You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by ki...@apache.org on 2016/08/02 15:45:22 UTC
hadoop git commit: HADOOP-13429. Dispose of unnecessary SASL servers.
Contributed by Daryn Sharp.
Repository: hadoop
Updated Branches:
refs/heads/trunk 7fc70c642 -> b3018e73c
HADOOP-13429. Dispose of unnecessary SASL servers. Contributed by Daryn Sharp.
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/b3018e73
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/b3018e73
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/b3018e73
Branch: refs/heads/trunk
Commit: b3018e73ccae43484d9cb85eabae814eb7f050a6
Parents: 7fc70c6
Author: Kihwal Lee <ki...@apache.org>
Authored: Tue Aug 2 10:40:28 2016 -0500
Committer: Kihwal Lee <ki...@apache.org>
Committed: Tue Aug 2 10:40:28 2016 -0500
----------------------------------------------------------------------
.../src/main/java/org/apache/hadoop/ipc/Server.java | 13 +++++++++----
.../test/java/org/apache/hadoop/ipc/TestSaslRPC.java | 12 +++++++++++-
2 files changed, 20 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hadoop/blob/b3018e73/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java
index 405549a..80eea84 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java
@@ -1598,7 +1598,10 @@ public abstract class Server {
String qop = (String) saslServer.getNegotiatedProperty(Sasl.QOP);
// SASL wrapping is only used if the connection has a QOP, and
// the value is not auth. ex. auth-int & auth-priv
- useWrap = (qop != null && !"auth".equalsIgnoreCase(qop));
+ useWrap = (qop != null && !"auth".equalsIgnoreCase(qop));
+ if (!useWrap) {
+ disposeSasl();
+ }
}
}
@@ -1692,9 +1695,9 @@ public abstract class Server {
private void switchToSimple() {
// disable SASL and blank out any SASL server
authProtocol = AuthProtocol.NONE;
- saslServer = null;
+ disposeSasl();
}
-
+
private RpcSaslProto buildSaslResponse(SaslState state, byte[] replyToken) {
if (LOG.isDebugEnabled()) {
LOG.debug("Will send " + state + " token of size "
@@ -1731,6 +1734,8 @@ public abstract class Server {
try {
saslServer.dispose();
} catch (SaslException ignored) {
+ } finally {
+ saslServer = null;
}
}
}
@@ -1980,7 +1985,7 @@ public abstract class Server {
.getProtocol() : null;
UserGroupInformation protocolUser = ProtoUtil.getUgi(connectionContext);
- if (saslServer == null) {
+ if (authProtocol == AuthProtocol.NONE) {
user = protocolUser;
} else {
// user is authenticated
http://git-wip-us.apache.org/repos/asf/hadoop/blob/b3018e73/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/TestSaslRPC.java
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/TestSaslRPC.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/TestSaslRPC.java
index ec53e8c..72371a7 100644
--- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/TestSaslRPC.java
+++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/TestSaslRPC.java
@@ -28,6 +28,7 @@ import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.ipc.Client.ConnectionId;
+import org.apache.hadoop.ipc.Server.Connection;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.*;
import org.apache.hadoop.security.SaslRpcServer.AuthMethod;
@@ -270,7 +271,16 @@ public class TestSaslRPC extends TestRpcBase {
assertEquals(TOKEN, authMethod);
//QOP must be auth
assertEquals(expectedQop.saslQop,
- RPC.getConnectionIdForProxy(proxy).getSaslQop());
+ RPC.getConnectionIdForProxy(proxy).getSaslQop());
+ int n = 0;
+ for (Connection connection : server.getConnections()) {
+ // only qop auth should dispose of the sasl server
+ boolean hasServer = (connection.saslServer != null);
+ assertTrue("qop:" + expectedQop + " hasServer:" + hasServer,
+ (expectedQop == QualityOfProtection.AUTHENTICATION) ^ hasServer);
+ n++;
+ }
+ assertTrue(n > 0);
proxy.ping(null, newEmptyRequest());
} finally {
stop(server, proxy);
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org