You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by ma...@apache.org on 2013/07/07 00:49:06 UTC
svn commit: r1500335 - in /hadoop/common/branches/branch-1.2/src: core/
core/org/apache/hadoop/fs/ core/org/apache/hadoop/ipc/
core/org/apache/hadoop/security/ test/org/apache/hadoop/ipc/
Author: mattf
Date: Sat Jul 6 22:49:05 2013
New Revision: 1500335
URL: http://svn.apache.org/r1500335
Log:
Fix up a little test failure. Contributed by atm.
Modified:
hadoop/common/branches/branch-1.2/src/core/core-default.xml
hadoop/common/branches/branch-1.2/src/core/org/apache/hadoop/fs/CommonConfigurationKeys.java
hadoop/common/branches/branch-1.2/src/core/org/apache/hadoop/ipc/Client.java
hadoop/common/branches/branch-1.2/src/core/org/apache/hadoop/security/SaslRpcClient.java
hadoop/common/branches/branch-1.2/src/test/org/apache/hadoop/ipc/TestSaslRPC.java
Modified: hadoop/common/branches/branch-1.2/src/core/core-default.xml
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.2/src/core/core-default.xml?rev=1500335&r1=1500334&r2=1500335&view=diff
==============================================================================
--- hadoop/common/branches/branch-1.2/src/core/core-default.xml (original)
+++ hadoop/common/branches/branch-1.2/src/core/core-default.xml Sat Jul 6 22:49:05 2013
@@ -616,5 +616,17 @@
</description>
</property>
+<property>
+ <name>ipc.client.fallback-to-simple-auth-allowed</name>
+ <value>false</value>
+ <description>
+ When a client is configured to attempt a secure connection, but attempts to
+ connect to an insecure server, that server may instruct the client to
+ switch to SASL SIMPLE (unsecure) authentication. This setting controls
+ whether or not the client will accept this instruction from the server.
+ When false (the default), the client will not allow the fallback to SIMPLE
+ authentication, and will abort the connection.
+ </description>
+</property>
</configuration>
Modified: hadoop/common/branches/branch-1.2/src/core/org/apache/hadoop/fs/CommonConfigurationKeys.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.2/src/core/org/apache/hadoop/fs/CommonConfigurationKeys.java?rev=1500335&r1=1500334&r2=1500335&view=diff
==============================================================================
--- hadoop/common/branches/branch-1.2/src/core/org/apache/hadoop/fs/CommonConfigurationKeys.java (original)
+++ hadoop/common/branches/branch-1.2/src/core/org/apache/hadoop/fs/CommonConfigurationKeys.java Sat Jul 6 22:49:05 2013
@@ -87,5 +87,8 @@ public class CommonConfigurationKeys {
"hadoop.jetty.logs.serve.aliases";
public static final boolean DEFAULT_HADOOP_JETTY_LOGS_SERVE_ALIASES =
true;
+
+ public static final String IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_KEY = "ipc.client.fallback-to-simple-auth-allowed";
+ public static final boolean IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_DEFAULT = false;
}
Modified: hadoop/common/branches/branch-1.2/src/core/org/apache/hadoop/ipc/Client.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.2/src/core/org/apache/hadoop/ipc/Client.java?rev=1500335&r1=1500334&r2=1500335&view=diff
==============================================================================
--- hadoop/common/branches/branch-1.2/src/core/org/apache/hadoop/ipc/Client.java (original)
+++ hadoop/common/branches/branch-1.2/src/core/org/apache/hadoop/ipc/Client.java Sat Jul 6 22:49:05 2013
@@ -47,6 +47,7 @@ import javax.net.SocketFactory;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.apache.hadoop.io.DataOutputBuffer;
import org.apache.hadoop.io.IOUtils;
import org.apache.hadoop.io.Writable;
@@ -87,6 +88,8 @@ public class Client {
private SocketFactory socketFactory; // how to create sockets
private int refCount = 1;
+
+ private final boolean fallbackAllowed;
final private static String PING_INTERVAL_NAME = "ipc.ping.interval";
final static int DEFAULT_PING_INTERVAL = 60000; // 1 min
@@ -396,7 +399,8 @@ public class Client {
private synchronized boolean setupSaslConnection(final InputStream in2,
final OutputStream out2)
throws IOException {
- saslRpcClient = new SaslRpcClient(authMethod, token, serverPrincipal);
+ saslRpcClient = new SaslRpcClient(authMethod, token, serverPrincipal,
+ fallbackAllowed);
return saslRpcClient.saslConnect(in2, out2);
}
@@ -971,6 +975,8 @@ public class Client {
this.valueClass = valueClass;
this.conf = conf;
this.socketFactory = factory;
+ this.fallbackAllowed = conf.getBoolean(CommonConfigurationKeys.IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_KEY,
+ CommonConfigurationKeys.IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_DEFAULT);
}
/**
Modified: hadoop/common/branches/branch-1.2/src/core/org/apache/hadoop/security/SaslRpcClient.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.2/src/core/org/apache/hadoop/security/SaslRpcClient.java?rev=1500335&r1=1500334&r2=1500335&view=diff
==============================================================================
--- hadoop/common/branches/branch-1.2/src/core/org/apache/hadoop/security/SaslRpcClient.java (original)
+++ hadoop/common/branches/branch-1.2/src/core/org/apache/hadoop/security/SaslRpcClient.java Sat Jul 6 22:49:05 2013
@@ -53,6 +53,7 @@ public class SaslRpcClient {
public static final Log LOG = LogFactory.getLog(SaslRpcClient.class);
private final SaslClient saslClient;
+ private final boolean fallbackAllowed;
/**
* Create a SaslRpcClient for an authentication method
@@ -63,8 +64,10 @@ public class SaslRpcClient {
* token to use if needed by the authentication method
*/
public SaslRpcClient(AuthMethod method,
- Token<? extends TokenIdentifier> token, String serverPrincipal)
+ Token<? extends TokenIdentifier> token, String serverPrincipal,
+ boolean fallbackAllowed)
throws IOException {
+ this.fallbackAllowed = fallbackAllowed;
switch (method) {
case DIGEST:
if (LOG.isDebugEnabled())
@@ -144,6 +147,11 @@ public class SaslRpcClient {
readStatus(inStream);
int len = inStream.readInt();
if (len == SaslRpcServer.SWITCH_TO_SIMPLE_AUTH) {
+ if (!fallbackAllowed) {
+ throw new IOException("Server asks us to fall back to SIMPLE " +
+ "auth, but this client is configured to only allow secure " +
+ "connections.");
+ }
if (LOG.isDebugEnabled())
LOG.debug("Server asks us to fall back to simple auth.");
saslClient.dispose();
Modified: hadoop/common/branches/branch-1.2/src/test/org/apache/hadoop/ipc/TestSaslRPC.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.2/src/test/org/apache/hadoop/ipc/TestSaslRPC.java?rev=1500335&r1=1500334&r2=1500335&view=diff
==============================================================================
--- hadoop/common/branches/branch-1.2/src/test/org/apache/hadoop/ipc/TestSaslRPC.java (original)
+++ hadoop/common/branches/branch-1.2/src/test/org/apache/hadoop/ipc/TestSaslRPC.java Sat Jul 6 22:49:05 2013
@@ -19,6 +19,7 @@
package org.apache.hadoop.ipc;
import static org.apache.hadoop.fs.CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION;
+import static org.apache.hadoop.fs.CommonConfigurationKeys.IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_KEY;
import static org.junit.Assert.*;
import java.io.DataInput;
@@ -74,6 +75,9 @@ public class TestSaslRPC {
static {
conf = new Configuration();
conf.set(HADOOP_SECURITY_AUTHENTICATION, "kerberos");
+ conf.setBoolean(
+ IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_KEY,
+ true);
UserGroupInformation.setConfiguration(conf);
}