You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by Eugene Koontz <ek...@hiro-tan.org> on 2012/06/22 02:37:56 UTC
Review Request: Client uses session before SASL authentication complete
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/5505/
-----------------------------------------------------------
Review request for zookeeper, Patrick Hunt and Andrew Purtell.
Description
-------
This patch causes SASL packets to be sent immediately, rather than queued as other packets are. This adds some complexity to the generation of Xids to ensure that Xids are generated in-order by the client (that is, that outgoing packets are sent with sequentially increasing Xids, whether sent immediately (SASL packets) or queued (non-SASL packets). Another consideration to keep in mind is that the first packet that the client sends is not a SASL packet but rather a priming packet - without this packet being sent, the Zookeeper server will not send a SASL packet to the client, and the SASL mutual negotiation cannot proceed.
This addresses bug ZOOKEEPER-1437.
https://issues.apache.org/jira/browse/ZOOKEEPER-1437
Diffs
-----
src/java/main/org/apache/zookeeper/ClientCnxn.java 5ec782e
src/java/main/org/apache/zookeeper/ClientCnxnSocket.java 269f8e8
src/java/main/org/apache/zookeeper/ClientCnxnSocketNIO.java 87a5fe5
src/java/main/org/apache/zookeeper/client/ZooKeeperSaslClient.java 18f18e3
src/java/test/org/apache/zookeeper/test/SaslAuthDesignatedClientTest.java 3cad987
src/java/test/org/apache/zookeeper/test/SaslAuthFailDesignatedClientTest.java f9f0e72
src/java/test/org/apache/zookeeper/test/SaslAuthFailTest.java 79f0b50
src/java/test/org/apache/zookeeper/test/SaslAuthMissingClientConfigTest.java 8642155
src/java/test/org/apache/zookeeper/test/SaslAuthTest.java 3995586
Diff: https://reviews.apache.org/r/5505/diff/
Testing
-------
All unit tests pass.
Also tested with HBase with Kerberos authentication enabled on Zookeeper server and 3 clients (HBase master, regionserver, and client).
Thanks,
Eugene Koontz
Re: Review Request: Client uses session before SASL authentication complete
Posted by Eugene Koontz <ek...@hiro-tan.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/5505/
-----------------------------------------------------------
(Updated June 22, 2012, 12:40 a.m.)
Review request for zookeeper, Patrick Hunt and Andrew Purtell.
Changes
-------
Patch from JIRA: https://issues.apache.org/jira/secure/attachment/12532975/ZOOKEEPER-1437.patch
Description
-------
This patch causes SASL packets to be sent immediately, rather than queued as other packets are. This adds some complexity to the generation of Xids to ensure that Xids are generated in-order by the client (that is, that outgoing packets are sent with sequentially increasing Xids, whether sent immediately (SASL packets) or queued (non-SASL packets). Another consideration to keep in mind is that the first packet that the client sends is not a SASL packet but rather a priming packet - without this packet being sent, the Zookeeper server will not send a SASL packet to the client, and the SASL mutual negotiation cannot proceed.
This addresses bug ZOOKEEPER-1437.
https://issues.apache.org/jira/browse/ZOOKEEPER-1437
Diffs (updated)
-----
src/java/main/org/apache/zookeeper/ClientCnxn.java 5ec782e
src/java/main/org/apache/zookeeper/ClientCnxnSocket.java 269f8e8
src/java/main/org/apache/zookeeper/ClientCnxnSocketNIO.java 87a5fe5
src/java/main/org/apache/zookeeper/client/ZooKeeperSaslClient.java 18f18e3
src/java/test/org/apache/zookeeper/test/SaslAuthDesignatedClientTest.java 3cad987
src/java/test/org/apache/zookeeper/test/SaslAuthFailDesignatedClientTest.java f9f0e72
src/java/test/org/apache/zookeeper/test/SaslAuthFailTest.java 79f0b50
src/java/test/org/apache/zookeeper/test/SaslAuthMissingClientConfigTest.java 8642155
src/java/test/org/apache/zookeeper/test/SaslAuthTest.java 3995586
Diff: https://reviews.apache.org/r/5505/diff/
Testing
-------
All unit tests pass.
Also tested with HBase with Kerberos authentication enabled on Zookeeper server and 3 clients (HBase master, regionserver, and client).
Thanks,
Eugene Koontz