You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by st...@apache.org on 2012/04/08 01:17:46 UTC

svn commit: r1310916 - in /hbase/branches/0.92: CHANGES.txt security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java

Author: stack
Date: Sat Apr  7 23:17:45 2012
New Revision: 1310916

URL: http://svn.apache.org/viewvc?rev=1310916&view=rev
Log:
HBASE-5735 Clearer warning message when connecting a non-secure HBase client to a secure HBase server

Modified:
    hbase/branches/0.92/CHANGES.txt
    hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java

Modified: hbase/branches/0.92/CHANGES.txt
URL: http://svn.apache.org/viewvc/hbase/branches/0.92/CHANGES.txt?rev=1310916&r1=1310915&r2=1310916&view=diff
==============================================================================
--- hbase/branches/0.92/CHANGES.txt (original)
+++ hbase/branches/0.92/CHANGES.txt Sat Apr  7 23:17:45 2012
@@ -28,6 +28,8 @@ Release 0.92.2 - Unreleased
    HBASE-5724  Row cache of KeyValue should be cleared in readFields().
                (Teruyoshi Zenmyo)
    HBASE-5680  Improve compatibilty warning about HBase with Hadoop 0.23.x
+   HBASE-5735  Clearer warning message when connecting a non-secure HBase client to a
+               secure HBase server (Shaneal Manek)
 
   IMPROVEMENTS
    HBASE-5592  Make it easier to get a table from shell (Ben West)

Modified: hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java
URL: http://svn.apache.org/viewvc/hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java?rev=1310916&r1=1310915&r2=1310916&view=diff
==============================================================================
--- hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java (original)
+++ hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java Sat Apr  7 23:17:45 2012
@@ -47,6 +47,8 @@ import org.apache.hadoop.security.token.
 import org.apache.hadoop.util.ReflectionUtils;
 import org.apache.hadoop.util.StringUtils;
 
+import com.google.common.collect.ImmutableSet;
+
 import javax.security.sasl.Sasl;
 import javax.security.sasl.SaslException;
 import javax.security.sasl.SaslServer;
@@ -83,6 +85,7 @@ public abstract class SecureServer exten
   // 3 : Introduce the protocol into the RPC connection header
   // 4 : Introduced SASL security layer
   public static final byte CURRENT_VERSION = 4;
+  public static final Set<Byte> INSECURE_VERSIONS = ImmutableSet.of((byte) 3);
 
   public static final Log LOG = LogFactory.getLog("org.apache.hadoop.ipc.SecureServer");
   private static final Log AUDITLOG =
@@ -400,10 +403,17 @@ public abstract class SecureServer exten
           dataLengthBuffer.flip();
           if (!HEADER.equals(dataLengthBuffer) || version != CURRENT_VERSION) {
             //Warning is ok since this is not supposed to happen.
-            LOG.warn("Incorrect header or version mismatch from " +
-                     hostAddress + ":" + remotePort +
-                     " got version " + version +
-                     " expected version " + CURRENT_VERSION);
+            if (INSECURE_VERSIONS.contains(version)) {
+              LOG.warn("An insecure client (version '" + version + "') is attempting to connect " +
+                  " to this version '" + CURRENT_VERSION + "' secure server from " +
+                  hostAddress + ":" + remotePort);
+            } else {
+              LOG.warn("Incorrect header or version mismatch from " +
+                  hostAddress + ":" + remotePort +
+                  " got version " + version +
+                  " expected version " + CURRENT_VERSION);              
+            }
+            
             return -1;
           }
           dataLengthBuffer.clear();