Author: kihwal
Date: Thu Jan 2 15:00:17 2014
New Revision: 1554817
URL: http://svn.apache.org/r1554817
Log:
svn merge -c 1554815 merging from trunk to branch-2 to fix HADOOP-10173. Remove
UGI from DIGEST-MD5 SASL server creation.
Modified:
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcServer.java
Modified:
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1554817&r1=1554816&r2=1554817&view=diff
==============================================================================
---
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt
(original)
+++
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt
Thu Jan 2 15:00:17 2014
@@ -121,6 +121,9 @@ Release 2.4.0 - UNRELEASED
HADOOP-10172. Cache SASL server factories (daryn)
+ HADOOP-10173. Remove UGI from DIGEST-MD5 SASL server creation (daryn via
+ kihwal)
+
BUG FIXES
HADOOP-9964. Fix deadlocks in TestHttpServer by synchronize
Modified:
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcServer.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcServer.java?rev=1554817&r1=1554816&r2=1554817&view=diff
==============================================================================
---
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcServer.java
(original)
+++
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcServer.java
Thu Jan 2 15:00:17 2014
@@ -131,7 +131,7 @@ public class SaslRpcServer {
public SaslServer create(Connection connection,
SecretManager<TokenIdentifier> secretManager
) throws IOException, InterruptedException {
- UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
+ UserGroupInformation ugi = null;
final CallbackHandler callback;
switch (authMethod) {
case TOKEN: {
@@ -139,6 +139,7 @@ public class SaslRpcServer {
break;
}
case KERBEROS: {
+ ugi = UserGroupInformation.getCurrentUser();
if (serverId.isEmpty()) {
throw new AccessControlException(
"Kerberos principal name does NOT have the expected "
@@ -153,7 +154,9 @@ public class SaslRpcServer {
"Server does not support SASL " + authMethod);
}
- SaslServer saslServer = ugi.doAs(
+ final SaslServer saslServer;
+ if (ugi != null) {
+ saslServer = ugi.doAs(
new PrivilegedExceptionAction<SaslServer>() {
@Override
public SaslServer run() throws SaslException {
@@ -161,6 +164,10 @@ public class SaslRpcServer {
SaslRpcServer.SASL_PROPS, callback);
}
});
+ } else {
+ saslServer = saslFactory.createSaslServer(mechanism, protocol, serverId,
+ SaslRpcServer.SASL_PROPS, callback);
+ }
if (saslServer == null) {
throw new AccessControlException(
"Unable to find SASL server implementation for " + mechanism);
