HDFS-14668 Support Fuse with Users from multiple Security Realms (#1739)

This commit is contained in:
Istvan Fajth 2020-02-27 16:48:15 +01:00 committed by GitHub
parent 2059f255d3
commit 57aa048516
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 1 deletions

View File

@ -476,7 +476,6 @@ static int fuseNewConnect(const char *usrname, struct fuse_context *ctx,
if (gPort) {
hdfsBuilderSetNameNodePort(bld, gPort);
}
hdfsBuilderSetUserName(bld, usrname);
if (gHdfsAuthConf == AUTH_CONF_KERBEROS) {
findKerbTicketCachePath(ctx, kpath, sizeof(kpath));
if (stat(kpath, &st) < 0) {
@ -495,6 +494,17 @@ static int fuseNewConnect(const char *usrname, struct fuse_context *ctx,
ret = -ENOMEM;
goto error;
}
} else {
// earlier the username was set to the builder always, but due to
// HADOOP-9747 if we specify the username in case of kerberos authentication
// the username will be used as the principal name, and that will conflict
// with ticket cache based authentication as we have the OS user name here
// not the real kerberos principal name. So with SIMPLE auth we pass on the
// OS username still, and the UGI will use that as the username, but with
// kerberos authentication we do not pass in the OS username and let the
// authentication happen with the principal who's ticket is in the ticket
// cache. (HDFS-15034 is still a possible improvement for SIMPLE AUTH.)
hdfsBuilderSetUserName(bld, usrname);
}
conn->usrname = strdup(usrname);
if (!conn->usrname) {