hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject svn commit: r1494710 - in /hadoop/common/branches/branch-2.1-beta/hadoop-common-project/hadoop-common/src/main: java/org/apache/hadoop/fs/ java/org/apache/hadoop/ipc/ java/org/apache/hadoop/security/ resources/
Date Wed, 19 Jun 2013 17:48:00 GMT
Author: atm
Date: Wed Jun 19 17:48:00 2013
New Revision: 1494710

URL: http://svn.apache.org/r1494710
Log:
Clean up an IPC error message. Contributed by Aaron T. Myers.

Modified:
    hadoop/common/branches/branch-2.1-beta/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeys.java
    hadoop/common/branches/branch-2.1-beta/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java
    hadoop/common/branches/branch-2.1-beta/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java
    hadoop/common/branches/branch-2.1-beta/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml

Modified: hadoop/common/branches/branch-2.1-beta/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeys.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2.1-beta/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeys.java?rev=1494710&r1=1494709&r2=1494710&view=diff
==============================================================================
--- hadoop/common/branches/branch-2.1-beta/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeys.java
(original)
+++ hadoop/common/branches/branch-2.1-beta/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeys.java
Wed Jun 19 17:48:00 2013
@@ -202,5 +202,8 @@ public class CommonConfigurationKeys ext
 
   public static final long HADOOP_SECURITY_UID_NAME_CACHE_TIMEOUT_DEFAULT =
     4*60*60; // 4 hours
+  
+  public static final String  IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_KEY = "ipc.client.fallback-to-simple-auth-allowed";
+  public static final boolean IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_DEFAULT = false;
 
 }

Modified: hadoop/common/branches/branch-2.1-beta/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2.1-beta/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java?rev=1494710&r1=1494709&r2=1494710&view=diff
==============================================================================
--- hadoop/common/branches/branch-2.1-beta/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java
(original)
+++ hadoop/common/branches/branch-2.1-beta/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java
Wed Jun 19 17:48:00 2013
@@ -108,6 +108,8 @@ public class Client {
   private int refCount = 1;
 
   private final int connectionTimeout;
+
+  private final boolean fallbackAllowed;
   
   final static int PING_CALL_ID = -1;
   
@@ -454,7 +456,8 @@ public class Client {
     private synchronized boolean setupSaslConnection(final InputStream in2, 
         final OutputStream out2) 
         throws IOException {
-      saslRpcClient = new SaslRpcClient(authMethod, token, serverPrincipal);
+      saslRpcClient = new SaslRpcClient(authMethod, token, serverPrincipal,
+          fallbackAllowed);
       return saslRpcClient.saslConnect(in2, out2);
     }
 
@@ -1076,6 +1079,8 @@ public class Client {
     this.socketFactory = factory;
     this.connectionTimeout = conf.getInt(CommonConfigurationKeys.IPC_CLIENT_CONNECT_TIMEOUT_KEY,
         CommonConfigurationKeys.IPC_CLIENT_CONNECT_TIMEOUT_DEFAULT);
+    this.fallbackAllowed = conf.getBoolean(CommonConfigurationKeys.IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_KEY,
+        CommonConfigurationKeys.IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_DEFAULT);
   }
 
   /**

Modified: hadoop/common/branches/branch-2.1-beta/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2.1-beta/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java?rev=1494710&r1=1494709&r2=1494710&view=diff
==============================================================================
--- hadoop/common/branches/branch-2.1-beta/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java
(original)
+++ hadoop/common/branches/branch-2.1-beta/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java
Wed Jun 19 17:48:00 2013
@@ -59,6 +59,7 @@ public class SaslRpcClient {
   public static final Log LOG = LogFactory.getLog(SaslRpcClient.class);
 
   private final SaslClient saslClient;
+  private final boolean fallbackAllowed;
 
   /**
    * Create a SaslRpcClient for an authentication method
@@ -69,8 +70,10 @@ public class SaslRpcClient {
    *          token to use if needed by the authentication method
    */
   public SaslRpcClient(AuthMethod method,
-      Token<? extends TokenIdentifier> token, String serverPrincipal)
+      Token<? extends TokenIdentifier> token, String serverPrincipal,
+      boolean fallbackAllowed)
       throws IOException {
+    this.fallbackAllowed = fallbackAllowed;
     String saslUser = null;
     String saslProtocol = null;
     String saslServerName = null;
@@ -155,6 +158,11 @@ public class SaslRpcClient {
         readStatus(inStream);
         int len = inStream.readInt();
         if (len == SaslRpcServer.SWITCH_TO_SIMPLE_AUTH) {
+          if (!fallbackAllowed) {
+            throw new IOException("Server asks us to fall back to SIMPLE " +
+                "auth, but this client is configured to only allow secure " +
+                "connections.");
+          }
           if (LOG.isDebugEnabled())
             LOG.debug("Server asks us to fall back to simple auth.");
           saslClient.dispose();

Modified: hadoop/common/branches/branch-2.1-beta/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2.1-beta/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml?rev=1494710&r1=1494709&r2=1494710&view=diff
==============================================================================
--- hadoop/common/branches/branch-2.1-beta/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
(original)
+++ hadoop/common/branches/branch-2.1-beta/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
Wed Jun 19 17:48:00 2013
@@ -1189,4 +1189,17 @@
   </description>
 </property>
 
+<property>
+  <name>ipc.client.fallback-to-simple-auth-allowed</name>
+  <value>false</value>
+  <description>
+    When a client is configured to attempt a secure connection, but attempts to
+    connect to an insecure server, that server may instruct the client to
+    switch to SASL SIMPLE (unsecure) authentication. This setting controls
+    whether or not the client will accept this instruction from the server.
+    When false (the default), the client will not allow the fallback to SIMPLE
+    authentication, and will abort the connection.
+  </description>
+</property>
+
 </configuration>



Mime
View raw message