From commits-return-7782-archive-asf-public=cust-asf.ponee.io@zookeeper.apache.org  Mon May  6 16:32:45 2019
Return-Path: <commits-return-7782-archive-asf-public=cust-asf.ponee.io@zookeeper.apache.org>
X-Original-To: archive-asf-public@cust-asf.ponee.io
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [207.244.88.153])
	by mx-eu-01.ponee.io (Postfix) with SMTP id 14E0D18060F
	for <archive-asf-public@cust-asf.ponee.io>; Mon,  6 May 2019 18:32:44 +0200 (CEST)
Received: (qmail 52327 invoked by uid 500); 6 May 2019 16:32:44 -0000
Mailing-List: contact commits-help@zookeeper.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@zookeeper.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@zookeeper.apache.org>
List-Post: <mailto:commits@zookeeper.apache.org>
List-Id: <commits.zookeeper.apache.org>
Reply-To: dev@zookeeper.apache.org
Delivered-To: mailing list commits@zookeeper.apache.org
Received: (qmail 52314 invoked by uid 99); 6 May 2019 16:32:44 -0000
Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 06 May 2019 16:32:44 +0000
Received: by gitbox.apache.org (ASF Mail Server at gitbox.apache.org, from userid 33)
	id 3EB1087263; Mon,  6 May 2019 16:32:39 +0000 (UTC)
Date: Mon, 06 May 2019 16:32:39 +0000
To: "commits@zookeeper.apache.org" <commits@zookeeper.apache.org>
Subject: [zookeeper] branch master updated: ZOOKEEPER-3331: Automatically
 add IP authorization for Netty connections
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Message-ID: <155716035914.6983.5282714088130514212@gitbox.apache.org>
From: fangmin@apache.org
X-Git-Host: gitbox.apache.org
X-Git-Repo: zookeeper
X-Git-Refname: refs/heads/master
X-Git-Reftype: branch
X-Git-Oldrev: 3a25fe4b6c07937dc6859cafd94f3532b3a0befe
X-Git-Newrev: c67760523492b8da033c7bc0ea3076ab4acf1a93
X-Git-Rev: c67760523492b8da033c7bc0ea3076ab4acf1a93
X-Git-NotificationType: ref_changed_plus_diff
X-Git-Multimail-Version: 1.5.dev
Auto-Submitted: auto-generated

This is an automated email from the ASF dual-hosted git repository.

fangmin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zookeeper.git


The following commit(s) were added to refs/heads/master by this push:
     new c677605  ZOOKEEPER-3331: Automatically add IP authorization for Netty connections
c677605 is described below

commit c67760523492b8da033c7bc0ea3076ab4acf1a93
Author: Brian Nixon <nixon@fb.com>
AuthorDate: Mon May 6 09:32:30 2019 -0700

    ZOOKEEPER-3331: Automatically add IP authorization for Netty connections
    
    Author: Brian Nixon <nixon@fb.com>
    
    Reviewers: eolivelli@apache.org, fangmin@apache.org
    
    Closes #867 from enixon/netty-ip-auth
---
 .../apache/zookeeper/server/NettyServerCnxn.java   |  4 +++
 .../java/org/apache/zookeeper/test/ACLTest.java    | 37 ++++++++++++++++++++++
 2 files changed, 41 insertions(+)

diff --git a/zookeeper-server/src/main/java/org/apache/zookeeper/server/NettyServerCnxn.java b/zookeeper-server/src/main/java/org/apache/zookeeper/server/NettyServerCnxn.java
index 50cd674..c73af01 100644
--- a/zookeeper-server/src/main/java/org/apache/zookeeper/server/NettyServerCnxn.java
+++ b/zookeeper-server/src/main/java/org/apache/zookeeper/server/NettyServerCnxn.java
@@ -22,6 +22,7 @@ import java.io.BufferedWriter;
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.io.Writer;
+import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.nio.ByteBuffer;
 import java.nio.channels.SelectionKey;
@@ -40,6 +41,7 @@ import io.netty.util.concurrent.Future;
 import io.netty.util.concurrent.GenericFutureListener;
 import org.apache.jute.BinaryInputArchive;
 import org.apache.jute.Record;
+import org.apache.zookeeper.data.Id;
 import org.apache.zookeeper.data.Stat;
 import org.apache.zookeeper.WatchedEvent;
 import org.apache.zookeeper.proto.ReplyHeader;
@@ -74,6 +76,8 @@ public class NettyServerCnxn extends ServerCnxn {
         if (this.factory.login != null) {
             this.zooKeeperSaslServer = new ZooKeeperSaslServer(factory.login);
         }
+        InetAddress addr = ((InetSocketAddress) channel.remoteAddress()).getAddress();
+        addAuthInfo(new Id("ip", addr.getHostAddress()));
     }
 
     @Override
diff --git a/zookeeper-server/src/test/java/org/apache/zookeeper/test/ACLTest.java b/zookeeper-server/src/test/java/org/apache/zookeeper/test/ACLTest.java
index 36e5908..8b83d9f 100644
--- a/zookeeper-server/src/test/java/org/apache/zookeeper/test/ACLTest.java
+++ b/zookeeper-server/src/test/java/org/apache/zookeeper/test/ACLTest.java
@@ -25,6 +25,7 @@ import java.util.ArrayList;
 import java.util.List;
 import java.util.concurrent.CountDownLatch;
 
+import org.apache.zookeeper.server.ServerCnxn;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.apache.zookeeper.CreateMode;
@@ -62,6 +63,42 @@ public class ACLTest extends ZKTestCase implements Watcher {
     }
 
     @Test
+    public void testNettyIpAuthDefault() throws Exception {
+        String HOSTPORT = "127.0.0.1:" + PortAssignment.unique();
+        System.setProperty(ServerCnxnFactory.ZOOKEEPER_SERVER_CNXN_FACTORY,
+                "org.apache.zookeeper.server.NettyServerCnxnFactory");
+        ClientBase.setupTestEnv();
+        File tmpDir = ClientBase.createTmpDir();
+        ZooKeeperServer zks = new ZooKeeperServer(tmpDir, tmpDir, 3000);
+        SyncRequestProcessor.setSnapCount(1000);
+        final int PORT = Integer.parseInt(HOSTPORT.split(":")[1]);
+        ServerCnxnFactory f = ServerCnxnFactory.createFactory(PORT, -1);
+        f.startup(zks);
+        try {
+            LOG.info("starting up the zookeeper server .. waiting");
+            Assert.assertTrue("waiting for server being up",
+                    ClientBase.waitForServerUp(HOSTPORT, CONNECTION_TIMEOUT));
+            ClientBase.createZKClient(HOSTPORT);
+            for (ServerCnxn cnxn : f.getConnections()) {
+                boolean foundID = false;
+                for (Id id : cnxn.getAuthInfo()) {
+                    if (id.getScheme().equals("ip")) {
+                        foundID = true;
+                        break;
+                    }
+                }
+                Assert.assertTrue(foundID);
+            }
+        } finally {
+            f.shutdown();
+            zks.shutdown();
+            Assert.assertTrue("waiting for server down",
+                    ClientBase.waitForServerDown(HOSTPORT, CONNECTION_TIMEOUT));
+            System.clearProperty(ServerCnxnFactory.ZOOKEEPER_SERVER_CNXN_FACTORY);
+        }
+    }
+
+    @Test
     public void testDisconnectedAddAuth() throws Exception {
         File tmpDir = ClientBase.createTmpDir();
         ClientBase.setupTestEnv();