From 86e833858c543f2d5d9b6e39538937501fc1f368 Mon Sep 17 00:00:00 2001 From: Jakob Homan Date: Thu, 8 Jul 2010 20:02:29 +0000 Subject: [PATCH] HADOOP-6853. Common component of HDFS-1045. git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@961911 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES.txt | 2 + .../hadoop/security/UserGroupInformation.java | 40 ++++++++++++++++++- 2 files changed, 41 insertions(+), 1 deletion(-) diff --git a/CHANGES.txt b/CHANGES.txt index 9babc8a08a..7b34350a98 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -16,6 +16,8 @@ Trunk (unreleased changes) HADOOP-6584. Provide Kerberized SSL encryption for webservices. (jghoman and Kan Zhang via jghoman) + HADOOP-6853. Common component of HDFS-1045. (jghoman) + IMPROVEMENTS HADOOP-6644. util.Shell getGROUPS_FOR_USER_COMMAND method name diff --git a/src/java/org/apache/hadoop/security/UserGroupInformation.java b/src/java/org/apache/hadoop/security/UserGroupInformation.java index 03be53476e..50b6641eed 100644 --- a/src/java/org/apache/hadoop/security/UserGroupInformation.java +++ b/src/java/org/apache/hadoop/security/UserGroupInformation.java @@ -50,7 +50,6 @@ import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.security.SaslRpcServer.AuthMethod; import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.TokenIdentifier; @@ -486,6 +485,45 @@ public synchronized void reloginFromKeytab() } } + /** + * Log a user in from a keytab file. Loads a user identity from a keytab + * file and login them in. This new user does not affect the currently + * logged-in user. + * @param user the principal name to load from the keytab + * @param path the path to the keytab file + * @throws IOException if the keytab file can't be read + */ + public synchronized + static UserGroupInformation loginUserFromKeytabAndReturnUGI(String user, + String path + ) throws IOException { + if (!isSecurityEnabled()) + return UserGroupInformation.getCurrentUser(); + String oldKeytabFile = null; + String oldKeytabPrincipal = null; + + try { + oldKeytabFile = keytabFile; + oldKeytabPrincipal = keytabPrincipal; + keytabFile = path; + keytabPrincipal = user; + Subject subject = new Subject(); + LoginContext login = + new LoginContext(HadoopConfiguration.KEYTAB_KERBEROS_CONFIG_NAME, subject); + + login.login(); + UserGroupInformation newLoginUser = new UserGroupInformation(subject); + newLoginUser.setLogin(login); + + return newLoginUser; + } catch (LoginException le) { + throw new IOException("Login failure for " + user + " from keytab " + + path, le); + } finally { + if(oldKeytabFile != null) keytabFile = oldKeytabFile; + if(oldKeytabPrincipal != null) keytabPrincipal = oldKeytabPrincipal; + } + } public synchronized static boolean isLoginKeytabBased() { return keytabFile != null;