hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sur...@apache.org
Subject svn commit: r1407256 - in /hadoop/common/branches/branch-1.1: ./ src/core/org/apache/hadoop/security/ src/core/org/apache/hadoop/security/authentication/client/ src/core/org/apache/hadoop/security/authentication/util/ src/test/org/apache/hadoop/security/
Date Thu, 08 Nov 2012 20:20:51 GMT
Author: suresh
Date: Thu Nov  8 20:20:50 2012
New Revision: 1407256

URL: http://svn.apache.org/viewvc?rev=1407256&view=rev
Log:
HADOOP-8878. Merge r1396925 from branch-1 for release 1.1.1

Added:
    hadoop/common/branches/branch-1.1/src/test/org/apache/hadoop/security/TestKerberosUtil.java
      - copied unchanged from r1396925, hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/TestKerberosUtil.java
Modified:
    hadoop/common/branches/branch-1.1/CHANGES.txt
    hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/SecurityUtil.java
    hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
    hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/authentication/util/KerberosUtil.java

Modified: hadoop/common/branches/branch-1.1/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.1/CHANGES.txt?rev=1407256&r1=1407255&r2=1407256&view=diff
==============================================================================
--- hadoop/common/branches/branch-1.1/CHANGES.txt (original)
+++ hadoop/common/branches/branch-1.1/CHANGES.txt Thu Nov  8 20:20:50 2012
@@ -12,6 +12,10 @@ Release 1.1.1 - Unreleased
 
   BUG FIXES
 
+    HADOOP-8878. Uppercase namenode hostname causes hadoop dfs calls with
+    webhdfs filesystem and fsck to fail when security is on.
+    (Arpit Gupta via suresh)
+
     HDFS-3791. HDFS-173 Backport - Namenode will not block until a large 
     directory deletion completes. It allows other operations when the 
     deletion is in progress. (umamahesh via suresh)

Modified: hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/SecurityUtil.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/SecurityUtil.java?rev=1407256&r1=1407255&r2=1407256&view=diff
==============================================================================
--- hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/SecurityUtil.java
(original)
+++ hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/SecurityUtil.java
Thu Nov  8 20:20:50 2012
@@ -258,7 +258,14 @@ public class SecurityUtil {
     return components[0] + "/" + fqdn.toLowerCase() + "@" + components[2];
   }
   
-  static String getLocalHostName() throws UnknownHostException {
+  /**
+   * Get the fqdn for the current host.
+   * 
+   * @return fqdn of the current host.
+   * @throws UnknownHostException
+   *           if no IP address for the local host could be found.
+   */
+  public static String getLocalHostName() throws UnknownHostException {
     return InetAddress.getLocalHost().getCanonicalHostName();
   }
 

Modified: hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java?rev=1407256&r1=1407255&r2=1407256&view=diff
==============================================================================
--- hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
(original)
+++ hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
Thu Nov  8 20:20:50 2012
@@ -194,7 +194,8 @@ public class KerberosAuthenticator imple
           GSSContext gssContext = null;
           try {
             GSSManager gssManager = GSSManager.getInstance();
-            String servicePrincipal = "HTTP/" + KerberosAuthenticator.this.url.getHost();
+            String servicePrincipal = KerberosUtil.getServicePrincipal("HTTP",
+                KerberosAuthenticator.this.url.getHost());
             Oid oid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL");
             GSSName serviceName = gssManager.createName(servicePrincipal,
                                                         oid);

Modified: hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/authentication/util/KerberosUtil.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/authentication/util/KerberosUtil.java?rev=1407256&r1=1407255&r2=1407256&view=diff
==============================================================================
--- hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/authentication/util/KerberosUtil.java
(original)
+++ hadoop/common/branches/branch-1.1/src/core/org/apache/hadoop/security/authentication/util/KerberosUtil.java
Thu Nov  8 20:20:50 2012
@@ -20,7 +20,10 @@ package org.apache.hadoop.security.authe
 import java.lang.reflect.Field;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
+import java.net.UnknownHostException;
+import java.util.Locale;
 
+import org.apache.hadoop.security.SecurityUtil;
 import org.ietf.jgss.GSSException;
 import org.ietf.jgss.Oid;
 
@@ -65,4 +68,26 @@ public class KerberosUtil {
          new Class[0]);
     return (String)getDefaultRealmMethod.invoke(kerbConf, new Object[0]);
   }
+  
+  /**
+   * Create Kerberos principal for a given service and hostname. It converts
+   * hostname to lower case. If hostname is null or "0.0.0.0", it uses
+   * dynamically looked-up fqdn of the current host instead.
+   * 
+   * @param service
+   *          Service for which you want to generate the principal.
+   * @param hostname
+   *          Fully-qualified domain name.
+   * @return Converted Kerberos principal name.
+   * @throws UnknownHostException
+   *           If no IP address for the local host could be found.
+   */
+  public static final String getServicePrincipal(String service, String hostname)
+      throws UnknownHostException {
+    String fqdn = hostname;
+    if (null == fqdn || fqdn.equals("") || fqdn.equals("0.0.0.0")) {
+      fqdn = SecurityUtil.getLocalHostName();
+    }
+    return service + "/" + fqdn.toLowerCase(Locale.US);
+  }
 }



Mime
View raw message