hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-9012) IPC Client sends wrong connection context
Date Mon, 05 Nov 2012 23:14:12 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-9012?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Daryn Sharp updated HADOOP-9012:
--------------------------------

    Attachment: HADOOP-9012.patch

The connection context is built from the ugi based on the initial auth type.  The users contained
in the context are specific to the auth type.

The connection negotiation occurs which may switch the client to another auth (ex. simple).
 The current code attempts to rebuild the connection context from the pre-existing context
- which may not even contain the correct users.  Ex.  A kerberos context only contains the
effective user, and a token context contains no users.  A simple auth needs both effective
and real user.  As a result, the doAs context in the RPC server may be wrong.

This patch simply builds the context after the connection is established, and always from
the connection's original ugi.
                
> IPC Client sends wrong connection context
> -----------------------------------------
>
>                 Key: HADOOP-9012
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9012
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: ipc
>    Affects Versions: 3.0.0, 2.0.3-alpha
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>         Attachments: HADOOP-9012.patch
>
>
> The IPC client will send the wrong connection context when asked to switch to simple
auth.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message