Return-Path: X-Original-To: apmail-zookeeper-commits-archive@www.apache.org Delivered-To: apmail-zookeeper-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id AB3438534 for ; Sun, 21 Aug 2011 00:54:12 +0000 (UTC) Received: (qmail 31442 invoked by uid 500); 21 Aug 2011 00:54:12 -0000 Delivered-To: apmail-zookeeper-commits-archive@zookeeper.apache.org Received: (qmail 31374 invoked by uid 500); 21 Aug 2011 00:54:11 -0000 Mailing-List: contact commits-help@zookeeper.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ Delivered-To: mailing list commits@zookeeper.apache.org Received: (qmail 31366 invoked by uid 99); 21 Aug 2011 00:54:11 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 21 Aug 2011 00:54:11 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 21 Aug 2011 00:54:08 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 5FA70238888F for ; Sun, 21 Aug 2011 00:53:47 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1159929 - in /zookeeper/trunk: CHANGES.txt src/java/main/org/apache/zookeeper/server/ZooKeeperServer.java src/java/test/org/apache/zookeeper/test/AuthTest.java Date: Sun, 21 Aug 2011 00:53:47 -0000 To: commits@zookeeper.apache.org From: breed@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20110821005347.5FA70238888F@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: breed Date: Sun Aug 21 00:53:46 2011 New Revision: 1159929 URL: http://svn.apache.org/viewvc?rev=1159929&view=rev Log: ZOOKEEPER-1152. Exceptions thrown from handleAuthentication can cause buffer corruption issues in NIOServer. Modified: zookeeper/trunk/CHANGES.txt zookeeper/trunk/src/java/main/org/apache/zookeeper/server/ZooKeeperServer.java zookeeper/trunk/src/java/test/org/apache/zookeeper/test/AuthTest.java Modified: zookeeper/trunk/CHANGES.txt URL: http://svn.apache.org/viewvc/zookeeper/trunk/CHANGES.txt?rev=1159929&r1=1159928&r2=1159929&view=diff ============================================================================== --- zookeeper/trunk/CHANGES.txt (original) +++ zookeeper/trunk/CHANGES.txt Sun Aug 21 00:53:46 2011 @@ -428,6 +428,8 @@ NEW FEATURES: ZOOKEEPER-938. Support Kerberos authentication of clients. (Eugene Koontz via mahadev) + ZOOKEEPER-1152. Exceptions thrown from handleAuthentication can cause buffer corruption issues in NIOServer. (camille via breed) + Release 3.3.0 - 2010-03-24 Non-backward compatible changes: Modified: zookeeper/trunk/src/java/main/org/apache/zookeeper/server/ZooKeeperServer.java URL: http://svn.apache.org/viewvc/zookeeper/trunk/src/java/main/org/apache/zookeeper/server/ZooKeeperServer.java?rev=1159929&r1=1159928&r2=1159929&view=diff ============================================================================== --- zookeeper/trunk/src/java/main/org/apache/zookeeper/server/ZooKeeperServer.java (original) +++ zookeeper/trunk/src/java/main/org/apache/zookeeper/server/ZooKeeperServer.java Sun Aug 21 00:53:46 2011 @@ -48,6 +48,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.apache.zookeeper.Environment; import org.apache.zookeeper.KeeperException; +import org.apache.zookeeper.KeeperException.Code; import org.apache.zookeeper.KeeperException.SessionExpiredException; import org.apache.zookeeper.ZooDefs.OpCode; import org.apache.zookeeper.data.ACL; @@ -862,9 +863,16 @@ public class ZooKeeperServer implements ZooKeeperServer.byteBuffer2Record(incomingBuffer, authPacket); String scheme = authPacket.getScheme(); AuthenticationProvider ap = ProviderRegistry.getProvider(scheme); - if (ap == null - || (ap.handleAuthentication(cnxn, authPacket.getAuth()) - != KeeperException.Code.OK)) { + Code authReturn = KeeperException.Code.AUTHFAILED; + if(ap != null) { + try { + authReturn = ap.handleAuthentication(cnxn, authPacket.getAuth()); + } catch(RuntimeException e) { + LOG.warn("Caught runtime exception from AuthenticationProvider: " + scheme + " due to " + e); + authReturn = KeeperException.Code.AUTHFAILED; + } + } + if (authReturn!= KeeperException.Code.OK) { if (ap == null) { LOG.warn("No authentication provider for scheme: " + scheme + " has " Modified: zookeeper/trunk/src/java/test/org/apache/zookeeper/test/AuthTest.java URL: http://svn.apache.org/viewvc/zookeeper/trunk/src/java/test/org/apache/zookeeper/test/AuthTest.java?rev=1159929&r1=1159928&r2=1159929&view=diff ============================================================================== --- zookeeper/trunk/src/java/test/org/apache/zookeeper/test/AuthTest.java (original) +++ zookeeper/trunk/src/java/test/org/apache/zookeeper/test/AuthTest.java Sun Aug 21 00:53:46 2011 @@ -35,7 +35,8 @@ public class AuthTest extends ClientBase static { // password is test System.setProperty("zookeeper.DigestAuthenticationProvider.superDigest", - "super:D/InIHSb7yEEbrWz8b9l71RjZJU="); + "super:D/InIHSb7yEEbrWz8b9l71RjZJU="); + System.setProperty("zookeeper.authProvider.1", "org.apache.zookeeper.test.InvalidAuthProvider"); } private AtomicInteger authFailed = new AtomicInteger(0); @@ -75,6 +76,23 @@ public class AuthTest extends ClientBase zk.close(); } } + + @Test + public void testBadAuthThenSendOtherCommands() throws Exception { + ZooKeeper zk = createClient(); + try { + zk.addAuthInfo("INVALID", "BAR".getBytes()); + zk.exists("/foobar", false); + zk.getData("/path1", false, null); + Assert.fail("Should get auth state error"); + } catch(KeeperException.AuthFailedException e) { + Assert.assertEquals("Should have called my watcher", + 1, authFailed.get()); + } + finally { + zk.close(); + } + } @Test