HADOOP-6853. Common component of HDFS-1045.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@961911 13f79535-47bb-0310-9956-ffa450edef68
2010-07-08 20:02:29 +00:00 · 2010-07-08 20:02:29 +00:00 · 86e833858c
parent 038d399389
commit 86e833858c
2 changed files with 41 additions and 1 deletions
--- a/CHANGES.txt
+++ b/CHANGES.txt
@ -16,6 +16,8 @@ Trunk (unreleased changes)
    HADOOP-6584. Provide Kerberized SSL encryption for webservices.
    (jghoman and Kan Zhang via jghoman)

+    HADOOP-6853. Common component of HDFS-1045. (jghoman)
+
  IMPROVEMENTS

    HADOOP-6644. util.Shell getGROUPS_FOR_USER_COMMAND method name 
--- a/src/java/org/apache/hadoop/security/UserGroupInformation.java
+++ b/src/java/org/apache/hadoop/security/UserGroupInformation.java
@ -50,7 +50,6 @@ import org.apache.commons.logging.LogFactory;
 import org.apache.hadoop.classification.InterfaceAudience;
 import org.apache.hadoop.classification.InterfaceStability;
 import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.security.SaslRpcServer.AuthMethod;
 import org.apache.hadoop.security.token.Token;
 import org.apache.hadoop.security.token.TokenIdentifier;

@ -486,6 +485,45 @@ public class UserGroupInformation {
    } 
  }

+  /**
+   * Log a user in from a keytab file. Loads a user identity from a keytab
+   * file and login them in. This new user does not affect the currently
+   * logged-in user.
+   * @param user the principal name to load from the keytab
+   * @param path the path to the keytab file
+   * @throws IOException if the keytab file can't be read
+   */
+  public synchronized
+  static UserGroupInformation loginUserFromKeytabAndReturnUGI(String user,
+                                  String path
+                                  ) throws IOException {
+    if (!isSecurityEnabled())
+      return UserGroupInformation.getCurrentUser();
+    String oldKeytabFile = null;
+    String oldKeytabPrincipal = null;
+
+    try {
+      oldKeytabFile = keytabFile;
+      oldKeytabPrincipal = keytabPrincipal;
+      keytabFile = path;
+      keytabPrincipal = user;
+      Subject subject = new Subject();
+      LoginContext login = 
+        new LoginContext(HadoopConfiguration.KEYTAB_KERBEROS_CONFIG_NAME, subject); 
+       
+      login.login();
+      UserGroupInformation newLoginUser = new UserGroupInformation(subject);
+      newLoginUser.setLogin(login);
+      
+      return newLoginUser;
+    } catch (LoginException le) {
+      throw new IOException("Login failure for " + user + " from keytab " + 
+                            path, le);
+    } finally {
+      if(oldKeytabFile != null) keytabFile = oldKeytabFile;
+      if(oldKeytabPrincipal != null) keytabPrincipal = oldKeytabPrincipal;
+    }
+  }

  public synchronized static boolean isLoginKeytabBased() {
    return keytabFile != null;