hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9421) Add full length to SASL response to allow non-blocking readers
Date Tue, 23 Apr 2013 22:43:18 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9421?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13639746#comment-13639746
] 

Daryn Sharp commented on HADOOP-9421:
-------------------------------------

My prior comment was about not using sasl-next, but considering your proposal that the client
suggests a mechanism, and the server can return all supported mechanisms to let the client
chose.  I was trying to point out I don't think the client can make an intelligent discussion
about a mechanism, so it might as well let the server tell it the mechanisms since a roundtrip
is involved anyway to start the negotiation (server has to agree or send a list of what it
supports).

Although I was planning to drop the "sasl-next" approach, I started trying to write some pseudo-code
for your proposal and found it harder.  Depending on the complexity differences, we may to
decide if saving 1 or 2 RPCs during job submission is worth it.

For illustration, here's what I started documenting after my initial proposal.  I'll work
on yours tomorrow morning.

Client:
{code}
saslClient = null
sendRpc [ connection-header: … ]
while (rpc = readRpc()) {
	switch (rpc) {
		case [ sasl-ok ]
			return true
		case [ sasl-error: message ]
			throw rpc.message
		case [ sasl-start: mech, proto, serverId ]
			saslClient = createSaslClient(rpc.mech, rpc.proto, rpc.serverId)
			if (saslClient == null) {
				sendRpc [ sasl-next ]
			} else {
				sendRpc [ sasl-response: saslClient.evaluateChallenge() ]
			}
		case [ sasl-challenge: challenge ]
			sendRpc [ sasl-response: saslClient.evaluateChallenge(rpc.challenge) ]
	}
}
{code}

Server:
{code}
saslServer = null
while (rpc = readRpc()) {
	switch (rpc) {
		case [ connection-header: … ]
			processHeader(rpc)
		case [ sasl-next ]
			saslServer = null
		case [ sasl-response: response ]
			if (saslServer == null) {
				saslServer = createSaslServer(saslAuth.mech, saslAuth.proto, saslAuth.serverId)
			}
			nextChallenge = saslServer.evaluateResponse(rpc.response)
			switch (saslServer.state) {
				case ERROR:
					sendRpc [ sasl-error: saslServer.error ]
					return false
				case DONE:
					sendRpc [ sasl-ok ]
					return true
				case INPROGRESS:
					sendRpc [ sasl-challenge: nextChallenge ]
			}
		}
	}
	if (saslServer == null) {
		saslAuth = nextSaslAuth()
		if (saslAuth == null) {
			sendRpc [ sasl-error: "failed to login" ]
			return false
		}
		sendRpc [ sasl-start: saslAuth.mech, saslAuth.proto, saslAuth.serverId ]
	}
}
{code}
                
> Add full length to SASL response to allow non-blocking readers
> --------------------------------------------------------------
>
>                 Key: HADOOP-9421
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9421
>             Project: Hadoop Common
>          Issue Type: Sub-task
>    Affects Versions: 2.0.3-alpha
>            Reporter: Sanjay Radia
>            Assignee: Junping Du
>         Attachments: HADOOP-9421.patch
>
>


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message