diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index ee6ee6ddb54..345f09e1789 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -416,6 +416,9 @@ Release 2.4.0 - UNRELEASED HADOOP-10172. Cache SASL server factories (daryn) + HADOOP-10173. Remove UGI from DIGEST-MD5 SASL server creation (daryn via + kihwal) + BUG FIXES HADOOP-9964. Fix deadlocks in TestHttpServer by synchronize diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcServer.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcServer.java index bbabd887a2f..b2db83670b0 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcServer.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcServer.java @@ -131,7 +131,7 @@ public class SaslRpcServer { public SaslServer create(Connection connection, SecretManager secretManager ) throws IOException, InterruptedException { - UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); + UserGroupInformation ugi = null; final CallbackHandler callback; switch (authMethod) { case TOKEN: { @@ -139,6 +139,7 @@ public class SaslRpcServer { break; } case KERBEROS: { + ugi = UserGroupInformation.getCurrentUser(); if (serverId.isEmpty()) { throw new AccessControlException( "Kerberos principal name does NOT have the expected " @@ -153,7 +154,9 @@ public class SaslRpcServer { "Server does not support SASL " + authMethod); } - SaslServer saslServer = ugi.doAs( + final SaslServer saslServer; + if (ugi != null) { + saslServer = ugi.doAs( new PrivilegedExceptionAction() { @Override public SaslServer run() throws SaslException { @@ -161,6 +164,10 @@ public class SaslRpcServer { SaslRpcServer.SASL_PROPS, callback); } }); + } else { + saslServer = saslFactory.createSaslServer(mechanism, protocol, serverId, + SaslRpcServer.SASL_PROPS, callback); + } if (saslServer == null) { throw new AccessControlException( "Unable to find SASL server implementation for " + mechanism);