You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by gu...@apache.org on 2013/08/26 23:42:21 UTC
svn commit: r1517707 [17/17] - in /hive/branches/tez: ./
beeline/src/java/org/apache/hive/beeline/ bin/ bin/ext/
common/src/java/org/apache/hadoop/hive/common/
common/src/java/org/apache/hadoop/hive/conf/ conf/
contrib/src/java/org/apache/hadoop/hive/c...
Modified: hive/branches/tez/shims/src/common-secure/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java
URL: http://svn.apache.org/viewvc/hive/branches/tez/shims/src/common-secure/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java?rev=1517707&r1=1517706&r2=1517707&view=diff
==============================================================================
--- hive/branches/tez/shims/src/common-secure/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java (original)
+++ hive/branches/tez/shims/src/common-secure/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java Mon Aug 26 21:42:12 2013
@@ -24,6 +24,7 @@ import java.net.InetAddress;
import java.net.Socket;
import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
+import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
@@ -89,6 +90,19 @@ import org.apache.thrift.transport.TTran
return new Server(keytabFile, principalConf);
}
+ /**
+ * Read and return Hadoop SASL configuration which can be configured using
+ * "hadoop.rpc.protection"
+ * @param conf
+ * @return Hadoop SASL configuration
+ */
+ @Override
+ public Map<String, String> getHadoopSaslProperties(Configuration conf) {
+ // Initialize the SaslRpcServer to ensure QOP parameters are read from conf
+ SaslRpcServer.init(conf);
+ return SaslRpcServer.SASL_PROPS;
+ }
+
public static class Client extends HadoopThriftAuthBridge.Client {
/**
* Create a client-side SASL transport that wraps an underlying transport.
@@ -97,13 +111,14 @@ import org.apache.thrift.transport.TTran
* supported.
* @param serverPrincipal The Kerberos principal of the target server.
* @param underlyingTransport The underlying transport mechanism, usually a TSocket.
+ * @param saslProps the sasl properties to create the client with
*/
@Override
public TTransport createClientTransport(
String principalConfig, String host,
- String methodStr, String tokenStrForm, TTransport underlyingTransport)
- throws IOException {
+ String methodStr, String tokenStrForm, TTransport underlyingTransport,
+ Map<String, String> saslProps) throws IOException {
AuthMethod method = AuthMethod.valueOf(AuthMethod.class, methodStr);
TTransport saslTransport = null;
@@ -115,7 +130,7 @@ import org.apache.thrift.transport.TTran
method.getMechanismName(),
null,
null, SaslRpcServer.SASL_DEFAULT_REALM,
- SaslRpcServer.SASL_PROPS, new SaslClientCallbackHandler(t),
+ saslProps, new SaslClientCallbackHandler(t),
underlyingTransport);
return new TUGIAssumingTransport(saslTransport, UserGroupInformation.getCurrentUser());
@@ -132,7 +147,7 @@ import org.apache.thrift.transport.TTran
method.getMechanismName(),
null,
names[0], names[1],
- SaslRpcServer.SASL_PROPS, null,
+ saslProps, null,
underlyingTransport);
return new TUGIAssumingTransport(saslTransport, UserGroupInformation.getCurrentUser());
} catch (SaslException se) {
@@ -140,7 +155,7 @@ import org.apache.thrift.transport.TTran
}
default:
- throw new IOException("Unsupported authentication method: " + method);
+ throw new IOException("Unsupported authentication method: " + method);
}
}
private static class SaslClientCallbackHandler implements CallbackHandler {
@@ -271,10 +286,11 @@ import org.apache.thrift.transport.TTran
* can be passed as both the input and output transport factory when
* instantiating a TThreadPoolServer, for example.
*
+ * @param saslProps Map of SASL properties
*/
@Override
- public TTransportFactory createTransportFactory() throws TTransportException
- {
+ public TTransportFactory createTransportFactory(Map<String, String> saslProps)
+ throws TTransportException {
// Parse out the kerberos principal, host, realm.
String kerberosName = realUgi.getUserName();
final String names[] = SaslRpcServer.splitKerberosName(kerberosName);
@@ -286,11 +302,11 @@ import org.apache.thrift.transport.TTran
transFactory.addServerDefinition(
AuthMethod.KERBEROS.getMechanismName(),
names[0], names[1], // two parts of kerberos principal
- SaslRpcServer.SASL_PROPS,
+ saslProps,
new SaslRpcServer.SaslGssCallbackHandler());
transFactory.addServerDefinition(AuthMethod.DIGEST.getMechanismName(),
null, SaslRpcServer.SASL_DEFAULT_REALM,
- SaslRpcServer.SASL_PROPS, new SaslDigestCallbackHandler(secretManager));
+ saslProps, new SaslDigestCallbackHandler(secretManager));
return new TUGIAssumingTransportFactory(transFactory, realUgi);
}
Modified: hive/branches/tez/shims/src/common-secure/test/org/apache/hadoop/hive/thrift/TestHadoop20SAuthBridge.java
URL: http://svn.apache.org/viewvc/hive/branches/tez/shims/src/common-secure/test/org/apache/hadoop/hive/thrift/TestHadoop20SAuthBridge.java?rev=1517707&r1=1517706&r2=1517707&view=diff
==============================================================================
--- hive/branches/tez/shims/src/common-secure/test/org/apache/hadoop/hive/thrift/TestHadoop20SAuthBridge.java (original)
+++ hive/branches/tez/shims/src/common-secure/test/org/apache/hadoop/hive/thrift/TestHadoop20SAuthBridge.java Mon Aug 26 21:42:12 2013
@@ -29,6 +29,7 @@ import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.List;
+import java.util.Map;
import junit.framework.TestCase;
@@ -77,13 +78,13 @@ public class TestHadoop20SAuthBridge ext
super();
}
@Override
- public TTransportFactory createTransportFactory()
+ public TTransportFactory createTransportFactory(Map<String, String> saslProps)
throws TTransportException {
TSaslServerTransport.Factory transFactory =
new TSaslServerTransport.Factory();
transFactory.addServerDefinition(AuthMethod.DIGEST.getMechanismName(),
null, SaslRpcServer.SASL_DEFAULT_REALM,
- SaslRpcServer.SASL_PROPS,
+ saslProps,
new SaslDigestCallbackHandler(secretManager));
return new TUGIAssumingTransportFactory(transFactory, realUgi);
Modified: hive/branches/tez/shims/src/common/java/org/apache/hadoop/hive/shims/HadoopShims.java
URL: http://svn.apache.org/viewvc/hive/branches/tez/shims/src/common/java/org/apache/hadoop/hive/shims/HadoopShims.java?rev=1517707&r1=1517706&r2=1517707&view=diff
==============================================================================
--- hive/branches/tez/shims/src/common/java/org/apache/hadoop/hive/shims/HadoopShims.java (original)
+++ hive/branches/tez/shims/src/common/java/org/apache/hadoop/hive/shims/HadoopShims.java Mon Aug 26 21:42:12 2013
@@ -343,13 +343,20 @@ public interface HadoopShims {
public String getJobLauncherHttpAddress(Configuration conf);
- /**
- * Perform kerberos login using the given principal and keytab
- * @throws IOException
- */
+ /**
+ * Perform kerberos login using the given principal and keytab
+ * @throws IOException
+ */
public void loginUserFromKeytab(String principal, String keytabFile) throws IOException;
/**
+ * Perform kerberos re-login using the given principal and keytab, to renew
+ * the credentials
+ * @throws IOException
+ */
+ public void reLoginUserFromKeytab() throws IOException;
+
+ /**
* Move the directory/file to trash. In case of the symlinks or mount points, the file is
* moved to the trashbin in the actual volume of the path p being deleted
* @param fs
@@ -387,6 +394,13 @@ public interface HadoopShims {
UserGroupInformation createProxyUser(String userName) throws IOException;
/**
+ * The method sets to set the partition file has a different signature between
+ * hadoop versions.
+ * @param jobConf
+ * @param partition
+ */
+ void setTotalOrderPartitionFile(JobConf jobConf, Path partition);
+ /**
* InputSplitShim.
*
*/
Modified: hive/branches/tez/shims/src/common/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge.java
URL: http://svn.apache.org/viewvc/hive/branches/tez/shims/src/common/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge.java?rev=1517707&r1=1517706&r2=1517707&view=diff
==============================================================================
--- hive/branches/tez/shims/src/common/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge.java (original)
+++ hive/branches/tez/shims/src/common/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge.java Mon Aug 26 21:42:12 2013
@@ -20,6 +20,7 @@
import java.io.IOException;
import java.net.InetAddress;
+import java.util.Map;
import org.apache.hadoop.conf.Configuration;
import org.apache.thrift.TProcessor;
@@ -50,6 +51,18 @@ import org.apache.thrift.transport.TTran
}
+ /**
+ * Read and return Hadoop SASL configuration which can be configured using
+ * "hadoop.rpc.protection"
+ *
+ * @param conf
+ * @return Hadoop SASL configuration
+ */
+ public Map<String, String> getHadoopSaslProperties(Configuration conf) {
+ throw new UnsupportedOperationException(
+ "The current version of Hadoop does not support Authentication");
+ }
+
public static abstract class Client {
/**
*
@@ -65,13 +78,14 @@ import org.apache.thrift.transport.TTran
* @throws IOException
*/
public abstract TTransport createClientTransport(
- String principalConfig, String host,
- String methodStr,String tokenStrForm, TTransport underlyingTransport)
- throws IOException;
+ String principalConfig, String host,
+ String methodStr, String tokenStrForm, TTransport underlyingTransport,
+ Map<String, String> saslProps)
+ throws IOException;
}
public static abstract class Server {
- public abstract TTransportFactory createTransportFactory() throws TTransportException;
+ public abstract TTransportFactory createTransportFactory(Map<String, String> saslProps) throws TTransportException;
public abstract TProcessor wrapProcessor(TProcessor processor);
public abstract TProcessor wrapNonAssumingProcessor(TProcessor processor);
public abstract InetAddress getRemoteAddress();