You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Daryn Sharp (JIRA)" <ji...@apache.org> on 2012/11/06 00:14:12 UTC
[jira] [Updated] (HADOOP-9012) IPC Client sends wrong connection
context
[ https://issues.apache.org/jira/browse/HADOOP-9012?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Daryn Sharp updated HADOOP-9012:
--------------------------------
Attachment: HADOOP-9012.patch
The connection context is built from the ugi based on the initial auth type. The users contained in the context are specific to the auth type.
The connection negotiation occurs which may switch the client to another auth (ex. simple). The current code attempts to rebuild the connection context from the pre-existing context - which may not even contain the correct users. Ex. A kerberos context only contains the effective user, and a token context contains no users. A simple auth needs both effective and real user. As a result, the doAs context in the RPC server may be wrong.
This patch simply builds the context after the connection is established, and always from the connection's original ugi.
> IPC Client sends wrong connection context
> -----------------------------------------
>
> Key: HADOOP-9012
> URL: https://issues.apache.org/jira/browse/HADOOP-9012
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: ipc
> Affects Versions: 3.0.0, 2.0.3-alpha
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
> Attachments: HADOOP-9012.patch
>
>
> The IPC client will send the wrong connection context when asked to switch to simple auth.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira