You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by sh...@apache.org on 2013/07/30 20:10:51 UTC
svn commit: r1508564 - in
/hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src:
main/java/org/apache/hadoop/fs/ main/java/org/apache/hadoop/ipc/
main/java/org/apache/hadoop/security/ main/resources/
test/java/org/apache/ha...
Author: shv
Date: Tue Jul 30 18:10:51 2013
New Revision: 1508564
URL: http://svn.apache.org/r1508564
Log:
Clean up an IPC error message. Contributed by Aaron T. Myers.
Modified:
hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeys.java
hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java
hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java
hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/TestSaslRPC.java
Modified: hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeys.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeys.java?rev=1508564&r1=1508563&r2=1508564&view=diff
==============================================================================
--- hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeys.java (original)
+++ hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeys.java Tue Jul 30 18:10:51 2013
@@ -202,5 +202,8 @@ public class CommonConfigurationKeys ext
public static final long HADOOP_SECURITY_UID_NAME_CACHE_TIMEOUT_DEFAULT =
4*60*60; // 4 hours
+
+ public static final String IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_KEY = "ipc.client.fallback-to-simple-auth-allowed";
+ public static final boolean IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_DEFAULT = false;
}
Modified: hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java?rev=1508564&r1=1508563&r2=1508564&view=diff
==============================================================================
--- hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java (original)
+++ hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java Tue Jul 30 18:10:51 2013
@@ -108,6 +108,8 @@ public class Client {
private int refCount = 1;
private final int connectionTimeout;
+
+ private final boolean fallbackAllowed;
final static int PING_CALL_ID = -1;
@@ -452,7 +454,8 @@ public class Client {
private synchronized boolean setupSaslConnection(final InputStream in2,
final OutputStream out2)
throws IOException {
- saslRpcClient = new SaslRpcClient(authMethod, token, serverPrincipal);
+ saslRpcClient = new SaslRpcClient(authMethod, token, serverPrincipal,
+ fallbackAllowed);
return saslRpcClient.saslConnect(in2, out2);
}
@@ -1045,6 +1048,8 @@ public class Client {
this.socketFactory = factory;
this.connectionTimeout = conf.getInt(CommonConfigurationKeys.IPC_CLIENT_CONNECT_TIMEOUT_KEY,
CommonConfigurationKeys.IPC_CLIENT_CONNECT_TIMEOUT_DEFAULT);
+ this.fallbackAllowed = conf.getBoolean(CommonConfigurationKeys.IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_KEY,
+ CommonConfigurationKeys.IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_DEFAULT);
}
/**
Modified: hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java?rev=1508564&r1=1508563&r2=1508564&view=diff
==============================================================================
--- hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java (original)
+++ hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java Tue Jul 30 18:10:51 2013
@@ -59,6 +59,7 @@ public class SaslRpcClient {
public static final Log LOG = LogFactory.getLog(SaslRpcClient.class);
private final SaslClient saslClient;
+ private final boolean fallbackAllowed;
/**
* Create a SaslRpcClient for an authentication method
@@ -69,8 +70,10 @@ public class SaslRpcClient {
* token to use if needed by the authentication method
*/
public SaslRpcClient(AuthMethod method,
- Token<? extends TokenIdentifier> token, String serverPrincipal)
+ Token<? extends TokenIdentifier> token, String serverPrincipal,
+ boolean fallbackAllowed)
throws IOException {
+ this.fallbackAllowed = fallbackAllowed;
String saslUser = null;
String saslProtocol = null;
String saslServerName = null;
@@ -155,6 +158,11 @@ public class SaslRpcClient {
readStatus(inStream);
int len = inStream.readInt();
if (len == SaslRpcServer.SWITCH_TO_SIMPLE_AUTH) {
+ if (!fallbackAllowed) {
+ throw new IOException("Server asks us to fall back to SIMPLE " +
+ "auth, but this client is configured to only allow secure " +
+ "connections.");
+ }
if (LOG.isDebugEnabled())
LOG.debug("Server asks us to fall back to simple auth.");
saslClient.dispose();
Modified: hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml?rev=1508564&r1=1508563&r2=1508564&view=diff
==============================================================================
--- hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml (original)
+++ hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml Tue Jul 30 18:10:51 2013
@@ -1208,4 +1208,17 @@
</description>
</property>
+<property>
+ <name>ipc.client.fallback-to-simple-auth-allowed</name>
+ <value>false</value>
+ <description>
+ When a client is configured to attempt a secure connection, but attempts to
+ connect to an insecure server, that server may instruct the client to
+ switch to SASL SIMPLE (unsecure) authentication. This setting controls
+ whether or not the client will accept this instruction from the server.
+ When false (the default), the client will not allow the fallback to SIMPLE
+ authentication, and will abort the connection.
+ </description>
+</property>
+
</configuration>
Modified: hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/TestSaslRPC.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/TestSaslRPC.java?rev=1508564&r1=1508563&r2=1508564&view=diff
==============================================================================
--- hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/TestSaslRPC.java (original)
+++ hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/TestSaslRPC.java Tue Jul 30 18:10:51 2013
@@ -727,6 +727,9 @@ public class TestSaslRPC {
final Configuration clientConf = new Configuration(conf);
SecurityUtil.setAuthenticationMethod(clientAuth, clientConf);
UserGroupInformation.setConfiguration(clientConf);
+ clientConf.setBoolean(
+ CommonConfigurationKeys.IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_KEY,
+ true);
final UserGroupInformation clientUgi =
UserGroupInformation.createRemoteUser(currentUser + "-CLIENT");