[prev in list] [next in list] [prev in thread] [next in thread]
List: hadoop-commits
Subject: svn commit: r1598754 - in /hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common: ./
From: suresh () apache ! org
Date: 2014-05-30 21:56:59
Message-ID: 20140530215659.923A92388868 () eris ! apache ! org
[Download RAW message or body]
Author: suresh
Date: Fri May 30 21:56:58 2014
New Revision: 1598754
URL: http://svn.apache.org/r1598754
Log:
HADOOP-10342. Merging branch-2 equivalent of commit 1568525 from trunk
Modified:
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java
Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1598754&r1=1598753&r2=1598754&view=diff
==============================================================================
--- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt \
(original)
+++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt \
Fri May 30 21:56:58 2014 @@ -171,6 +171,9 @@ Release 2.5.0 - UNRELEASED
HADOOP-10638. Updating hadoop-daemon.sh to work as expected when nfs is
started as a privileged user. (Manikandan Narayanaswamy via atm)
+ HADOOP-10342. Add a new method to UGI to use a Kerberos login subject to
+ build a new UGI. (Larry McCay via omalley)
+
Release 2.4.1 - UNRELEASED
INCOMPATIBLE CHANGES
Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-projec \
t/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java?rev=1598754&r1=1598753&r2=1598754&view=diff
==============================================================================
--- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java \
(original)
+++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java \
Fri May 30 21:56:58 2014 @@ -652,7 +652,7 @@ public class Client {
// try re-login
if (UserGroupInformation.isLoginKeytabBased()) {
UserGroupInformation.getLoginUser().reloginFromKeytab();
- } else {
+ } else if (UserGroupInformation.isLoginTicketBased()) {
UserGroupInformation.getLoginUser().reloginFromTicketCache();
}
// have granularity of milliseconds
Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-projec \
t/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java?rev=1598754&r1=1598753&r2=1598754&view=diff
==============================================================================
--- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java \
(original)
+++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java \
Fri May 30 21:56:58 2014 @@ -692,6 +692,35 @@ public class UserGroupInformation {
}
}
+ /**
+ * Create a UserGroupInformation from a Subject with Kerberos principal.
+ *
+ * @param user The KerberosPrincipal to use in UGI
+ *
+ * @throws IOException if the kerberos login fails
+ */
+ public static UserGroupInformation getUGIFromSubject(Subject subject)
+ throws IOException {
+ if (subject == null) {
+ throw new IOException("Subject must not be null");
+ }
+
+ if (subject.getPrincipals(KerberosPrincipal.class).isEmpty()) {
+ throw new IOException("Provided Subject must contain a KerberosPrincipal");
+ }
+
+ KerberosPrincipal principal =
+ subject.getPrincipals(KerberosPrincipal.class).iterator().next();
+
+ User ugiUser = new User(principal.getName(),
+ AuthenticationMethod.KERBEROS, null);
+ subject.getPrincipals().add(ugiUser);
+ UserGroupInformation ugi = new UserGroupInformation(subject);
+ ugi.setLogin(null);
+ ugi.setAuthenticationMethod(AuthenticationMethod.KERBEROS);
+ return ugi;
+ }
+
/**
* Get the currently logged in user.
* @return the logged in user
@@ -1100,6 +1129,14 @@ public class UserGroupInformation {
}
/**
+ * Did the login happen via ticket cache
+ * @return true or false
+ */
+ public static boolean isLoginTicketBased() throws IOException {
+ return getLoginUser().isKrbTkt;
+ }
+
+ /**
* Create a user from a login name. It is intended to be used for remote
* users in RPC, since it won't have any credentials.
* @param user the full user principal name, must not be empty or null
Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-projec \
t/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java?rev=1598754&r1=1598753&r2=1598754&view=diff
==============================================================================
--- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java \
(original)
+++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java \
Fri May 30 21:56:58 2014 @@ -28,6 +28,7 @@ import org.apache.hadoop.util.Shell;
import org.junit.*;
import javax.security.auth.Subject;
+import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.LoginContext;
import java.io.BufferedReader;
@@ -767,7 +768,17 @@ public class TestUserGroupInformation {
}
});
}
-
+
+ @Test (timeout = 30000)
+ public void testGetUGIFromSubject() throws Exception {
+ KerberosPrincipal p = new KerberosPrincipal("guest");
+ Subject subject = new Subject();
+ subject.getPrincipals().add(p);
+ UserGroupInformation ugi = UserGroupInformation.getUGIFromSubject(subject);
+ assertNotNull(ugi);
+ assertEquals("guest@DEFAULT.REALM", ugi.getUserName());
+ }
+
@Test(timeout=1000)
public void testSetLoginUser() throws IOException {
UserGroupInformation ugi = UserGroupInformation.createRemoteUser("test-user");
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic