You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by om...@apache.org on 2011/03/04 05:06:20 UTC
svn commit: r1077352 - in
/hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security:
User.java UserGroupInformation.java
Author: omalley
Date: Fri Mar 4 04:06:20 2011
New Revision: 1077352
URL: http://svn.apache.org/viewvc?rev=1077352&view=rev
Log:
commit 7e30c8fdf687cadb3f47ccce56d48f6ac61da336
Author: Jitendra Nath Pandey <jitendra@sufferhome-lm.(none)>
Date: Sat Mar 20 15:22:59 2010 -0700
HADOOP-6649 from https://issues.apache.org/jira/secure/attachment/12439344/HADOOP-6649-y20.1.patch
+++ b/YAHOO-CHANGES.txt
+ HADOOP-6649. login object in UGI should be inside the subject
+ (jitendra)
+
Modified:
hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/User.java
hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/UserGroupInformation.java
Modified: hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/User.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/User.java?rev=1077352&r1=1077351&r2=1077352&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/User.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/User.java Fri Mar 4 04:06:20 2011
@@ -20,6 +20,8 @@ package org.apache.hadoop.security;
import java.io.IOException;
import java.security.Principal;
+import javax.security.auth.login.LoginContext;
+
import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
/**
@@ -30,12 +32,13 @@ class User implements Principal {
private final String fullName;
private final String shortName;
private AuthenticationMethod authMethod = null;
+ private LoginContext login = null;
public User(String name) {
- this(name, null);
+ this(name, null, null);
}
- public User(String name, AuthenticationMethod authMethod) {
+ public User(String name, AuthenticationMethod authMethod, LoginContext login) {
try {
shortName = new KerberosName(name).getShortName();
} catch (IOException ioe) {
@@ -43,6 +46,7 @@ class User implements Principal {
}
fullName = name;
this.authMethod = authMethod;
+ this.login = login;
}
/**
@@ -89,4 +93,20 @@ class User implements Principal {
public AuthenticationMethod getAuthenticationMethod() {
return authMethod;
}
+
+ /**
+ * Returns login object
+ * @return login
+ */
+ public LoginContext getLogin() {
+ return login;
+ }
+
+ /**
+ * Set the login object
+ * @param login
+ */
+ public void setLogin(LoginContext login) {
+ this.login = login;
+ }
}
Modified: hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/UserGroupInformation.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/UserGroupInformation.java?rev=1077352&r1=1077351&r2=1077352&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/UserGroupInformation.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/core/org/apache/hadoop/security/UserGroupInformation.java Fri Mar 4 04:06:20 2011
@@ -215,8 +215,6 @@ public class UserGroupInformation {
private final Subject subject;
- private LoginContext login;
-
private static final String OS_LOGIN_MODULE_NAME;
private static final Class<? extends Principal> OS_PRINCIPAL_CLASS;
private static final boolean windows =
@@ -339,6 +337,19 @@ public class UserGroupInformation {
return null;
}
}
+
+ private LoginContext getLogin() {
+ for (User p: subject.getPrincipals(User.class)) {
+ return p.getLogin();
+ }
+ return null;
+ }
+
+ private void setLogin(LoginContext login) {
+ for (User p: subject.getPrincipals(User.class)) {
+ p.setLogin(login);
+ }
+ }
/**
* Create a UserGroupInformation for the given subject.
@@ -378,7 +389,7 @@ public class UserGroupInformation {
login = new LoginContext(HadoopConfiguration.SIMPLE_CONFIG_NAME, subject);
}
login.login();
- loginUser.login = login;
+ loginUser.setLogin(login);
loginUser = new UserGroupInformation(login.getSubject());
String fileLocation = System.getenv(HADOOP_TOKEN_FILE_LOCATION);
if (fileLocation != null && isSecurityEnabled()) {
@@ -420,7 +431,7 @@ public class UserGroupInformation {
new LoginContext(HadoopConfiguration.KEYTAB_KERBEROS_CONFIG_NAME, subject);
login.login();
loginUser = new UserGroupInformation(subject);
- loginUser.login = login;
+ loginUser.setLogin(login);
} catch (LoginException le) {
throw new IOException("Login failure for " + user + " from keytab " +
path, le);
@@ -456,7 +467,7 @@ public class UserGroupInformation {
login.login();
UserGroupInformation newLoginUser = new UserGroupInformation(subject);
- newLoginUser.login = login;
+ newLoginUser.setLogin(login);
return newLoginUser;
} catch (LoginException le) {
@@ -481,6 +492,7 @@ public class UserGroupInformation {
throws IOException {
if (!isSecurityEnabled())
return;
+ LoginContext login = getLogin();
if (login == null || keytabFile == null) {
throw new IOException("loginUserFromKeyTab must be done first");
}