HDFS-11069. Tighten the authorization of datanode RPC. Contributed by Kihwal Lee

Updated CHANGES.txt
(cherry picked from commit ae48c496dce8d0eae4571fc64e6850d602bae688)

hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt

@@ -57,6 +57,8 @@ Release 2.7.4 - UNRELEASED
 
     HDFS-11053. Unnecessary superuser check in versionRequest() (kihwal)
 
+    HDFS-11069. Tighten the authorization in datanode RPC. (kihwal)
+
   OPTIMIZATIONS
 
     HDFS-10896. Move lock logging logic from FSNamesystem into FSNamesystemLock.

hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java

@@ -839,7 +839,7 @@ public class DataNode extends ReconfigurableBase
 
     // Is this by the DN user itself?
     assert dnUserName != null;
-    if (callerUgi.getShortUserName().equals(dnUserName)) {
+    if (callerUgi.getUserName().equals(dnUserName)) {
       return;
     }
 
@@ -1135,7 +1135,7 @@ public class DataNode extends ReconfigurableBase
     this.blockPoolTokenSecretManager = new BlockPoolTokenSecretManager();
 
     // Login is done by now. Set the DN user name.
-    dnUserName = UserGroupInformation.getCurrentUser().getShortUserName();
+    dnUserName = UserGroupInformation.getCurrentUser().getUserName();
     LOG.info("dnUserName = " + dnUserName);
     LOG.info("supergroup = " + supergroup);
     initIpcServer(conf);
@@ -3256,4 +3256,4 @@ public class DataNode extends ReconfigurableBase
   void setBlockScanner(BlockScanner blockScanner) {
     this.blockScanner = blockScanner;
   }
-}
+}