Return-Path: 
 <commits-return-7192-apmail-accumulo-commits-archive=accumulo.apache.org@accumulo.apache.org>
X-Original-To: apmail-accumulo-commits-archive@www.apache.org
Delivered-To: apmail-accumulo-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 6AB4D10776
	for <apmail-accumulo-commits-archive@www.apache.org>;
 Wed, 18 Dec 2013 22:06:52 +0000 (UTC)
Received: (qmail 59112 invoked by uid 500); 18 Dec 2013 22:06:52 -0000
Delivered-To: apmail-accumulo-commits-archive@accumulo.apache.org
Received: (qmail 58981 invoked by uid 500); 18 Dec 2013 22:06:51 -0000
Mailing-List: contact commits-help@accumulo.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@accumulo.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@accumulo.apache.org>
List-Post: <mailto:commits@accumulo.apache.org>
List-Id: <commits.accumulo.apache.org>
Reply-To: dev@accumulo.apache.org
Delivered-To: mailing list commits@accumulo.apache.org
Received: (qmail 58923 invoked by uid 99); 18 Dec 2013 22:06:50 -0000
Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org)
 (140.211.11.114)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 18 Dec 2013 22:06:50 +0000
Received: by tyr.zones.apache.org (Postfix, from userid 65534)
	id 3CF839BCA; Wed, 18 Dec 2013 22:06:50 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: elserj@apache.org
To: commits@accumulo.apache.org
Date: Wed, 18 Dec 2013 22:06:51 -0000
Message-Id: <39b40f2483a7415b9b650064ef259ea2@git.apache.org>
In-Reply-To: <79023f4714b0482b9dd4da323bf91766@git.apache.org>
References: <79023f4714b0482b9dd4da323bf91766@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [2/3] git commit: Merge branch '1.4.5-SNAPSHOT' into 1.5.1-SNAPSHOT

Merge branch '1.4.5-SNAPSHOT' into 1.5.1-SNAPSHOT

Conflicts:
	core/src/main/java/org/apache/accumulo/core/security/SecurityUtil.java


Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/001fdd69
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/001fdd69
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/001fdd69

Branch: refs/heads/1.6.0-SNAPSHOT
Commit: 001fdd69b694236335f98127f7b07636a12a6329
Parents: 2d97b87 559b18b
Author: Josh Elser <elserj@apache.org>
Authored: Wed Dec 18 16:33:25 2013 -0500
Committer: Josh Elser <elserj@apache.org>
Committed: Wed Dec 18 16:33:25 2013 -0500

----------------------------------------------------------------------
 .../org/apache/accumulo/core/security/SecurityUtil.java     | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/accumulo/blob/001fdd69/core/src/main/java/org/apache/accumulo/core/security/SecurityUtil.java
----------------------------------------------------------------------
diff --cc core/src/main/java/org/apache/accumulo/core/security/SecurityUtil.java
index 8add1a7,0000000..672e784
mode 100644,000000..100644
--- a/core/src/main/java/org/apache/accumulo/core/security/SecurityUtil.java
+++ b/core/src/main/java/org/apache/accumulo/core/security/SecurityUtil.java
@@@ -1,84 -1,0 +1,89 @@@
 +/*
 + * Licensed to the Apache Software Foundation (ASF) under one or more
 + * contributor license agreements.  See the NOTICE file distributed with
 + * this work for additional information regarding copyright ownership.
 + * The ASF licenses this file to You under the Apache License, Version 2.0
 + * (the "License"); you may not use this file except in compliance with
 + * the License.  You may obtain a copy of the License at
 + *
 + *     http://www.apache.org/licenses/LICENSE-2.0
 + *
 + * Unless required by applicable law or agreed to in writing, software
 + * distributed under the License is distributed on an "AS IS" BASIS,
 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 + * See the License for the specific language governing permissions and
 + * limitations under the License.
 + */
 +package org.apache.accumulo.core.security;
 +
 +import java.io.IOException;
 +import java.net.InetAddress;
 +
 +import org.apache.accumulo.core.conf.AccumuloConfiguration;
 +import org.apache.accumulo.core.conf.Property;
 +import org.apache.hadoop.security.UserGroupInformation;
 +import org.apache.log4j.Logger;
 +
 +/**
 + * 
 + */
 +public class SecurityUtil {
 +  private static final Logger log = Logger.getLogger(SecurityUtil.class);
++  private static final String ACCUMULO_HOME = "ACCUMULO_HOME", ACCUMULO_CONF_DIR = "ACCUMULO_CONF_DIR";
 +  public static boolean usingKerberos = false;
++
 +  /**
 +   * This method is for logging a server in kerberos. If this is used in client code, it will fail unless run as the accumulo keytab's owner. Instead, use
 +   * {@link #login(String, String)}
 +   */
 +  public static void serverLogin() {
 +    @SuppressWarnings("deprecation")
 +    AccumuloConfiguration acuConf = AccumuloConfiguration.getSiteConfiguration();
 +    String keyTab = acuConf.get(Property.GENERAL_KERBEROS_KEYTAB);
 +    if (keyTab == null || keyTab.length() == 0)
 +      return;
 +    
 +    usingKerberos = true;
-     if (keyTab.contains("$ACCUMULO_HOME") && System.getenv("ACCUMULO_HOME") != null)
-       keyTab = keyTab.replace("$ACCUMULO_HOME", System.getenv("ACCUMULO_HOME"));
++    if (keyTab.contains("$" + ACCUMULO_HOME) && System.getenv(ACCUMULO_HOME) != null)
++      keyTab = keyTab.replace("$" + ACCUMULO_HOME, System.getenv(ACCUMULO_HOME));
++    
++    if (keyTab.contains("$" + ACCUMULO_CONF_DIR) && System.getenv(ACCUMULO_CONF_DIR) != null)
++      keyTab = keyTab.replace("$" + ACCUMULO_CONF_DIR, System.getenv(ACCUMULO_CONF_DIR));
 +    
 +    String principalConfig = acuConf.get(Property.GENERAL_KERBEROS_PRINCIPAL);
 +    if (principalConfig == null || principalConfig.length() == 0)
 +      return;
 +    
 +    if (login(principalConfig, keyTab)) {
 +      try {
 +        // This spawns a thread to periodically renew the logged in (accumulo) user
 +        UserGroupInformation.getLoginUser();
 +      } catch (IOException io) {
 +        log.error("Error starting up renewal thread. This shouldn't be happenining.", io);
 +      }
 +    }
 +  }
 +  
 +  /**
 +   * This will log in the given user in kerberos.
 +   * 
 +   * @param principalConfig
 +   *          This is the principals name in the format NAME/HOST@REALM. {@link org.apache.hadoop.security.SecurityUtil#HOSTNAME_PATTERN} will automatically be
 +   *          replaced by the systems host name.
 +   * @param keyTabPath
 +   * @return true if login succeeded, otherwise false
 +   */
 +  public static boolean login(String principalConfig, String keyTabPath) {
 +    try {
 +      String principalName = org.apache.hadoop.security.SecurityUtil.getServerPrincipal(principalConfig, InetAddress.getLocalHost().getCanonicalHostName());
 +      if (keyTabPath != null && principalName != null && keyTabPath.length() != 0 && principalName.length() != 0) {
 +        UserGroupInformation.loginUserFromKeytab(principalName, keyTabPath);
 +        log.info("Succesfully logged in as user " + principalConfig);
 +        return true;
 +      }
 +    } catch (IOException io) {
 +      log.error("Error logging in user " + principalConfig + " using keytab at " + keyTabPath, io);
 +    }
 +    return false;
 +  }
 +}