Return-Path: 
 <commits-return-8364-apmail-hbase-commits-archive=hbase.apache.org@hbase.apache.org>
X-Original-To: apmail-hbase-commits-archive@www.apache.org
Delivered-To: apmail-hbase-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 201429083
	for <apmail-hbase-commits-archive@www.apache.org>;
 Sat,  7 Apr 2012 23:18:08 +0000 (UTC)
Received: (qmail 79266 invoked by uid 500); 7 Apr 2012 23:18:08 -0000
Delivered-To: apmail-hbase-commits-archive@hbase.apache.org
Received: (qmail 79225 invoked by uid 500); 7 Apr 2012 23:18:08 -0000
Mailing-List: contact commits-help@hbase.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@hbase.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@hbase.apache.org>
List-Post: <mailto:commits@hbase.apache.org>
List-Id: <commits.hbase.apache.org>
Reply-To: dev@hbase.apache.org
Delivered-To: mailing list commits@hbase.apache.org
Received: (qmail 79216 invoked by uid 99); 7 Apr 2012 23:18:07 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 07 Apr 2012 23:18:07 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 07 Apr 2012 23:18:06 +0000
Received: from eris.apache.org (localhost [127.0.0.1])
	by eris.apache.org (Postfix) with ESMTP id 92A7023888EA
	for <commits@hbase.apache.org>; Sat,  7 Apr 2012 23:17:46 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1310916 - in /hbase/branches/0.92: CHANGES.txt
 security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java
Date: Sat, 07 Apr 2012 23:17:46 -0000
To: commits@hbase.apache.org
From: stack@apache.org
X-Mailer: svnmailer-1.0.8-patched
Message-Id: <20120407231746.92A7023888EA@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: stack
Date: Sat Apr  7 23:17:45 2012
New Revision: 1310916

URL: http://svn.apache.org/viewvc?rev=1310916&view=rev
Log:
HBASE-5735 Clearer warning message when connecting a non-secure HBase client to a secure HBase server

Modified:
    hbase/branches/0.92/CHANGES.txt
    hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java

Modified: hbase/branches/0.92/CHANGES.txt
URL: http://svn.apache.org/viewvc/hbase/branches/0.92/CHANGES.txt?rev=1310916&r1=1310915&r2=1310916&view=diff
==============================================================================
--- hbase/branches/0.92/CHANGES.txt (original)
+++ hbase/branches/0.92/CHANGES.txt Sat Apr  7 23:17:45 2012
@@ -28,6 +28,8 @@ Release 0.92.2 - Unreleased
    HBASE-5724  Row cache of KeyValue should be cleared in readFields().
                (Teruyoshi Zenmyo)
    HBASE-5680  Improve compatibilty warning about HBase with Hadoop 0.23.x
+   HBASE-5735  Clearer warning message when connecting a non-secure HBase client to a
+               secure HBase server (Shaneal Manek)
 
   IMPROVEMENTS
    HBASE-5592  Make it easier to get a table from shell (Ben West)

Modified: hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java
URL: http://svn.apache.org/viewvc/hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java?rev=1310916&r1=1310915&r2=1310916&view=diff
==============================================================================
--- hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java (original)
+++ hbase/branches/0.92/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java Sat Apr  7 23:17:45 2012
@@ -47,6 +47,8 @@ import org.apache.hadoop.security.token.
 import org.apache.hadoop.util.ReflectionUtils;
 import org.apache.hadoop.util.StringUtils;
 
+import com.google.common.collect.ImmutableSet;
+
 import javax.security.sasl.Sasl;
 import javax.security.sasl.SaslException;
 import javax.security.sasl.SaslServer;
@@ -83,6 +85,7 @@ public abstract class SecureServer exten
   // 3 : Introduce the protocol into the RPC connection header
   // 4 : Introduced SASL security layer
   public static final byte CURRENT_VERSION = 4;
+  public static final Set<Byte> INSECURE_VERSIONS = ImmutableSet.of((byte) 3);
 
   public static final Log LOG = LogFactory.getLog("org.apache.hadoop.ipc.SecureServer");
   private static final Log AUDITLOG =
@@ -400,10 +403,17 @@ public abstract class SecureServer exten
           dataLengthBuffer.flip();
           if (!HEADER.equals(dataLengthBuffer) || version != CURRENT_VERSION) {
             //Warning is ok since this is not supposed to happen.
-            LOG.warn("Incorrect header or version mismatch from " +
-                     hostAddress + ":" + remotePort +
-                     " got version " + version +
-                     " expected version " + CURRENT_VERSION);
+            if (INSECURE_VERSIONS.contains(version)) {
+              LOG.warn("An insecure client (version '" + version + "') is attempting to connect " +
+                  " to this version '" + CURRENT_VERSION + "' secure server from " +
+                  hostAddress + ":" + remotePort);
+            } else {
+              LOG.warn("Incorrect header or version mismatch from " +
+                  hostAddress + ":" + remotePort +
+                  " got version " + version +
+                  " expected version " + CURRENT_VERSION);              
+            }
+            
             return -1;
           }
           dataLengthBuffer.clear();