Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HADOOP-9014. Standardize creation of SaslRpcClients (daryn via bobby) 

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1406689 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Robert Joseph Evans 2012-11-07 16:05:03 +00:00
parent cb293a62a5
commit 3c02237459
2 changed files with 41 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hadoop-common-project/hadoop-common/CHANGES.txt
View File

@ -345,6 +345,8 @@ Release 2.0.3-alpha - Unreleased
HADOOP-9013. UGI should not hardcode loginUser's authenticationType (daryn HADOOP-9013. UGI should not hardcode loginUser's authenticationType (daryn
via bobby) via bobby)
HADOOP-9014. Standardize creation of SaslRpcClients (daryn via bobby)
OPTIMIZATIONS OPTIMIZATIONS
HADOOP-8866. SampleQuantiles#query is O(N^2) instead of O(N). (Andrew Wang HADOOP-8866. SampleQuantiles#query is O(N^2) instead of O(N). (Andrew Wang

48
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java
View File

@ -25,6 +25,7 @@ import java.io.DataOutputStream;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.io.OutputStream; import java.io.OutputStream;
import java.util.Map;
import javax.security.auth.callback.Callback; import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.CallbackHandler;
@ -45,6 +46,7 @@ import org.apache.hadoop.io.WritableUtils;
import org.apache.hadoop.ipc.RemoteException; import org.apache.hadoop.ipc.RemoteException;
import org.apache.hadoop.security.SaslRpcServer.AuthMethod; import org.apache.hadoop.security.SaslRpcServer.AuthMethod;
import org.apache.hadoop.security.SaslRpcServer.SaslStatus; import org.apache.hadoop.security.SaslRpcServer.SaslStatus;
import org.apache.hadoop.security.authentication.util.KerberosName;
import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier; import org.apache.hadoop.security.token.TokenIdentifier;
@ -69,41 +71,49 @@ public class SaslRpcClient {
public SaslRpcClient(AuthMethod method, public SaslRpcClient(AuthMethod method,
Token<? extends TokenIdentifier> token, String serverPrincipal) Token<? extends TokenIdentifier> token, String serverPrincipal)
throws IOException { throws IOException {
String saslUser = null;
String saslProtocol = null;
String saslServerName = null;
Map<String, String> saslProperties = SaslRpcServer.SASL_PROPS;
CallbackHandler saslCallback = null;
switch (method) { switch (method) {
case DIGEST: case DIGEST: {
if (LOG.isDebugEnabled()) saslServerName = SaslRpcServer.SASL_DEFAULT_REALM;
LOG.debug("Creating SASL " + AuthMethod.DIGEST.getMechanismName() saslCallback = new SaslClientCallbackHandler(token);
+ " client to authenticate to service at " + token.getService());
saslClient = Sasl.createSaslClient(new String[] { AuthMethod.DIGEST
.getMechanismName() }, null, null, SaslRpcServer.SASL_DEFAULT_REALM,
SaslRpcServer.SASL_PROPS, new SaslClientCallbackHandler(token));
break; break;
case KERBEROS:
if (LOG.isDebugEnabled()) {
LOG.debug("Creating SASL " + AuthMethod.KERBEROS.getMechanismName()
+ " client. Server's Kerberos principal name is "
+ serverPrincipal);
} }
if (serverPrincipal == null || serverPrincipal.length() == 0) { case KERBEROS: {
if (serverPrincipal == null || serverPrincipal.isEmpty()) {
throw new IOException( throw new IOException(
"Failed to specify server's Kerberos principal name"); "Failed to specify server's Kerberos principal name");
} }
String names[] = SaslRpcServer.splitKerberosName(serverPrincipal); KerberosName name = new KerberosName(serverPrincipal);
if (names.length != 3) { saslProtocol = name.getServiceName();
saslServerName = name.getHostName();
if (saslServerName == null) {
throw new IOException( throw new IOException(
"Kerberos principal name does NOT have the expected hostname part: " "Kerberos principal name does NOT have the expected hostname part: "
+ serverPrincipal); + serverPrincipal);
} }
saslClient = Sasl.createSaslClient(new String[] { AuthMethod.KERBEROS
.getMechanismName() }, null, names[0], names[1],
SaslRpcServer.SASL_PROPS, null);
break; break;
}
default: default:
throw new IOException("Unknown authentication method " + method); throw new IOException("Unknown authentication method " + method);
} }
if (saslClient == null)
String mechanism = method.getMechanismName();
if (LOG.isDebugEnabled()) {
LOG.debug("Creating SASL " + mechanism
+ " client to authenticate to service at " + saslServerName);
}
saslClient = Sasl.createSaslClient(
new String[] { mechanism }, saslUser, saslProtocol, saslServerName,
saslProperties, saslCallback);
if (saslClient == null) {
throw new IOException("Unable to find SASL client implementation"); throw new IOException("Unable to find SASL client implementation");
} }
}
private static void readStatus(DataInputStream inStream) throws IOException { private static void readStatus(DataInputStream inStream) throws IOException {
int status = inStream.readInt(); // read status int status = inStream.readInt(); // read status