Strona główna Odkrywaj Pomoc
Zarejestruj się Zaloguj się
apache
/
hadoop
kopia lustrzana https://github.com/apache/hadoop.git
2
0
Forkuj 1
Pliki Problemy 0 Wiki
Przeglądaj źródła

HADOOP-8381. Substitute _HOST with hostname for HTTP principals. Contributed by Benoy Antony.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-0.22@1346224 13f79535-47bb-0310-9956-ffa450edef68
Konstantin Shvachko 13 lat temu
rodzic
16344c0d2e
commit
3354d9dadb
3 zmienionych plików z 10 dodań i 0 usunięć
Zunifikowany widok Pokaż statystyki zmian
  1. 3 0
      common/CHANGES.txt
  2. 5 0
      common/src/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java
  3. 2 0
      common/src/test/core/org/apache/hadoop/security/TestSecurityUtil.java

+ 3 - 0
common/CHANGES.txt
Wyświetl plik 

@@ -26,6 +26,9 @@ Release 0.22.1 - Unreleased
 
     HADOOP-7119. Add Kerberos HTTP SPNEGO authentication support to Hadoop
 
     HADOOP-7119. Add Kerberos HTTP SPNEGO authentication support to Hadoop
 
     JT/NN/DN/TT web-consoles. (Alejandro Abdelnur, Benoy Antony via shv)
 
     JT/NN/DN/TT web-consoles. (Alejandro Abdelnur, Benoy Antony via shv)
 
 
 
+    HADOOP-8381. Substitute _HOST with hostname for HTTP principals.
 
+    (Benoy Antony via shv)
 
+
 
 Release 0.22.0 - 2011-11-29
 
 Release 0.22.0 - 2011-11-29
 
 
 
   INCOMPATIBLE CHANGES
 
   INCOMPATIBLE CHANGES

+ 5 - 0
common/src/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java
Wyświetl plik 

@@ -18,6 +18,7 @@ import org.apache.hadoop.security.authentication.client.KerberosAuthenticator;
 
 import com.sun.security.auth.module.Krb5LoginModule;
 
 import com.sun.security.auth.module.Krb5LoginModule;
 
 import org.apache.commons.codec.binary.Base64;
 
 import org.apache.commons.codec.binary.Base64;
 
 import org.apache.hadoop.security.authentication.util.KerberosName;
 
 import org.apache.hadoop.security.authentication.util.KerberosName;
 
+import org.apache.hadoop.security.SecurityUtil;
 
 import org.ietf.jgss.GSSContext;
 
 import org.ietf.jgss.GSSContext;
 
 import org.ietf.jgss.GSSCredential;
 
 import org.ietf.jgss.GSSCredential;
 
 import org.ietf.jgss.GSSManager;
 
 import org.ietf.jgss.GSSManager;
 
@@ -143,6 +144,10 @@ public class KerberosAuthenticationHandler implements AuthenticationHandler {
 
       if (principal == null || principal.trim().length() == 0) {
 
       if (principal == null || principal.trim().length() == 0) {
 
         throw new ServletException("Principal not defined in configuration");
 
         throw new ServletException("Principal not defined in configuration");
 
       }
 
       }
 
+
 
+      // replace _HOST with FQDN if present
 
+      principal = SecurityUtil.getServerPrincipal(principal, "");
 
+
 
       keytab = config.getProperty(KEYTAB, keytab);
 
       keytab = config.getProperty(KEYTAB, keytab);
 
       if (keytab == null || keytab.trim().length() == 0) {
 
       if (keytab == null || keytab.trim().length() == 0) {
 
         throw new ServletException("Keytab not defined in configuration");
 
         throw new ServletException("Keytab not defined in configuration");

+ 2 - 0
common/src/test/core/org/apache/hadoop/security/TestSecurityUtil.java
Wyświetl plik 

@@ -93,6 +93,8 @@ public class TestSecurityUtil {
 
                  SecurityUtil.getServerPrincipal("hdfs/_HOST@REALM", (String)null));
 
                  SecurityUtil.getServerPrincipal("hdfs/_HOST@REALM", (String)null));
 
     assertEquals("hdfs/" + local + "@REALM",
 
     assertEquals("hdfs/" + local + "@REALM",
 
                  SecurityUtil.getServerPrincipal("hdfs/_HOST@REALM", "0.0.0.0"));
 
                  SecurityUtil.getServerPrincipal("hdfs/_HOST@REALM", "0.0.0.0"));
 
+    assertEquals("hdfs/" + local + "@REALM",
 
+        SecurityUtil.getServerPrincipal("hdfs/_HOST@REALM", ""));
 
   }
 
   }
 
   
   
   @Test
 
   @Test