Clean up an IPC error message. Contributed by Aaron T. Myers.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1494702 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
1ab4659b6b
commit
9550b1a78b
|
@ -203,4 +203,7 @@ public class CommonConfigurationKeys extends CommonConfigurationKeysPublic {
|
||||||
public static final long HADOOP_SECURITY_UID_NAME_CACHE_TIMEOUT_DEFAULT =
|
public static final long HADOOP_SECURITY_UID_NAME_CACHE_TIMEOUT_DEFAULT =
|
||||||
4*60*60; // 4 hours
|
4*60*60; // 4 hours
|
||||||
|
|
||||||
|
public static final String IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_KEY = "ipc.client.fallback-to-simple-auth-allowed";
|
||||||
|
public static final boolean IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_DEFAULT = false;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -111,6 +111,8 @@ public class Client {
|
||||||
|
|
||||||
private final int connectionTimeout;
|
private final int connectionTimeout;
|
||||||
|
|
||||||
|
private final boolean fallbackAllowed;
|
||||||
|
|
||||||
final static int PING_CALL_ID = -1;
|
final static int PING_CALL_ID = -1;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -456,7 +458,8 @@ public class Client {
|
||||||
private synchronized boolean setupSaslConnection(final InputStream in2,
|
private synchronized boolean setupSaslConnection(final InputStream in2,
|
||||||
final OutputStream out2)
|
final OutputStream out2)
|
||||||
throws IOException {
|
throws IOException {
|
||||||
saslRpcClient = new SaslRpcClient(authMethod, token, serverPrincipal);
|
saslRpcClient = new SaslRpcClient(authMethod, token, serverPrincipal,
|
||||||
|
fallbackAllowed);
|
||||||
return saslRpcClient.saslConnect(in2, out2);
|
return saslRpcClient.saslConnect(in2, out2);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1078,6 +1081,8 @@ public class Client {
|
||||||
this.socketFactory = factory;
|
this.socketFactory = factory;
|
||||||
this.connectionTimeout = conf.getInt(CommonConfigurationKeys.IPC_CLIENT_CONNECT_TIMEOUT_KEY,
|
this.connectionTimeout = conf.getInt(CommonConfigurationKeys.IPC_CLIENT_CONNECT_TIMEOUT_KEY,
|
||||||
CommonConfigurationKeys.IPC_CLIENT_CONNECT_TIMEOUT_DEFAULT);
|
CommonConfigurationKeys.IPC_CLIENT_CONNECT_TIMEOUT_DEFAULT);
|
||||||
|
this.fallbackAllowed = conf.getBoolean(CommonConfigurationKeys.IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_KEY,
|
||||||
|
CommonConfigurationKeys.IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_DEFAULT);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -59,6 +59,7 @@ public class SaslRpcClient {
|
||||||
public static final Log LOG = LogFactory.getLog(SaslRpcClient.class);
|
public static final Log LOG = LogFactory.getLog(SaslRpcClient.class);
|
||||||
|
|
||||||
private final SaslClient saslClient;
|
private final SaslClient saslClient;
|
||||||
|
private final boolean fallbackAllowed;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Create a SaslRpcClient for an authentication method
|
* Create a SaslRpcClient for an authentication method
|
||||||
|
@ -69,8 +70,10 @@ public class SaslRpcClient {
|
||||||
* token to use if needed by the authentication method
|
* token to use if needed by the authentication method
|
||||||
*/
|
*/
|
||||||
public SaslRpcClient(AuthMethod method,
|
public SaslRpcClient(AuthMethod method,
|
||||||
Token<? extends TokenIdentifier> token, String serverPrincipal)
|
Token<? extends TokenIdentifier> token, String serverPrincipal,
|
||||||
|
boolean fallbackAllowed)
|
||||||
throws IOException {
|
throws IOException {
|
||||||
|
this.fallbackAllowed = fallbackAllowed;
|
||||||
String saslUser = null;
|
String saslUser = null;
|
||||||
String saslProtocol = null;
|
String saslProtocol = null;
|
||||||
String saslServerName = null;
|
String saslServerName = null;
|
||||||
|
@ -155,6 +158,11 @@ public class SaslRpcClient {
|
||||||
readStatus(inStream);
|
readStatus(inStream);
|
||||||
int len = inStream.readInt();
|
int len = inStream.readInt();
|
||||||
if (len == SaslRpcServer.SWITCH_TO_SIMPLE_AUTH) {
|
if (len == SaslRpcServer.SWITCH_TO_SIMPLE_AUTH) {
|
||||||
|
if (!fallbackAllowed) {
|
||||||
|
throw new IOException("Server asks us to fall back to SIMPLE " +
|
||||||
|
"auth, but this client is configured to only allow secure " +
|
||||||
|
"connections.");
|
||||||
|
}
|
||||||
if (LOG.isDebugEnabled())
|
if (LOG.isDebugEnabled())
|
||||||
LOG.debug("Server asks us to fall back to simple auth.");
|
LOG.debug("Server asks us to fall back to simple auth.");
|
||||||
saslClient.dispose();
|
saslClient.dispose();
|
||||||
|
|
|
@ -1196,4 +1196,17 @@
|
||||||
</description>
|
</description>
|
||||||
</property>
|
</property>
|
||||||
|
|
||||||
|
<property>
|
||||||
|
<name>ipc.client.fallback-to-simple-auth-allowed</name>
|
||||||
|
<value>false</value>
|
||||||
|
<description>
|
||||||
|
When a client is configured to attempt a secure connection, but attempts to
|
||||||
|
connect to an insecure server, that server may instruct the client to
|
||||||
|
switch to SASL SIMPLE (unsecure) authentication. This setting controls
|
||||||
|
whether or not the client will accept this instruction from the server.
|
||||||
|
When false (the default), the client will not allow the fallback to SIMPLE
|
||||||
|
authentication, and will abort the connection.
|
||||||
|
</description>
|
||||||
|
</property>
|
||||||
|
|
||||||
</configuration>
|
</configuration>
|
||||||
|
|
Loading…
Reference in New Issue