HADOOP-9070. Kerberos SASL server cannot find kerberos key. Contributed by Daryn Sharp.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1417730 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Aaron Myers 2012-12-06 02:56:02 +00:00
parent 46f2591a9e
commit 31e97a7757
2 changed files with 25 additions and 10 deletions

View File

@ -168,6 +168,8 @@ Release 2.0.3-alpha - Unreleased
HADOOP-9103. UTF8 class does not properly decode Unicode characters HADOOP-9103. UTF8 class does not properly decode Unicode characters
outside the basic multilingual plane. (todd) outside the basic multilingual plane. (todd)
HADOOP-9070. Kerberos SASL server cannot find kerberos key. (daryn via atm)
Release 2.0.2-alpha - 2012-09-07 Release 2.0.2-alpha - 2012-09-07
INCOMPATIBLE CHANGES INCOMPATIBLE CHANGES

View File

@ -158,7 +158,8 @@ public abstract class Server {
// in ObjectWritable to efficiently transmit arrays of primitives // in ObjectWritable to efficiently transmit arrays of primitives
// 6 : Made RPC payload header explicit // 6 : Made RPC payload header explicit
// 7 : Changed Ipc Connection Header to use Protocol buffers // 7 : Changed Ipc Connection Header to use Protocol buffers
public static final byte CURRENT_VERSION = 7; // 8 : SASL server always sends a final response
public static final byte CURRENT_VERSION = 8;
/** /**
* Initial and max size of response buffer * Initial and max size of response buffer
@ -1179,8 +1180,8 @@ public abstract class Server {
AUDITLOG.warn(AUTH_FAILED_FOR + clientIP + ":" + attemptingUser); AUDITLOG.warn(AUTH_FAILED_FOR + clientIP + ":" + attemptingUser);
throw e; throw e;
} }
if (replyToken == null && authMethod == AuthMethod.PLAIN) { if (saslServer.isComplete() && replyToken == null) {
// client needs at least response to know if it should use SIMPLE // send final response for success
replyToken = new byte[0]; replyToken = new byte[0];
} }
if (replyToken != null) { if (replyToken != null) {
@ -1351,7 +1352,7 @@ public abstract class Server {
} }
private AuthMethod initializeAuthContext(AuthMethod authMethod) private AuthMethod initializeAuthContext(AuthMethod authMethod)
throws IOException { throws IOException, InterruptedException {
try { try {
if (enabledAuthMethods.contains(authMethod)) { if (enabledAuthMethods.contains(authMethod)) {
saslServer = createSaslServer(authMethod); saslServer = createSaslServer(authMethod);
@ -1384,8 +1385,7 @@ public abstract class Server {
} }
private SaslServer createSaslServer(AuthMethod authMethod) private SaslServer createSaslServer(AuthMethod authMethod)
throws IOException { throws IOException, InterruptedException {
SaslServer saslServer = null;
String hostname = null; String hostname = null;
String saslProtocol = null; String saslProtocol = null;
CallbackHandler saslCallback = null; CallbackHandler saslCallback = null;
@ -1421,10 +1421,23 @@ public abstract class Server {
"Server does not support SASL " + authMethod); "Server does not support SASL " + authMethod);
} }
String mechanism = authMethod.getMechanismName(); return createSaslServer(authMethod.getMechanismName(), saslProtocol,
saslServer = Sasl.createSaslServer( hostname, saslCallback);
mechanism, saslProtocol, hostname, }
SaslRpcServer.SASL_PROPS, saslCallback);
private SaslServer createSaslServer(final String mechanism,
final String protocol,
final String hostname,
final CallbackHandler callback
) throws IOException, InterruptedException {
SaslServer saslServer = UserGroupInformation.getCurrentUser().doAs(
new PrivilegedExceptionAction<SaslServer>() {
@Override
public SaslServer run() throws SaslException {
return Sasl.createSaslServer(mechanism, protocol, hostname,
SaslRpcServer.SASL_PROPS, callback);
}
});
if (saslServer == null) { if (saslServer == null) {
throw new AccessControlException( throw new AccessControlException(
"Unable to find SASL server implementation for " + mechanism); "Unable to find SASL server implementation for " + mechanism);