You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zookeeper.apache.org by ma...@apache.org on 2011/09/27 04:06:24 UTC
svn commit: r1176159 - in /zookeeper/trunk: ./
src/java/main/org/apache/zookeeper/
src/java/main/org/apache/zookeeper/client/
src/java/test/org/apache/zookeeper/test/
Author: mahadev
Date: Tue Sep 27 02:06:24 2011
New Revision: 1176159
URL: http://svn.apache.org/viewvc?rev=1176159&view=rev
Log:
ZOOKEEPER-1185. Send AuthFailed event to client if SASL authentication fails. (Eugene Kuntz via mahadev)
Modified:
zookeeper/trunk/CHANGES.txt
zookeeper/trunk/src/java/main/org/apache/zookeeper/ClientCnxn.java
zookeeper/trunk/src/java/main/org/apache/zookeeper/client/ZooKeeperSaslClient.java
zookeeper/trunk/src/java/test/org/apache/zookeeper/test/SaslAuthFailTest.java
zookeeper/trunk/src/java/test/org/apache/zookeeper/test/SaslAuthTest.java
Modified: zookeeper/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/zookeeper/trunk/CHANGES.txt?rev=1176159&r1=1176158&r2=1176159&view=diff
==============================================================================
--- zookeeper/trunk/CHANGES.txt (original)
+++ zookeeper/trunk/CHANGES.txt Tue Sep 27 02:06:24 2011
@@ -370,6 +370,9 @@ BUGFIXES:
ZOOKEEPER-1189. For an invalid snapshot file(less than 10bytes size) RandomAccessFile
stream is leaking. (Rakesh R via mahadev)
+ ZOOKEEPER-1185. Send AuthFailed event to client if SASL authentication fails.
+ (Eugene Kuntz via mahadev)
+
IMPROVEMENTS:
ZOOKEEPER-724. Improve junit test integration - log harness information
(phunt via mahadev)
Modified: zookeeper/trunk/src/java/main/org/apache/zookeeper/ClientCnxn.java
URL: http://svn.apache.org/viewvc/zookeeper/trunk/src/java/main/org/apache/zookeeper/ClientCnxn.java?rev=1176159&r1=1176158&r2=1176159&view=diff
==============================================================================
--- zookeeper/trunk/src/java/main/org/apache/zookeeper/ClientCnxn.java (original)
+++ zookeeper/trunk/src/java/main/org/apache/zookeeper/ClientCnxn.java Tue Sep 27 02:06:24 2011
@@ -558,6 +558,12 @@ public class ClientCnxn {
SetSASLResponse rsp = (SetSASLResponse) p.response;
// TODO : check rc (== 0, etc) as with other packet types.
cb.processResult(rc,null,p.ctx,rsp.getToken(),null);
+ ClientCnxn clientCnxn = (ClientCnxn)p.ctx;
+ if ((clientCnxn == null) || (clientCnxn.zooKeeperSaslClient == null) ||
+ (clientCnxn.zooKeeperSaslClient.getSaslState() == ZooKeeperSaslClient.SaslState.FAILED)) {
+ queueEvent(new WatchedEvent(EventType.None,
+ KeeperState.AuthFailed, null));
+ }
} else if (p.response instanceof GetDataResponse) {
DataCallback cb = (DataCallback) p.cb;
GetDataResponse rsp = (GetDataResponse) p.response;
@@ -945,6 +951,9 @@ public class ClientCnxn {
+ "configuration file: '" + System.getProperty("java.security.auth.login.config")
+ "'. Will continue connection to Zookeeper server without SASL authentication, if Zookeeper "
+ "server allows it.");
+ eventThread.queueEvent(new WatchedEvent(
+ Watcher.Event.EventType.None,
+ KeeperState.AuthFailed, null));
}
}
clientCnxnSocket.connect(addr);
@@ -979,6 +988,9 @@ public class ClientCnxn {
catch (SaslException e) {
LOG.error("SASL authentication with Zookeeper Quorum member failed: " + e);
state = States.AUTH_FAILED;
+ eventThread.queueEvent(new WatchedEvent(
+ Watcher.Event.EventType.None,
+ KeeperState.AuthFailed,null));
}
if (zooKeeperSaslClient.readyToSendSaslAuthEvent()) {
eventThread.queueEvent(new WatchedEvent(
Modified: zookeeper/trunk/src/java/main/org/apache/zookeeper/client/ZooKeeperSaslClient.java
URL: http://svn.apache.org/viewvc/zookeeper/trunk/src/java/main/org/apache/zookeeper/client/ZooKeeperSaslClient.java?rev=1176159&r1=1176158&r2=1176159&view=diff
==============================================================================
--- zookeeper/trunk/src/java/main/org/apache/zookeeper/client/ZooKeeperSaslClient.java (original)
+++ zookeeper/trunk/src/java/main/org/apache/zookeeper/client/ZooKeeperSaslClient.java Tue Sep 27 02:06:24 2011
@@ -59,12 +59,16 @@ public class ZooKeeperSaslClient {
private byte[] saslToken = new byte[0];
private ClientCnxn cnxn;
- private enum SaslState {
- INITIAL,INTERMEDIATE,COMPLETE
+ public enum SaslState {
+ INITIAL,INTERMEDIATE,COMPLETE,FAILED
}
private SaslState saslState = SaslState.INITIAL;
+ public SaslState getSaslState() {
+ return saslState;
+ }
+
public ZooKeeperSaslClient(ClientCnxn cnxn, String serverPrincipal) throws LoginException {
this.cnxn = cnxn;
this.saslClient = createSaslClient(serverPrincipal);
@@ -176,8 +180,8 @@ public class ZooKeeperSaslClient {
queueSaslPacket(saslToken);
}
} catch (SaslException e) {
- // TODO sendThread should set state to AUTH_FAILED; but currently only sendThread modifies state.
LOG.error("SASL authentication failed.");
+ saslState = SaslState.FAILED;
}
}
}
@@ -265,6 +269,9 @@ public class ZooKeeperSaslClient {
}
public void initialize() throws SaslException {
+ if (saslClient == null) {
+ throw new SaslException("saslClient failed to initialize properly: it's null.");
+ }
if (saslState == SaslState.INITIAL) {
if (saslClient.hasInitialResponse()) {
queueSaslPacket();
Modified: zookeeper/trunk/src/java/test/org/apache/zookeeper/test/SaslAuthFailTest.java
URL: http://svn.apache.org/viewvc/zookeeper/trunk/src/java/test/org/apache/zookeeper/test/SaslAuthFailTest.java?rev=1176159&r1=1176158&r2=1176159&view=diff
==============================================================================
--- zookeeper/trunk/src/java/test/org/apache/zookeeper/test/SaslAuthFailTest.java (original)
+++ zookeeper/trunk/src/java/test/org/apache/zookeeper/test/SaslAuthFailTest.java Tue Sep 27 02:06:24 2011
@@ -102,6 +102,7 @@ public class SaslAuthFailTest extends Cl
public void testBadSaslAuthNotifiesWatch() throws Exception {
ZooKeeper zk = createClient();
Thread.sleep(1000);
+ Assert.assertEquals(authFailed.get(),1);
zk.close();
}
Modified: zookeeper/trunk/src/java/test/org/apache/zookeeper/test/SaslAuthTest.java
URL: http://svn.apache.org/viewvc/zookeeper/trunk/src/java/test/org/apache/zookeeper/test/SaslAuthTest.java?rev=1176159&r1=1176158&r2=1176159&view=diff
==============================================================================
--- zookeeper/trunk/src/java/test/org/apache/zookeeper/test/SaslAuthTest.java (original)
+++ zookeeper/trunk/src/java/test/org/apache/zookeeper/test/SaslAuthTest.java Tue Sep 27 02:06:24 2011
@@ -103,14 +103,6 @@ public class SaslAuthTest extends Client
}
@Test
- public void testBadSaslAuthNotifiesWatch() throws Exception {
- ZooKeeper zk = createClient();
- Thread.sleep(1000);
- zk.close();
- }
-
-
- @Test
public void testAuth() throws Exception {
ZooKeeper zk = createClient();
Thread.sleep(1000);