svn merge -c 1408837 FIXES: HADOOP-8999. SASL negotiation is flawed (daryn)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1408839 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
630ca65de1
commit
7068073240
|
@ -141,6 +141,8 @@ Release 2.0.3-alpha - Unreleased
|
||||||
|
|
||||||
HADOOP-7115. Add a cache for getpwuid_r and getpwgid_r calls (tucu)
|
HADOOP-7115. Add a cache for getpwuid_r and getpwgid_r calls (tucu)
|
||||||
|
|
||||||
|
HADOOP-8999. SASL negotiation is flawed (daryn)
|
||||||
|
|
||||||
Release 2.0.2-alpha - 2012-09-07
|
Release 2.0.2-alpha - 2012-09-07
|
||||||
|
|
||||||
INCOMPATIBLE CHANGES
|
INCOMPATIBLE CHANGES
|
||||||
|
|
|
@ -1179,6 +1179,10 @@ public abstract class Server {
|
||||||
AUDITLOG.warn(AUTH_FAILED_FOR + clientIP + ":" + attemptingUser);
|
AUDITLOG.warn(AUTH_FAILED_FOR + clientIP + ":" + attemptingUser);
|
||||||
throw e;
|
throw e;
|
||||||
}
|
}
|
||||||
|
if (replyToken == null && authMethod == AuthMethod.PLAIN) {
|
||||||
|
// client needs at least response to know if it should use SIMPLE
|
||||||
|
replyToken = new byte[0];
|
||||||
|
}
|
||||||
if (replyToken != null) {
|
if (replyToken != null) {
|
||||||
if (LOG.isDebugEnabled())
|
if (LOG.isDebugEnabled())
|
||||||
LOG.debug("Will send token of size " + replyToken.length
|
LOG.debug("Will send token of size " + replyToken.length
|
||||||
|
|
|
@ -145,15 +145,13 @@ public class SaslRpcClient {
|
||||||
byte[] saslToken = new byte[0];
|
byte[] saslToken = new byte[0];
|
||||||
if (saslClient.hasInitialResponse())
|
if (saslClient.hasInitialResponse())
|
||||||
saslToken = saslClient.evaluateChallenge(saslToken);
|
saslToken = saslClient.evaluateChallenge(saslToken);
|
||||||
if (saslToken != null) {
|
while (saslToken != null) {
|
||||||
outStream.writeInt(saslToken.length);
|
outStream.writeInt(saslToken.length);
|
||||||
outStream.write(saslToken, 0, saslToken.length);
|
outStream.write(saslToken, 0, saslToken.length);
|
||||||
outStream.flush();
|
outStream.flush();
|
||||||
if (LOG.isDebugEnabled())
|
if (LOG.isDebugEnabled())
|
||||||
LOG.debug("Have sent token of size " + saslToken.length
|
LOG.debug("Have sent token of size " + saslToken.length
|
||||||
+ " from initSASLContext.");
|
+ " from initSASLContext.");
|
||||||
}
|
|
||||||
if (!saslClient.isComplete()) {
|
|
||||||
readStatus(inStream);
|
readStatus(inStream);
|
||||||
int len = inStream.readInt();
|
int len = inStream.readInt();
|
||||||
if (len == SaslRpcServer.SWITCH_TO_SIMPLE_AUTH) {
|
if (len == SaslRpcServer.SWITCH_TO_SIMPLE_AUTH) {
|
||||||
|
@ -161,32 +159,18 @@ public class SaslRpcClient {
|
||||||
LOG.debug("Server asks us to fall back to simple auth.");
|
LOG.debug("Server asks us to fall back to simple auth.");
|
||||||
saslClient.dispose();
|
saslClient.dispose();
|
||||||
return false;
|
return false;
|
||||||
|
} else if ((len == 0) && saslClient.isComplete()) {
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
saslToken = new byte[len];
|
saslToken = new byte[len];
|
||||||
if (LOG.isDebugEnabled())
|
if (LOG.isDebugEnabled())
|
||||||
LOG.debug("Will read input token of size " + saslToken.length
|
LOG.debug("Will read input token of size " + saslToken.length
|
||||||
+ " for processing by initSASLContext");
|
+ " for processing by initSASLContext");
|
||||||
inStream.readFully(saslToken);
|
inStream.readFully(saslToken);
|
||||||
}
|
|
||||||
|
|
||||||
while (!saslClient.isComplete()) {
|
|
||||||
saslToken = saslClient.evaluateChallenge(saslToken);
|
saslToken = saslClient.evaluateChallenge(saslToken);
|
||||||
if (saslToken != null) {
|
}
|
||||||
if (LOG.isDebugEnabled())
|
if (!saslClient.isComplete()) { // shouldn't happen
|
||||||
LOG.debug("Will send token of size " + saslToken.length
|
throw new SaslException("Internal negotiation error");
|
||||||
+ " from initSASLContext.");
|
|
||||||
outStream.writeInt(saslToken.length);
|
|
||||||
outStream.write(saslToken, 0, saslToken.length);
|
|
||||||
outStream.flush();
|
|
||||||
}
|
|
||||||
if (!saslClient.isComplete()) {
|
|
||||||
readStatus(inStream);
|
|
||||||
saslToken = new byte[inStream.readInt()];
|
|
||||||
if (LOG.isDebugEnabled())
|
|
||||||
LOG.debug("Will read input token of size " + saslToken.length
|
|
||||||
+ " for processing by initSASLContext");
|
|
||||||
inStream.readFully(saslToken);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
if (LOG.isDebugEnabled()) {
|
if (LOG.isDebugEnabled()) {
|
||||||
LOG.debug("SASL client context established. Negotiated QoP: "
|
LOG.debug("SASL client context established. Negotiated QoP: "
|
||||||
|
|
Loading…
Reference in New Issue