HADOOP-10173. Remove UGI from DIGEST-MD5 SASL server creation. Contributed by Daryn Sharp.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1554815 13f79535-47bb-0310-9956-ffa450edef68
2014-01-02 14:58:04 +00:00 · 2014-01-02 14:58:04 +00:00 · fe458a1e3a
parent 75d882ba00
commit fe458a1e3a
2 changed files with 12 additions and 2 deletions
--- a/hadoop-common-project/hadoop-common/CHANGES.txt
+++ b/hadoop-common-project/hadoop-common/CHANGES.txt
@ -416,6 +416,9 @@ Release 2.4.0 - UNRELEASED

    HADOOP-10172. Cache SASL server factories (daryn)

+    HADOOP-10173. Remove UGI from DIGEST-MD5 SASL server creation (daryn via
+    kihwal)
+
  BUG FIXES

    HADOOP-9964. Fix deadlocks in TestHttpServer by synchronize
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcServer.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcServer.java
@ -131,7 +131,7 @@ public SaslRpcServer(AuthMethod authMethod) throws IOException {
  public SaslServer create(Connection connection,
                           SecretManager<TokenIdentifier> secretManager
      ) throws IOException, InterruptedException {
-    UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
+    UserGroupInformation ugi = null;
    final CallbackHandler callback;
    switch (authMethod) {
      case TOKEN: {
@ -139,6 +139,7 @@ public SaslServer create(Connection connection,
        break;
      }
      case KERBEROS: {
+        ugi = UserGroupInformation.getCurrentUser();
        if (serverId.isEmpty()) {
          throw new AccessControlException(
              "Kerberos principal name does NOT have the expected "
@ -153,7 +154,9 @@ public SaslServer create(Connection connection,
            "Server does not support SASL " + authMethod);
    }
    
-    SaslServer saslServer = ugi.doAs(
+    final SaslServer saslServer;
+    if (ugi != null) {
+      saslServer = ugi.doAs(
        new PrivilegedExceptionAction<SaslServer>() {
          @Override
          public SaslServer run() throws SaslException  {
@ -161,6 +164,10 @@ public SaslServer run() throws SaslException  {
                SaslRpcServer.SASL_PROPS, callback);
          }
        });
+    } else {
+      saslServer = saslFactory.createSaslServer(mechanism, protocol, serverId,
+          SaslRpcServer.SASL_PROPS, callback);
+    }
    if (saslServer == null) {
      throw new AccessControlException(
          "Unable to find SASL server implementation for " + mechanism);