hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kan Zhang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-8999) SASL negotiation is flawed
Date Thu, 01 Nov 2012 03:09:14 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-8999?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13488433#comment-13488433
] 

Kan Zhang commented on HADOOP-8999:
-----------------------------------

I doubt the null needs to be returned to SaslClient. See the following javadoc for SaslServer.
If you hit this problem on trunk, I'd check to see if your recent changes (HADOOP-8783 and
HADOOP-8784) caused a mismatch between Client and Server, one is expecting to do SASL, while
the other isn't. Just a thought.

{quote}
/**
   98        * Evaluates the response data and generates a challenge.
   99        *
  100        * If a response is received from the client during the authentication
  101        * process, this method is called to prepare an appropriate next
  102        * challenge to submit to the client. The challenge is null if the
  103        * authentication has succeeded and no more challenge data is to be sent
  104        * to the client. It is non-null if the authentication must be continued
  105        * by sending a challenge to the client, or if the authentication has
  106        * succeeded but challenge data needs to be processed by the client.
  107        * <tt>isComplete()</tt> should be called
  108        * after each call to <tt>evaluateResponse()</tt>,to determine if
any further
  109        * response is needed from the client.
  110        *
  111        * @param response The non-null (but possibly empty) response sent
  112        * by the client.
  113        *
  114        * @return The possibly null challenge to send to the client.
  115        * It is null if the authentication has succeeded and there is
  116        * no more challenge data to be sent to the client.
  117        * @exception SaslException If an error occurred while processing
  118        * the response or generating a challenge.
  119        */
  120       public abstract byte[] evaluateResponse(byte[] response)
  121           throws SaslException;
{quote}
                
> SASL negotiation is flawed
> --------------------------
>
>                 Key: HADOOP-8999
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8999
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: ipc
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>
> The RPC protocol used for SASL negotiation is flawed.  The server's RPC response contains
the next SASL challenge token, but a SASL server can return null (I'm done) or a N-many byte
challenge.  The server currently will not send a RPC success response to the client if the
SASL server returns null, which causes the client to hang until it times out.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message