zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From anmolnar <...@git.apache.org>
Subject [GitHub] zookeeper pull request #648: ZOOKEEPER-3156: Add in option to canonicalize h...
Date Mon, 01 Oct 2018 13:45:18 GMT
Github user anmolnar commented on a diff in the pull request:

    https://github.com/apache/zookeeper/pull/648#discussion_r221613169
  
    --- Diff: src/java/main/org/apache/zookeeper/ClientCnxn.java ---
    @@ -997,12 +999,31 @@ private void startConnect(InetSocketAddress addr) throws IOException
{
                 setName(getName().replaceAll("\\(.*\\)",
                         "(" + addr.getHostName() + ":" + addr.getPort() + ")"));
                 if (ZooKeeperSaslClient.isEnabled()) {
    +                String hostName = addr.getHostName();
    +
    +                boolean canonicalize = true;
    +                try {
    +                    canonicalize = Boolean.parseBoolean(System.getProperty(ZK_SASL_CLIENT_CANONICALIZE_HOSTNAME,
"true"));
    +                } catch (IllegalArgumentException ea) {
    +                    //ignored ...
    +                }
    +
    +                if (canonicalize) {
    +                    InetAddress ia = addr.getAddress();
    +                    if (ia == null) {
    +                        throw new IllegalArgumentException("Connection address should
have already been resolved by the HostProvider.");
    +                    }
    +                    //Update the actual address so we are
    +                    hostName = ia.getCanonicalHostName();
    --- End diff --
    
    You might want to do the following:
    ```java
    String canonicalHostName = ia.getCanonicalHostName();
    if (!canonicalHostName.equals(ia.getHostAddress())) {
        hostName = canonicalHostName;
    }
    ```
    
    In order to avoid using literal IP address when security check fails.


---

Mime
View raw message