You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by anmolnar <gi...@git.apache.org> on 2018/10/01 13:45:18 UTC
[GitHub] zookeeper pull request #648: ZOOKEEPER-3156: Add in option to canonicalize h...
Github user anmolnar commented on a diff in the pull request:
https://github.com/apache/zookeeper/pull/648#discussion_r221613169
--- Diff: src/java/main/org/apache/zookeeper/ClientCnxn.java ---
@@ -997,12 +999,31 @@ private void startConnect(InetSocketAddress addr) throws IOException {
setName(getName().replaceAll("\\(.*\\)",
"(" + addr.getHostName() + ":" + addr.getPort() + ")"));
if (ZooKeeperSaslClient.isEnabled()) {
+ String hostName = addr.getHostName();
+
+ boolean canonicalize = true;
+ try {
+ canonicalize = Boolean.parseBoolean(System.getProperty(ZK_SASL_CLIENT_CANONICALIZE_HOSTNAME, "true"));
+ } catch (IllegalArgumentException ea) {
+ //ignored ...
+ }
+
+ if (canonicalize) {
+ InetAddress ia = addr.getAddress();
+ if (ia == null) {
+ throw new IllegalArgumentException("Connection address should have already been resolved by the HostProvider.");
+ }
+ //Update the actual address so we are
+ hostName = ia.getCanonicalHostName();
--- End diff --
You might want to do the following:
```java
String canonicalHostName = ia.getCanonicalHostName();
if (!canonicalHostName.equals(ia.getHostAddress())) {
hostName = canonicalHostName;
}
```
In order to avoid using literal IP address when security check fails.
---