You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by ja...@apache.org on 2014/06/10 16:20:37 UTC
git commit: SENTRY-283: Secure connection from HS2 to Sentry service
fails
Repository: incubator-sentry
Updated Branches:
refs/heads/master 3071da2fc -> 38c4294ba
SENTRY-283: Secure connection from HS2 to Sentry service fails
(Prasad Mujumdar via Jarek Jarcec Cecho)
Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/38c4294b
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/38c4294b
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/38c4294b
Branch: refs/heads/master
Commit: 38c4294ba398f85d8d0f1ad5b38ae48167d876f7
Parents: 3071da2
Author: Jarek Jarcec Cecho <ja...@apache.org>
Authored: Tue Jun 10 07:19:52 2014 -0700
Committer: Jarek Jarcec Cecho <ja...@apache.org>
Committed: Tue Jun 10 07:19:52 2014 -0700
----------------------------------------------------------------------
.../java/org/apache/sentry/service/thrift/GSSCallback.java | 8 +++++++-
.../apache/sentry/service/thrift/KerberosConfiguration.java | 4 ++++
2 files changed, 11 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/38c4294b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/GSSCallback.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/GSSCallback.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/GSSCallback.java
index 22f31cd..38eb4be 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/GSSCallback.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/GSSCallback.java
@@ -59,15 +59,21 @@ public class GSSCallback extends SaslRpcServer.SaslGssCallbackHandler {
if (allowedPrincipals == null) {
return false;
}
+ String principalShortName = getShortName(principal);
List<String> items = Arrays.asList(allowedPrincipals.split("\\s*,\\s*"));
for (String item : items) {
- if(comparePrincipals(item, principal)) {
+ if (comparePrincipals(item, principalShortName)) {
return true;
}
}
return false;
}
+ private String getShortName(String principal) {
+ String parts[] = SaslRpcServer.splitKerberosName(principal);
+ return parts[0];
+ }
+
@Override
public void handle(Callback[] callbacks)
throws UnsupportedCallbackException, ConnectionDeniedException {
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/38c4294b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/KerberosConfiguration.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/KerberosConfiguration.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/KerberosConfiguration.java
index 41e4fe4..203858e 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/KerberosConfiguration.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/KerberosConfiguration.java
@@ -24,6 +24,10 @@ import java.util.Map;
import javax.security.auth.login.AppConfigurationEntry;
public class KerberosConfiguration extends javax.security.auth.login.Configuration {
+ static {
+ System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
+ }
+
private String principal;
private String keytab;
private boolean isInitiator;