From 539ef7fc13e33b2a79b4a2cf4a705abd17d82854 Mon Sep 17 00:00:00 2001 From: cnauroth Date: Sat, 8 Nov 2014 22:24:57 -0800 Subject: [PATCH] HDFS-7382. DataNode in secure mode may throw NullPointerException if client connects before DataNode registers itself with NameNode. Contributed by Chris Nauroth. (cherry picked from commit 9ba8d8c7eb65eeb6fe673f04e493d9eedd95a822) (cherry picked from commit 98b81c662419d5e136fddee87d18b48b4b969ef2) --- hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt | 3 +++ .../datatransfer/sasl/SaslDataTransferServer.java | 13 +++++++------ .../hadoop/hdfs/server/datanode/DataXceiver.java | 3 ++- 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt index 276477fc7b5..0677bf6ffd3 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt +++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt @@ -1110,6 +1110,9 @@ Release 2.6.0 - UNRELEASED HDFS-7226. Fix TestDNFencing.testQueueingWithAppend. (Yongjun Zhang via jing9) + HDFS-7382. DataNode in secure mode may throw NullPointerException if client + connects before DataNode registers itself with NameNode. (cnauroth) + Release 2.5.2 - UNRELEASED INCOMPATIBLE CHANGES diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferServer.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferServer.java index 9f94534db67..3fa7727f00d 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferServer.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferServer.java @@ -94,12 +94,14 @@ public class SaslDataTransferServer { * @param peer connection peer * @param underlyingOut connection output stream * @param underlyingIn connection input stream + * @param int xferPort data transfer port of DataNode accepting connection * @param datanodeId ID of DataNode accepting connection * @return new pair of streams, wrapped after SASL negotiation * @throws IOException for any error */ public IOStreamPair receive(Peer peer, OutputStream underlyingOut, - InputStream underlyingIn, DatanodeID datanodeId) throws IOException { + InputStream underlyingIn, int xferPort, DatanodeID datanodeId) + throws IOException { if (dnConf.getEncryptDataTransfer()) { LOG.debug( "SASL server doing encrypted handshake for peer = {}, datanodeId = {}", @@ -110,16 +112,16 @@ public class SaslDataTransferServer { "SASL server skipping handshake in unsecured configuration for " + "peer = {}, datanodeId = {}", peer, datanodeId); return new IOStreamPair(underlyingIn, underlyingOut); - } else if (datanodeId.getXferPort() < 1024) { + } else if (xferPort < 1024) { LOG.debug( - "SASL server skipping handshake in unsecured configuration for " + "SASL server skipping handshake in secured configuration for " + "peer = {}, datanodeId = {}", peer, datanodeId); return new IOStreamPair(underlyingIn, underlyingOut); } else if (dnConf.getSaslPropsResolver() != null) { LOG.debug( "SASL server doing general handshake for peer = {}, datanodeId = {}", peer, datanodeId); - return getSaslStreams(peer, underlyingOut, underlyingIn, datanodeId); + return getSaslStreams(peer, underlyingOut, underlyingIn); } else if (dnConf.getIgnoreSecurePortsForTesting()) { // It's a secured cluster using non-privileged ports, but no SASL. The // only way this can happen is if the DataNode has @@ -271,12 +273,11 @@ public class SaslDataTransferServer { * @param peer connection peer * @param underlyingOut connection output stream * @param underlyingIn connection input stream - * @param datanodeId ID of DataNode accepting connection * @return new pair of streams, wrapped after SASL negotiation * @throws IOException for any error */ private IOStreamPair getSaslStreams(Peer peer, OutputStream underlyingOut, - InputStream underlyingIn, final DatanodeID datanodeId) throws IOException { + InputStream underlyingIn) throws IOException { if (peer.hasSecureChannel() || dnConf.getTrustedChannelResolver().isTrusted(getPeerAddress(peer))) { return new IOStreamPair(underlyingIn, underlyingOut); diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataXceiver.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataXceiver.java index 7f4b2af7c55..5c5f94275e0 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataXceiver.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataXceiver.java @@ -181,7 +181,8 @@ class DataXceiver extends Receiver implements Runnable { InputStream input = socketIn; try { IOStreamPair saslStreams = datanode.saslServer.receive(peer, socketOut, - socketIn, datanode.getDatanodeId()); + socketIn, datanode.getXferAddress().getPort(), + datanode.getDatanodeId()); input = new BufferedInputStream(saslStreams.in, HdfsConstants.SMALL_BUFFER_SIZE); socketOut = saslStreams.out;