You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by st...@apache.org on 2012/04/05 22:58:57 UTC

svn commit: r1310073 - /hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java

Author: stack
Date: Thu Apr  5 20:58:57 2012
New Revision: 1310073

URL: http://svn.apache.org/viewvc?rev=1310073&view=rev
Log:
HBASE-5727 secure hbase build broke because of 'HBASE-5451 Switch RPC call envelope/headers to PBs

Modified:
    hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java

Modified: hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java
URL: http://svn.apache.org/viewvc/hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java?rev=1310073&r1=1310072&r2=1310073&view=diff
==============================================================================
--- hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java (original)
+++ hbase/trunk/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java Thu Apr  5 20:58:57 2012
@@ -198,6 +198,7 @@ public abstract class SecureServer exten
     private ByteBuffer rpcHeaderBuffer;
     private ByteBuffer unwrappedData;
     private ByteBuffer unwrappedDataLengthBuffer;
+    private SecureConnectionHeader header;
 
     public UserGroupInformation attemptingUser = null; // user name before auth
 
@@ -333,10 +334,10 @@ public abstract class SecureServer exten
               + saslServer.getNegotiatedProperty(Sasl.QOP));
           String qop = (String) saslServer.getNegotiatedProperty(Sasl.QOP);
           useWrap = qop != null && !"auth".equalsIgnoreCase(qop);
-          ticket = getAuthorizedUgi(saslServer.getAuthorizationID());
-          LOG.debug("SASL server successfully authenticated client: " + ticket);
+          user = getAuthorizedUgi(saslServer.getAuthorizationID());
+          LOG.debug("SASL server successfully authenticated client: " + user);
           rpcMetrics.authenticationSuccesses.inc();
-          AUDITLOG.trace(AUTH_SUCCESSFUL_FOR + ticket);
+          AUDITLOG.trace(AUTH_SUCCESSFUL_FOR + user);
           saslContextEstablished = true;
         }
       } else {
@@ -497,33 +498,33 @@ public abstract class SecureServer exten
 
       User protocolUser = header.getUser();
       if (!useSasl) {
-        ticket = protocolUser;
-        if (ticket != null) {
-          ticket.getUGI().setAuthenticationMethod(AuthMethod.SIMPLE.authenticationMethod);
+        user = protocolUser;
+        if (user != null) {
+          user.getUGI().setAuthenticationMethod(AuthMethod.SIMPLE.authenticationMethod);
         }
       } else {
         // user is authenticated
-        ticket.getUGI().setAuthenticationMethod(authMethod.authenticationMethod);
+        user.getUGI().setAuthenticationMethod(authMethod.authenticationMethod);
         //Now we check if this is a proxy user case. If the protocol user is
         //different from the 'user', it is a proxy user scenario. However,
         //this is not allowed if user authenticated with DIGEST.
         if ((protocolUser != null)
-            && (!protocolUser.getName().equals(ticket.getName()))) {
+            && (!protocolUser.getName().equals(user.getName()))) {
           if (authMethod == AuthMethod.DIGEST) {
             // Not allowed to doAs if token authentication is used
-            throw new AccessControlException("Authenticated user (" + ticket
+            throw new AccessControlException("Authenticated user (" + user
                 + ") doesn't match what the client claims to be ("
                 + protocolUser + ")");
           } else {
             // Effective user can be different from authenticated user
             // for simple auth or kerberos auth
             // The user is the real user. Now we create a proxy user
-            UserGroupInformation realUser = ticket.getUGI();
-            ticket = User.create(
+            UserGroupInformation realUser = user.getUGI();
+            user = User.create(
                 UserGroupInformation.createProxyUser(protocolUser.getName(),
                     realUser));
             // Now the user is a proxy user, set Authentication method Proxy.
-            ticket.getUGI().setAuthenticationMethod(AuthenticationMethod.PROXY);
+            user.getUGI().setAuthenticationMethod(AuthenticationMethod.PROXY);
           }
         }
       }
@@ -578,7 +579,7 @@ public abstract class SecureServer exten
         if (!authorizeConnection()) {
           throw new AccessControlException("Connection from " + this
               + " for protocol " + header.getProtocol()
-              + " is unauthorized for user " + ticket);
+              + " is unauthorized for user " + user);
         }
       }
     }
@@ -610,11 +611,11 @@ public abstract class SecureServer exten
         // real user for the effective user, therefore not required to
         // authorize real user. doAs is allowed only for simple or kerberos
         // authentication
-        if (ticket != null && ticket.getUGI().getRealUser() != null
+        if (user != null && user.getUGI().getRealUser() != null
             && (authMethod != AuthMethod.DIGEST)) {
-          ProxyUsers.authorize(ticket.getUGI(), this.getHostAddress(), conf);
+          ProxyUsers.authorize(user.getUGI(), this.getHostAddress(), conf);
         }
-        authorize(ticket, header, getHostInetAddress());
+        authorize(user, header, getHostInetAddress());
         if (LOG.isDebugEnabled()) {
           LOG.debug("Successfully authorized " + header);
         }