hadoop-common-commits mailing list archives

Site index · List index

Message view	« Date » · « Thread »
Top	« Date » · « Thread »
From	bo...@apache.org
Subject	svn commit: r1406689 - in /hadoop/common/trunk/hadoop-common-project/hadoop-common: CHANGES.txt src/main/java/org/apache/hadoop/security/SaslRpcClient.java
Date	Wed, 07 Nov 2012 16:05:04 GMT
Author: bobby Date: Wed Nov 7 16:05:03 2012 New Revision: 1406689 URL: http://svn.apache.org/viewvc?rev=1406689&view=rev Log: HADOOP-9014. Standardize creation of SaslRpcClients (daryn via bobby) Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1406689&r1=1406688&r2=1406689&view=diff ============================================================================== --- hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt (original) +++ hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt Wed Nov 7 16:05:03 2012 @@ -345,6 +345,8 @@ Release 2.0.3-alpha - Unreleased HADOOP-9013. UGI should not hardcode loginUser's authenticationType (daryn via bobby) + HADOOP-9014. Standardize creation of SaslRpcClients (daryn via bobby) + OPTIMIZATIONS HADOOP-8866. SampleQuantiles#query is O(N^2) instead of O(N). (Andrew Wang Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java?rev=1406689&r1=1406688&r2=1406689&view=diff ============================================================================== --- hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java (original) +++ hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java Wed Nov 7 16:05:03 2012 @@ -25,6 +25,7 @@ import java.io.DataOutputStream; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; +import java.util.Map; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; @@ -45,6 +46,7 @@ import org.apache.hadoop.io.WritableUtil import org.apache.hadoop.ipc.RemoteException; import org.apache.hadoop.security.SaslRpcServer.AuthMethod; import org.apache.hadoop.security.SaslRpcServer.SaslStatus; +import org.apache.hadoop.security.authentication.util.KerberosName; import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.TokenIdentifier; @@ -69,40 +71,48 @@ public class SaslRpcClient { public SaslRpcClient(AuthMethod method, Token<? extends TokenIdentifier> token, String serverPrincipal) throws IOException { + String saslUser = null; + String saslProtocol = null; + String saslServerName = null; + Map<String, String> saslProperties = SaslRpcServer.SASL_PROPS; + CallbackHandler saslCallback = null; + switch (method) { - case DIGEST: - if (LOG.isDebugEnabled()) - LOG.debug("Creating SASL " + AuthMethod.DIGEST.getMechanismName() - + " client to authenticate to service at " + token.getService()); - saslClient = Sasl.createSaslClient(new String[] { AuthMethod.DIGEST - .getMechanismName() }, null, null, SaslRpcServer.SASL_DEFAULT_REALM, - SaslRpcServer.SASL_PROPS, new SaslClientCallbackHandler(token)); - break; - case KERBEROS: - if (LOG.isDebugEnabled()) { - LOG.debug("Creating SASL " + AuthMethod.KERBEROS.getMechanismName() - + " client. Server's Kerberos principal name is " - + serverPrincipal); - } - if (serverPrincipal == null \|\| serverPrincipal.length() == 0) { - throw new IOException( - "Failed to specify server's Kerberos principal name"); - } - String names[] = SaslRpcServer.splitKerberosName(serverPrincipal); - if (names.length != 3) { - throw new IOException( - "Kerberos principal name does NOT have the expected hostname part: " - + serverPrincipal); - } - saslClient = Sasl.createSaslClient(new String[] { AuthMethod.KERBEROS - .getMechanismName() }, null, names[0], names[1], - SaslRpcServer.SASL_PROPS, null); - break; - default: - throw new IOException("Unknown authentication method " + method); + case DIGEST: { + saslServerName = SaslRpcServer.SASL_DEFAULT_REALM; + saslCallback = new SaslClientCallbackHandler(token); + break; + } + case KERBEROS: { + if (serverPrincipal == null \|\| serverPrincipal.isEmpty()) { + throw new IOException( + "Failed to specify server's Kerberos principal name"); + } + KerberosName name = new KerberosName(serverPrincipal); + saslProtocol = name.getServiceName(); + saslServerName = name.getHostName(); + if (saslServerName == null) { + throw new IOException( + "Kerberos principal name does NOT have the expected hostname part: " + + serverPrincipal); + } + break; + } + default: + throw new IOException("Unknown authentication method " + method); + } + + String mechanism = method.getMechanismName(); + if (LOG.isDebugEnabled()) { + LOG.debug("Creating SASL " + mechanism + + " client to authenticate to service at " + saslServerName); } - if (saslClient == null) + saslClient = Sasl.createSaslClient( + new String[] { mechanism }, saslUser, saslProtocol, saslServerName, + saslProperties, saslCallback); + if (saslClient == null) { throw new IOException("Unable to find SASL client implementation"); + } } private static void readStatus(DataInputStream inStream) throws IOException {
Mime	Unnamed text/plain (inline, 7-Bit, 5870 bytes)
	View raw message