HDFS-7367. HDFS short-circuit read cannot negotiate shared memory slot and file descriptors when SASL is enabled on DataTransferProtocol. Contributed by Chris Nauroth.

hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt

@@ -1027,9 +1027,13 @@ Release 2.6.0 - UNRELEASED
     HDFS-7218. FSNamesystem ACL operations should write to audit log on
     failure. (clamb via yliu)
 
-    HDFS-7199.  DFSOutputStream should not silently drop data if DataStreamer
+    HDFS-7199. DFSOutputStream should not silently drop data if DataStreamer
     crashes with an unchecked exception (rushabhs via cmccabe)
 
+    HDFS-7367. HDFS short-circuit read cannot negotiate shared memory slot and
+    file descriptors when SASL is enabled on DataTransferProtocol.
+    (Chris Nauroth via wheat9)
+
     BREAKDOWN OF HDFS-6134 AND HADOOP-10150 SUBTASKS AND RELATED JIRAS
   
       HDFS-6387. HDFS CLI admin tool for creating & deleting an

hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferServer.java

@@ -277,6 +277,11 @@ public class SaslDataTransferServer {
    */
   private IOStreamPair getSaslStreams(Peer peer, OutputStream underlyingOut,
       InputStream underlyingIn, final DatanodeID datanodeId) throws IOException {
+    if (peer.hasSecureChannel() ||
+        dnConf.getTrustedChannelResolver().isTrusted(getPeerAddress(peer))) {
+      return new IOStreamPair(underlyingIn, underlyingOut);
+    }
+
     SaslPropertiesResolver saslPropsResolver = dnConf.getSaslPropsResolver();
     Map<String, String> saslProps = saslPropsResolver.getServerProperties(
       getPeerAddress(peer));