You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by ki...@apache.org on 2013/08/08 17:05:20 UTC
svn commit: r1511824 - in
/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common:
CHANGES.txt src/main/java/org/apache/hadoop/ipc/Client.java
src/main/java/org/apache/hadoop/security/SaslRpcClient.java
Author: kihwal
Date: Thu Aug 8 15:05:20 2013
New Revision: 1511824
URL: http://svn.apache.org/r1511824
Log:
svn merge -c 1511823 from trunk to branch-2 to FIX HADOOP-9850. RPC kerberos errors don't trigger relogin.
Modified:
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java
Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1511824&r1=1511823&r2=1511824&view=diff
==============================================================================
--- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt (original)
+++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt Thu Aug 8 15:05:20 2013
@@ -432,6 +432,8 @@ Release 2.1.0-beta - 2013-08-06
HADOOP-9816. RPC Sasl QOP is broken (daryn)
+ HADOOP-9850. RPC kerberos errors don't trigger relogin. (daryn via kihwal)
+
BREAKDOWN OF HADOOP-8562 SUBTASKS AND RELATED JIRAS
HADOOP-8924. Hadoop Common creating package-info.java must not depend on
Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java?rev=1511824&r1=1511823&r2=1511824&view=diff
==============================================================================
--- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java (original)
+++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java Thu Aug 8 15:05:20 2013
@@ -713,6 +713,7 @@ public class Client {
}
});
} catch (Exception ex) {
+ authMethod = saslRpcClient.getAuthMethod();
if (rand == null) {
rand = new Random();
}
Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java?rev=1511824&r1=1511823&r2=1511824&view=diff
==============================================================================
--- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java (original)
+++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java Thu Aug 8 15:05:20 2013
@@ -83,6 +83,7 @@ public class SaslRpcClient {
private final Configuration conf;
private SaslClient saslClient;
+ private AuthMethod authMethod;
private static final RpcRequestHeaderProto saslHeader = ProtoUtil
.makeRpcRequestHeader(RpcKind.RPC_PROTOCOL_BUFFER,
@@ -113,6 +114,18 @@ public class SaslRpcClient {
return (saslClient != null) ? saslClient.getNegotiatedProperty(key) : null;
}
+
+ // the RPC Client has an inelegant way of handling expiration of TGTs
+ // acquired via a keytab. any connection failure causes a relogin, so
+ // the Client needs to know what authMethod was being attempted if an
+ // exception occurs. the SASL prep for a kerberos connection should
+ // ideally relogin if necessary instead of exposing this detail to the
+ // Client
+ @InterfaceAudience.Private
+ public AuthMethod getAuthMethod() {
+ return authMethod;
+ }
+
/**
* Instantiate a sasl client for the first supported auth type in the
* given list. The auth type must be defined, enabled, and the user
@@ -319,8 +332,9 @@ public class SaslRpcClient {
DataOutputStream outStream = new DataOutputStream(new BufferedOutputStream(
outS));
- // redefined if/when a SASL negotiation completes
- AuthMethod authMethod = AuthMethod.SIMPLE;
+ // redefined if/when a SASL negotiation starts, can be queried if the
+ // negotiation fails
+ authMethod = AuthMethod.SIMPLE;
sendSaslMessage(outStream, negotiateRequest);
@@ -357,6 +371,7 @@ public class SaslRpcClient {
case NEGOTIATE: {
// create a compatible SASL client, throws if no supported auths
SaslAuth saslAuthType = selectSaslClient(saslMessage.getAuthsList());
+ // define auth being attempted, caller can query if connect fails
authMethod = AuthMethod.valueOf(saslAuthType.getMethod());
byte[] responseToken = null;