 
execShellGetUserForNetgroup(netgroup);
                            // get rid of spaces, makes splitting much easier
                        //    System.out.println("1 " +usersRaw);
                            usersRaw = usersRaw.replaceAll(" +", "");
                            // remove netgroup name at the beginning of the 
string
                            usersRaw = usersRaw.replaceFirst(
                              netgroup.replaceFirst("@", "") + "[()]+",
                              "");
                          //  System.out.println("2 " +usersRaw);
                            // split string into user infos
                            String[] userInfos = usersRaw.split("[()]+");
                            for(String userInfo : userInfos) {
                              // userInfo: xxx,user,yyy (xxx, yyy can be empty 
strings)
                              // get rid of everything before first and after 
last comma
                              String user = userInfo.replaceFirst("[^,]*,", "");
                              user = user.replaceFirst(",.*$", "");
                              // voila! got username!
                              users.add(user);
                          //    System.out.println("user " + user);
                            }

                            return users;
                          }
          protected static String execShellGetUserForNetgroup(final String 
netgroup)
                      throws IOException {
                    String result = "";
                    try {
                        System.out.println(netgroup);
                        System.out.println(netgroup.substring(1));
                      // shell command does not expect '@' at the begining of 
the group name
                        
                   //  result = 
Shell.execCommand(Shell.getUsersForNetgroupCommand(netgroup.substring(1)));
                      //modified
                     result = 
Shell.execCommand(Shell.getUsersForNetgroupCommand(netgroup));
                   //   System.out.println("modified_result -->"+ result);
                    } catch (ExitCodeException e) {
                      // if we didn't get the group - just return empty list;
                     // LOG.warn("error getting users for netgroup " + 
netgroup, e);
                        e.printStackTrace();
                    }
                    return result;
                  }
}
{code}

And then
hadoop jar jarfile claspath user_name netgroup_name
It works only if i get rid of substring.

> JniBasedUnixGroupsNetgroupMapping.java and 
> ShellBasedUnixGroupsNetgroupMapping.java use netgroup.substring(1) 
> --------------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-15213
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15213
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>         Environment: SUSE Linux Enterprise Server 11 (x86_64)
> VERSION = 11
> PATCHLEVEL = 3
>            Reporter: Dhirendra Khanka
>            Priority: Minor
>
>  
> Part of the code below shown from below 2 classes
>  org.apache.hadoop.security.JniBasedUnixGroupsNetgroupMapping.java
> {code:java}
>  protected synchronized List<String> getUsersForNetgroup(String netgroup) {
>     String[] users = null;
>     try {
>       // JNI code does not expect '@' at the begining of the group name
>       users = getUsersForNetgroupJNI(netgroup.substring(1));
>     } catch (Exception e) {
>       if (LOG.isDebugEnabled()) {
>         LOG.debug("Error getting users for netgroup " + netgroup, e);
>       } else {
>         LOG.info("Error getting users for netgroup " + netgroup + 
>             ": " + e.getMessage());
>       }
>     }
>     if (users != null && users.length != 0) {
>       return Arrays.asList(users);
>     }
>     return new LinkedList<String>();
>   }{code}
> org.apache.hadoop.security.ShellBasedUnixGroupsNetgroupMapping.java
>  
> {code:java}
> protected String execShellGetUserForNetgroup(final String netgroup)
>  throws IOException {
>  String result = "";
>  try
> { // shell command does not expect '@' at the begining of the group name 
> result = Shell.execCommand( 
> Shell.getUsersForNetgroupCommand(netgroup.substring(1))); }
> catch (ExitCodeException e)
> { // if we didn't get the group - just return empty list; LOG.warn("error 
> getting users for netgroup " + netgroup, e); }
> return result;
>  }
> {code}
>  The comments from the code above expect the input to contain '@' , however 
> when executing the shell directly the output has the below form which does 
> not contain any ampersand symbol. 
> {code:java}
> :~> getent netgroup mynetgroup1
> mynetgroup1           ( , a3xsds, ) ( , beekvkl, ) ( , redcuan, ) ( , 
> uedfmst, ){code}
>  
> I have created a test code and removed the substring function and then ran it 
> on the cluster using hadoop jar. The code returned netgroups correctly after 
> the modification. I have limited knowledge on netgroup. The issue was 
> discovered when
> hadoop.security.group.mapping = 
> *org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback* was added 
> to core-site.xml and it failed to apply netgroup access.
>  
>  
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to