Author: kihwal Date: Thu Jan 2 15:00:17 2014 New Revision: 1554817 URL: http://svn.apache.org/r1554817 Log: svn merge -c 1554815 merging from trunk to branch-2 to fix HADOOP-10173. Remove UGI from DIGEST-MD5 SASL server creation.
Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcServer.java Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1554817&r1=1554816&r2=1554817&view=diff ============================================================================== --- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt (original) +++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt Thu Jan 2 15:00:17 2014 @@ -121,6 +121,9 @@ Release 2.4.0 - UNRELEASED HADOOP-10172. Cache SASL server factories (daryn) + HADOOP-10173. Remove UGI from DIGEST-MD5 SASL server creation (daryn via + kihwal) + BUG FIXES HADOOP-9964. Fix deadlocks in TestHttpServer by synchronize Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcServer.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcServer.java?rev=1554817&r1=1554816&r2=1554817&view=diff ============================================================================== --- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcServer.java (original) +++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcServer.java Thu Jan 2 15:00:17 2014 @@ -131,7 +131,7 @@ public class SaslRpcServer { public SaslServer create(Connection connection, SecretManager<TokenIdentifier> secretManager ) throws IOException, InterruptedException { - UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); + UserGroupInformation ugi = null; final CallbackHandler callback; switch (authMethod) { case TOKEN: { @@ -139,6 +139,7 @@ public class SaslRpcServer { break; } case KERBEROS: { + ugi = UserGroupInformation.getCurrentUser(); if (serverId.isEmpty()) { throw new AccessControlException( "Kerberos principal name does NOT have the expected " @@ -153,7 +154,9 @@ public class SaslRpcServer { "Server does not support SASL " + authMethod); } - SaslServer saslServer = ugi.doAs( + final SaslServer saslServer; + if (ugi != null) { + saslServer = ugi.doAs( new PrivilegedExceptionAction<SaslServer>() { @Override public SaslServer run() throws SaslException { @@ -161,6 +164,10 @@ public class SaslRpcServer { SaslRpcServer.SASL_PROPS, callback); } }); + } else { + saslServer = saslFactory.createSaslServer(mechanism, protocol, serverId, + SaslRpcServer.SASL_PROPS, callback); + } if (saslServer == null) { throw new AccessControlException( "Unable to find SASL server implementation for " + mechanism);