Author: suresh
Date: Thu Nov 8 20:20:50 2012
New Revision: 1407256
URL: http://svn.apache.org/viewvc?rev=1407256&view=rev
Log:
HADOOP-8878. Merge r1396925 from branch-1 for release 1.1.1
Added:
hadoop/common/branches/branch-1.1/src/test/org/apache/hadoop/security/TestKerberosUtil.java
- copied unchanged from r1396925,
hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/TestKerberosUtil.java
Modified:
hadoop/common/branches/branch-1.1/CHANGES.txt
hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/SecurityUtil.java
hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/authentication/util/KerberosUtil.java
Modified: hadoop/common/branches/branch-1.1/CHANGES.txt
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.1/CHANGES.txt?rev=1407256&r1=1407255&r2=1407256&view=diff
==============================================================================
--- hadoop/common/branches/branch-1.1/CHANGES.txt (original)
+++ hadoop/common/branches/branch-1.1/CHANGES.txt Thu Nov 8 20:20:50 2012
@@ -12,6 +12,10 @@ Release 1.1.1 - Unreleased
BUG FIXES
+ HADOOP-8878. Uppercase namenode hostname causes hadoop dfs calls with
+ webhdfs filesystem and fsck to fail when security is on.
+ (Arpit Gupta via suresh)
+
HDFS-3791. HDFS-173 Backport - Namenode will not block until a large
directory deletion completes. It allows other operations when the
deletion is in progress. (umamahesh via suresh)
Modified:
hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/SecurityUtil.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/SecurityUtil.java?rev=1407256&r1=1407255&r2=1407256&view=diff
==============================================================================
---
hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/SecurityUtil.java
(original)
+++
hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/SecurityUtil.java
Thu Nov 8 20:20:50 2012
@@ -258,7 +258,14 @@ public class SecurityUtil {
return components[0] + "/" + fqdn.toLowerCase() + "@" + components[2];
}
- static String getLocalHostName() throws UnknownHostException {
+ /**
+ * Get the fqdn for the current host.
+ *
+ * @return fqdn of the current host.
+ * @throws UnknownHostException
+ * if no IP address for the local host could be found.
+ */
+ public static String getLocalHostName() throws UnknownHostException {
return InetAddress.getLocalHost().getCanonicalHostName();
}
Modified:
hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java?rev=1407256&r1=1407255&r2=1407256&view=diff
==============================================================================
---
hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
(original)
+++
hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
Thu Nov 8 20:20:50 2012
@@ -194,7 +194,8 @@ public class KerberosAuthenticator imple
GSSContext gssContext = null;
try {
GSSManager gssManager = GSSManager.getInstance();
- String servicePrincipal = "HTTP/" +
KerberosAuthenticator.this.url.getHost();
+ String servicePrincipal = KerberosUtil.getServicePrincipal("HTTP",
+ KerberosAuthenticator.this.url.getHost());
Oid oid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL");
GSSName serviceName = gssManager.createName(servicePrincipal,
oid);
Modified:
hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/authentication/util/KerberosUtil.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/authentication/util/KerberosUtil.java?rev=1407256&r1=1407255&r2=1407256&view=diff
==============================================================================
---
hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/authentication/util/KerberosUtil.java
(original)
+++
hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/authentication/util/KerberosUtil.java
Thu Nov 8 20:20:50 2012
@@ -20,7 +20,10 @@ package org.apache.hadoop.security.authe
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
+import java.net.UnknownHostException;
+import java.util.Locale;
+import org.apache.hadoop.security.SecurityUtil;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.Oid;
@@ -65,4 +68,26 @@ public class KerberosUtil {
new Class[0]);
return (String)getDefaultRealmMethod.invoke(kerbConf, new Object[0]);
}
+
+ /**
+ * Create Kerberos principal for a given service and hostname. It converts
+ * hostname to lower case. If hostname is null or "0.0.0.0", it uses
+ * dynamically looked-up fqdn of the current host instead.
+ *
+ * @param service
+ * Service for which you want to generate the principal.
+ * @param hostname
+ * Fully-qualified domain name.
+ * @return Converted Kerberos principal name.
+ * @throws UnknownHostException
+ * If no IP address for the local host could be found.
+ */
+ public static final String getServicePrincipal(String service, String
hostname)
+ throws UnknownHostException {
+ String fqdn = hostname;
+ if (null == fqdn || fqdn.equals("") || fqdn.equals("0.0.0.0")) {
+ fqdn = SecurityUtil.getLocalHostName();
+ }
+ return service + "/" + fqdn.toLowerCase(Locale.US);
+ }
}
