Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

svn merge -c 1554815 merging from trunk to branch-2 to fix HADOOP-10173. Remove UGI from DIGEST-MD5 SASL server creation. 

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1554817 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Kihwal Lee 2014-01-02 15:00:17 +00:00
parent b8eb777a43
commit 3fce292af7
2 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hadoop-common-project/hadoop-common/CHANGES.txt
View File

@ -121,6 +121,9 @@ Release 2.4.0 - UNRELEASED
HADOOP-10172. Cache SASL server factories (daryn) HADOOP-10172. Cache SASL server factories (daryn)
HADOOP-10173. Remove UGI from DIGEST-MD5 SASL server creation (daryn via
kihwal)
BUG FIXES BUG FIXES
HADOOP-9964. Fix deadlocks in TestHttpServer by synchronize HADOOP-9964. Fix deadlocks in TestHttpServer by synchronize

11
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcServer.java
View File

@ -131,7 +131,7 @@ public class SaslRpcServer {
public SaslServer create(Connection connection, public SaslServer create(Connection connection,
SecretManager<TokenIdentifier> secretManager SecretManager<TokenIdentifier> secretManager
) throws IOException, InterruptedException { ) throws IOException, InterruptedException {
UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); UserGroupInformation ugi = null;
final CallbackHandler callback; final CallbackHandler callback;
switch (authMethod) { switch (authMethod) {
case TOKEN: { case TOKEN: {
@ -139,6 +139,7 @@ public class SaslRpcServer {
break; break;
} }
case KERBEROS: { case KERBEROS: {
ugi = UserGroupInformation.getCurrentUser();
if (serverId.isEmpty()) { if (serverId.isEmpty()) {
throw new AccessControlException( throw new AccessControlException(
"Kerberos principal name does NOT have the expected " "Kerberos principal name does NOT have the expected "
@ -153,7 +154,9 @@ public class SaslRpcServer {
"Server does not support SASL " + authMethod); "Server does not support SASL " + authMethod);
} }
SaslServer saslServer = ugi.doAs( final SaslServer saslServer;
if (ugi != null) {
saslServer = ugi.doAs(
new PrivilegedExceptionAction<SaslServer>() { new PrivilegedExceptionAction<SaslServer>() {
@Override @Override
public SaslServer run() throws SaslException { public SaslServer run() throws SaslException {
@ -161,6 +164,10 @@ public class SaslRpcServer {
SaslRpcServer.SASL_PROPS, callback); SaslRpcServer.SASL_PROPS, callback);
} }
}); });
} else {
saslServer = saslFactory.createSaslServer(mechanism, protocol, serverId,
SaslRpcServer.SASL_PROPS, callback);
}
if (saslServer == null) { if (saslServer == null) {
throw new AccessControlException( throw new AccessControlException(
"Unable to find SASL server implementation for " + mechanism); "Unable to find SASL server implementation for " + mechanism);