big-data/hadoop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HADOOP-6642. Fix javac, javadoc, findbugs warnings related to security work. Contributed by Chris Douglas, Po Cheung.

Browse Source 
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1065959 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Konstantin Shvachko 2011-02-01 09:38:31 +00:00
parent e82df7e7f7
commit 7fc59af99c
3 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES.txt
View File

@ -471,6 +471,9 @@ Release 0.22.0 - Unreleased
HADOOP-7126. Fix file permission setting for RawLocalFileSystem on Windows. HADOOP-7126. Fix file permission setting for RawLocalFileSystem on Windows.
(Po Cheung via shv) (Po Cheung via shv)
HADOOP-6642. Fix javac, javadoc, findbugs warnings related to security work.
(Chris Douglas, Po Cheung via shv)
Release 0.21.1 - Unreleased Release 0.21.1 - Unreleased
IMPROVEMENTS IMPROVEMENTS

16
src/java/org/apache/hadoop/security/Krb5AndCertsSslSocketConnector.java
View File

@ -20,6 +20,8 @@
import java.net.InetAddress; import java.net.InetAddress;
import java.net.ServerSocket; import java.net.ServerSocket;
import java.security.Principal; import java.security.Principal;
import java.util.Collections;
import java.util.List;
import java.util.Random; import java.util.Random;
import javax.net.ssl.SSLContext; import javax.net.ssl.SSLContext;
@ -52,10 +54,11 @@
* running with Kerberos support. * running with Kerberos support.
*/ */
public class Krb5AndCertsSslSocketConnector extends SslSocketConnector { public class Krb5AndCertsSslSocketConnector extends SslSocketConnector {
public static final String[] KRB5_CIPHER_SUITES = public static final List<String> KRB5_CIPHER_SUITES =
new String [] {"TLS_KRB5_WITH_3DES_EDE_CBC_SHA"}; Collections.unmodifiableList(Collections.singletonList(
"TLS_KRB5_WITH_3DES_EDE_CBC_SHA"));
static { static {
System.setProperty("https.cipherSuites", KRB5_CIPHER_SUITES[0]); System.setProperty("https.cipherSuites", KRB5_CIPHER_SUITES.get(0));
} }
private static final Log LOG = LogFactory private static final Log LOG = LogFactory
@ -136,11 +139,12 @@ protected ServerSocket newServerSocket(String host, int port, int backlog)
String [] combined; String [] combined;
if(useCerts) { // combine the cipher suites if(useCerts) { // combine the cipher suites
String[] certs = ss.getEnabledCipherSuites(); String[] certs = ss.getEnabledCipherSuites();
combined = new String[certs.length + KRB5_CIPHER_SUITES.length]; combined = new String[certs.length + KRB5_CIPHER_SUITES.size()];
System.arraycopy(certs, 0, combined, 0, certs.length); System.arraycopy(certs, 0, combined, 0, certs.length);
System.arraycopy(KRB5_CIPHER_SUITES, 0, combined, certs.length, KRB5_CIPHER_SUITES.length); System.arraycopy(KRB5_CIPHER_SUITES.toArray(new String[0]), 0, combined,
certs.length, KRB5_CIPHER_SUITES.size());
} else { // Just enable Kerberos auth } else { // Just enable Kerberos auth
combined = KRB5_CIPHER_SUITES; combined = KRB5_CIPHER_SUITES.toArray(new String[0]);
} }
ss.setEnabledCipherSuites(combined); ss.setEnabledCipherSuites(combined);

4
src/java/org/apache/hadoop/security/SaslRpcServer.java
View File

@ -238,8 +238,8 @@ public void handle(Callback[] callbacks) throws InvalidToken,
} }
if (ac.isAuthorized()) { if (ac.isAuthorized()) {
if (LOG.isDebugEnabled()) { if (LOG.isDebugEnabled()) {
String username = getIdentifier(authzid, secretManager).getUser() String username =
.getUserName().toString(); getIdentifier(authzid, secretManager).getUser().getUserName();
LOG.debug("SASL server DIGEST-MD5 callback: setting " LOG.debug("SASL server DIGEST-MD5 callback: setting "
+ "canonicalized client ID: " + username); + "canonicalized client ID: " + username);
} }