Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HADOOP-10173. Remove UGI from DIGEST-MD5 SASL server creation. Contributed by Daryn Sharp. 

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1554815 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Kihwal Lee 2014-01-02 14:58:04 +00:00
parent 75d882ba00
commit fe458a1e3a
2 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hadoop-common-project/hadoop-common/CHANGES.txt
View File

@ -416,6 +416,9 @@ Release 2.4.0 - UNRELEASED
HADOOP-10172. Cache SASL server factories (daryn) HADOOP-10172. Cache SASL server factories (daryn)
HADOOP-10173. Remove UGI from DIGEST-MD5 SASL server creation (daryn via
kihwal)
BUG FIXES BUG FIXES
HADOOP-9964. Fix deadlocks in TestHttpServer by synchronize HADOOP-9964. Fix deadlocks in TestHttpServer by synchronize

11
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcServer.java
View File

@ -131,7 +131,7 @@ public class SaslRpcServer {
public SaslServer create(Connection connection, public SaslServer create(Connection connection,
SecretManager<TokenIdentifier> secretManager SecretManager<TokenIdentifier> secretManager
) throws IOException, InterruptedException { ) throws IOException, InterruptedException {
UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); UserGroupInformation ugi = null;
final CallbackHandler callback; final CallbackHandler callback;
switch (authMethod) { switch (authMethod) {
case TOKEN: { case TOKEN: {
@ -139,6 +139,7 @@ public class SaslRpcServer {
break; break;
} }
case KERBEROS: { case KERBEROS: {
ugi = UserGroupInformation.getCurrentUser();
if (serverId.isEmpty()) { if (serverId.isEmpty()) {
throw new AccessControlException( throw new AccessControlException(
"Kerberos principal name does NOT have the expected " "Kerberos principal name does NOT have the expected "
@ -153,7 +154,9 @@ public class SaslRpcServer {
"Server does not support SASL " + authMethod); "Server does not support SASL " + authMethod);
} }
SaslServer saslServer = ugi.doAs( final SaslServer saslServer;
if (ugi != null) {
saslServer = ugi.doAs(
new PrivilegedExceptionAction<SaslServer>() { new PrivilegedExceptionAction<SaslServer>() {
@Override @Override
public SaslServer run() throws SaslException { public SaslServer run() throws SaslException {
@ -161,6 +164,10 @@ public class SaslRpcServer {
SaslRpcServer.SASL_PROPS, callback); SaslRpcServer.SASL_PROPS, callback);
} }
}); });
} else {
saslServer = saslFactory.createSaslServer(mechanism, protocol, serverId,
SaslRpcServer.SASL_PROPS, callback);
}
if (saslServer == null) { if (saslServer == null) {
throw new AccessControlException( throw new AccessControlException(
"Unable to find SASL server implementation for " + mechanism); "Unable to find SASL server implementation for " + mechanism);