Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Clean up an IPC error message. Contributed by Aaron T. Myers. 

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1494703 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Aaron Myers 2013-06-19 17:31:41 +00:00
parent d8203c0ae9
commit 683448125e
4 changed files with 31 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeys.java
View File

@ -202,5 +202,8 @@ public class CommonConfigurationKeys extends CommonConfigurationKeysPublic {
public static final long HADOOP_SECURITY_UID_NAME_CACHE_TIMEOUT_DEFAULT = public static final long HADOOP_SECURITY_UID_NAME_CACHE_TIMEOUT_DEFAULT =
4*60*60; // 4 hours 4*60*60; // 4 hours
public static final String IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_KEY = "ipc.client.fallback-to-simple-auth-allowed";
public static final boolean IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_DEFAULT = false;
} }

7
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java
View File

@ -108,6 +108,8 @@ public class Client {
private int refCount = 1; private int refCount = 1;
private final int connectionTimeout; private final int connectionTimeout;
private final boolean fallbackAllowed;
final static int PING_CALL_ID = -1; final static int PING_CALL_ID = -1;
@ -454,7 +456,8 @@ private synchronized boolean shouldAuthenticateOverKrb() throws IOException {
private synchronized boolean setupSaslConnection(final InputStream in2, private synchronized boolean setupSaslConnection(final InputStream in2,
final OutputStream out2) final OutputStream out2)
throws IOException { throws IOException {
saslRpcClient = new SaslRpcClient(authMethod, token, serverPrincipal); saslRpcClient = new SaslRpcClient(authMethod, token, serverPrincipal,
fallbackAllowed);
return saslRpcClient.saslConnect(in2, out2); return saslRpcClient.saslConnect(in2, out2);
} }
@ -1076,6 +1079,8 @@ public Client(Class<? extends Writable> valueClass, Configuration conf,
this.socketFactory = factory; this.socketFactory = factory;
this.connectionTimeout = conf.getInt(CommonConfigurationKeys.IPC_CLIENT_CONNECT_TIMEOUT_KEY, this.connectionTimeout = conf.getInt(CommonConfigurationKeys.IPC_CLIENT_CONNECT_TIMEOUT_KEY,
CommonConfigurationKeys.IPC_CLIENT_CONNECT_TIMEOUT_DEFAULT); CommonConfigurationKeys.IPC_CLIENT_CONNECT_TIMEOUT_DEFAULT);
this.fallbackAllowed = conf.getBoolean(CommonConfigurationKeys.IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_KEY,
CommonConfigurationKeys.IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_DEFAULT);
} }
/** /**

10
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java
View File

@ -59,6 +59,7 @@ public class SaslRpcClient {
public static final Log LOG = LogFactory.getLog(SaslRpcClient.class); public static final Log LOG = LogFactory.getLog(SaslRpcClient.class);
private final SaslClient saslClient; private final SaslClient saslClient;
private final boolean fallbackAllowed;
/** /**
* Create a SaslRpcClient for an authentication method * Create a SaslRpcClient for an authentication method
@ -69,8 +70,10 @@ public class SaslRpcClient {
* token to use if needed by the authentication method * token to use if needed by the authentication method
*/ */
public SaslRpcClient(AuthMethod method, public SaslRpcClient(AuthMethod method,
Token<? extends TokenIdentifier> token, String serverPrincipal) Token<? extends TokenIdentifier> token, String serverPrincipal,
boolean fallbackAllowed)
throws IOException { throws IOException {
this.fallbackAllowed = fallbackAllowed;
String saslUser = null; String saslUser = null;
String saslProtocol = null; String saslProtocol = null;
String saslServerName = null; String saslServerName = null;
@ -155,6 +158,11 @@ public boolean saslConnect(InputStream inS, OutputStream outS)
readStatus(inStream); readStatus(inStream);
int len = inStream.readInt(); int len = inStream.readInt();
if (len == SaslRpcServer.SWITCH_TO_SIMPLE_AUTH) { if (len == SaslRpcServer.SWITCH_TO_SIMPLE_AUTH) {
if (!fallbackAllowed) {
throw new IOException("Server asks us to fall back to SIMPLE " +
"auth, but this client is configured to only allow secure " +
"connections.");
}
if (LOG.isDebugEnabled()) if (LOG.isDebugEnabled())
LOG.debug("Server asks us to fall back to simple auth."); LOG.debug("Server asks us to fall back to simple auth.");
saslClient.dispose(); saslClient.dispose();

13
hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
View File

@ -1189,4 +1189,17 @@
</description> </description>
</property> </property>
<property>
<name>ipc.client.fallback-to-simple-auth-allowed</name>
<value>false</value>
<description>
When a client is configured to attempt a secure connection, but attempts to
connect to an insecure server, that server may instruct the client to
switch to SASL SIMPLE (unsecure) authentication. This setting controls
whether or not the client will accept this instruction from the server.
When false (the default), the client will not allow the fallback to SIMPLE
authentication, and will abort the connection.
</description>
</property>
</configuration> </configuration>