in emr-user-role-mapper-application/src/main/java/com/amazon/aws/emr/common/system/user/LinuxUserIdService.java [127:167]
private OptionalInt getUID(String line, String remoteAddr,
int reqLocalPort, int reqRemotePort,
boolean isNativeIMDSApi) {
Matcher matcher = pattern.matcher(line);
if (!matcher.matches()) {
return OptionalInt.empty();
}
int groupCount = matcher.groupCount();
if (groupCount <= 5) {
return OptionalInt.empty();
}
long procLocalPort = Long.parseLong(matcher.group(2), 16);
String procRemoteAddress = matcher.group(3);
long procRemotePort = Long.parseLong(matcher.group(4), 16);
long state = Long.parseLong(matcher.group(5), 16);
int uid = Integer.parseInt(matcher.group(6));
if (isNativeIMDSApi) {
if ((procRemoteAddress.equals(Constants.Network.IPV4_IMDS_ADDR_IN_HEX_REVERSED_BYTE_ORDER) ||
procRemoteAddress.equals(Constants.Network.IPV6_IMDS_ADDR_IN_HEX_REVERSED_BYTE_ORDER))
&& procLocalPort == reqRemotePort
&& procRemotePort == 80
&& state == TCP_ESTABLISHED
) {
return OptionalInt.of(uid);
}
} else {
// Socket established directly from caller process to the server for below use cases:
// 1/ impersonation request from EMR-FS
if ((procLocalPort == reqRemotePort && procRemotePort == Constants.JETTY_PORT)
&& (procRemoteAddress.equals(Constants.Network.IPV4_LOCALHOST_ADDR_IN_HEX_REVERSED_BYTE_ORDER)
|| procRemoteAddress.equals(Constants.Network.IPV6_LOCALHOST_ADDR_IN_HEX_REVERSED_BYTE_ORDER)
|| procRemoteAddress.equals(Constants.Network.IPV4_MAPPED_IPV6_LOCALHOST_ADDR_IN_HEX_REVERSED_BYTE_ORDER))) {
return OptionalInt.of(uid);
}
}
return OptionalInt.empty();
}