HADOOP-9070. Kerberos SASL server cannot find kerberos key. Contributed by Daryn Sharp.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1417730 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
46f2591a9e
commit
31e97a7757
|
@ -168,6 +168,8 @@ Release 2.0.3-alpha - Unreleased
|
||||||
HADOOP-9103. UTF8 class does not properly decode Unicode characters
|
HADOOP-9103. UTF8 class does not properly decode Unicode characters
|
||||||
outside the basic multilingual plane. (todd)
|
outside the basic multilingual plane. (todd)
|
||||||
|
|
||||||
|
HADOOP-9070. Kerberos SASL server cannot find kerberos key. (daryn via atm)
|
||||||
|
|
||||||
Release 2.0.2-alpha - 2012-09-07
|
Release 2.0.2-alpha - 2012-09-07
|
||||||
|
|
||||||
INCOMPATIBLE CHANGES
|
INCOMPATIBLE CHANGES
|
||||||
|
|
|
@ -158,7 +158,8 @@ public abstract class Server {
|
||||||
// in ObjectWritable to efficiently transmit arrays of primitives
|
// in ObjectWritable to efficiently transmit arrays of primitives
|
||||||
// 6 : Made RPC payload header explicit
|
// 6 : Made RPC payload header explicit
|
||||||
// 7 : Changed Ipc Connection Header to use Protocol buffers
|
// 7 : Changed Ipc Connection Header to use Protocol buffers
|
||||||
public static final byte CURRENT_VERSION = 7;
|
// 8 : SASL server always sends a final response
|
||||||
|
public static final byte CURRENT_VERSION = 8;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Initial and max size of response buffer
|
* Initial and max size of response buffer
|
||||||
|
@ -1179,8 +1180,8 @@ public abstract class Server {
|
||||||
AUDITLOG.warn(AUTH_FAILED_FOR + clientIP + ":" + attemptingUser);
|
AUDITLOG.warn(AUTH_FAILED_FOR + clientIP + ":" + attemptingUser);
|
||||||
throw e;
|
throw e;
|
||||||
}
|
}
|
||||||
if (replyToken == null && authMethod == AuthMethod.PLAIN) {
|
if (saslServer.isComplete() && replyToken == null) {
|
||||||
// client needs at least response to know if it should use SIMPLE
|
// send final response for success
|
||||||
replyToken = new byte[0];
|
replyToken = new byte[0];
|
||||||
}
|
}
|
||||||
if (replyToken != null) {
|
if (replyToken != null) {
|
||||||
|
@ -1351,7 +1352,7 @@ public abstract class Server {
|
||||||
}
|
}
|
||||||
|
|
||||||
private AuthMethod initializeAuthContext(AuthMethod authMethod)
|
private AuthMethod initializeAuthContext(AuthMethod authMethod)
|
||||||
throws IOException {
|
throws IOException, InterruptedException {
|
||||||
try {
|
try {
|
||||||
if (enabledAuthMethods.contains(authMethod)) {
|
if (enabledAuthMethods.contains(authMethod)) {
|
||||||
saslServer = createSaslServer(authMethod);
|
saslServer = createSaslServer(authMethod);
|
||||||
|
@ -1384,8 +1385,7 @@ public abstract class Server {
|
||||||
}
|
}
|
||||||
|
|
||||||
private SaslServer createSaslServer(AuthMethod authMethod)
|
private SaslServer createSaslServer(AuthMethod authMethod)
|
||||||
throws IOException {
|
throws IOException, InterruptedException {
|
||||||
SaslServer saslServer = null;
|
|
||||||
String hostname = null;
|
String hostname = null;
|
||||||
String saslProtocol = null;
|
String saslProtocol = null;
|
||||||
CallbackHandler saslCallback = null;
|
CallbackHandler saslCallback = null;
|
||||||
|
@ -1421,10 +1421,23 @@ public abstract class Server {
|
||||||
"Server does not support SASL " + authMethod);
|
"Server does not support SASL " + authMethod);
|
||||||
}
|
}
|
||||||
|
|
||||||
String mechanism = authMethod.getMechanismName();
|
return createSaslServer(authMethod.getMechanismName(), saslProtocol,
|
||||||
saslServer = Sasl.createSaslServer(
|
hostname, saslCallback);
|
||||||
mechanism, saslProtocol, hostname,
|
}
|
||||||
SaslRpcServer.SASL_PROPS, saslCallback);
|
|
||||||
|
private SaslServer createSaslServer(final String mechanism,
|
||||||
|
final String protocol,
|
||||||
|
final String hostname,
|
||||||
|
final CallbackHandler callback
|
||||||
|
) throws IOException, InterruptedException {
|
||||||
|
SaslServer saslServer = UserGroupInformation.getCurrentUser().doAs(
|
||||||
|
new PrivilegedExceptionAction<SaslServer>() {
|
||||||
|
@Override
|
||||||
|
public SaslServer run() throws SaslException {
|
||||||
|
return Sasl.createSaslServer(mechanism, protocol, hostname,
|
||||||
|
SaslRpcServer.SASL_PROPS, callback);
|
||||||
|
}
|
||||||
|
});
|
||||||
if (saslServer == null) {
|
if (saslServer == null) {
|
||||||
throw new AccessControlException(
|
throw new AccessControlException(
|
||||||
"Unable to find SASL server implementation for " + mechanism);
|
"Unable to find SASL server implementation for " + mechanism);
|
||||||
|
|
Loading…
Reference in New Issue