Clean up an IPC error message. Contributed by Aaron T. Myers.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1494702 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Aaron Myers 2013-06-19 17:31:20 +00:00
parent 1ab4659b6b
commit 9550b1a78b
4 changed files with 31 additions and 2 deletions

View File

@ -203,4 +203,7 @@ public class CommonConfigurationKeys extends CommonConfigurationKeysPublic {
public static final long HADOOP_SECURITY_UID_NAME_CACHE_TIMEOUT_DEFAULT = public static final long HADOOP_SECURITY_UID_NAME_CACHE_TIMEOUT_DEFAULT =
4*60*60; // 4 hours 4*60*60; // 4 hours
public static final String IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_KEY = "ipc.client.fallback-to-simple-auth-allowed";
public static final boolean IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_DEFAULT = false;
} }

View File

@ -111,6 +111,8 @@ public class Client {
private final int connectionTimeout; private final int connectionTimeout;
private final boolean fallbackAllowed;
final static int PING_CALL_ID = -1; final static int PING_CALL_ID = -1;
/** /**
@ -456,7 +458,8 @@ public class Client {
private synchronized boolean setupSaslConnection(final InputStream in2, private synchronized boolean setupSaslConnection(final InputStream in2,
final OutputStream out2) final OutputStream out2)
throws IOException { throws IOException {
saslRpcClient = new SaslRpcClient(authMethod, token, serverPrincipal); saslRpcClient = new SaslRpcClient(authMethod, token, serverPrincipal,
fallbackAllowed);
return saslRpcClient.saslConnect(in2, out2); return saslRpcClient.saslConnect(in2, out2);
} }
@ -1078,6 +1081,8 @@ public class Client {
this.socketFactory = factory; this.socketFactory = factory;
this.connectionTimeout = conf.getInt(CommonConfigurationKeys.IPC_CLIENT_CONNECT_TIMEOUT_KEY, this.connectionTimeout = conf.getInt(CommonConfigurationKeys.IPC_CLIENT_CONNECT_TIMEOUT_KEY,
CommonConfigurationKeys.IPC_CLIENT_CONNECT_TIMEOUT_DEFAULT); CommonConfigurationKeys.IPC_CLIENT_CONNECT_TIMEOUT_DEFAULT);
this.fallbackAllowed = conf.getBoolean(CommonConfigurationKeys.IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_KEY,
CommonConfigurationKeys.IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_DEFAULT);
} }
/** /**

View File

@ -59,6 +59,7 @@ public class SaslRpcClient {
public static final Log LOG = LogFactory.getLog(SaslRpcClient.class); public static final Log LOG = LogFactory.getLog(SaslRpcClient.class);
private final SaslClient saslClient; private final SaslClient saslClient;
private final boolean fallbackAllowed;
/** /**
* Create a SaslRpcClient for an authentication method * Create a SaslRpcClient for an authentication method
@ -69,8 +70,10 @@ public class SaslRpcClient {
* token to use if needed by the authentication method * token to use if needed by the authentication method
*/ */
public SaslRpcClient(AuthMethod method, public SaslRpcClient(AuthMethod method,
Token<? extends TokenIdentifier> token, String serverPrincipal) Token<? extends TokenIdentifier> token, String serverPrincipal,
boolean fallbackAllowed)
throws IOException { throws IOException {
this.fallbackAllowed = fallbackAllowed;
String saslUser = null; String saslUser = null;
String saslProtocol = null; String saslProtocol = null;
String saslServerName = null; String saslServerName = null;
@ -155,6 +158,11 @@ public class SaslRpcClient {
readStatus(inStream); readStatus(inStream);
int len = inStream.readInt(); int len = inStream.readInt();
if (len == SaslRpcServer.SWITCH_TO_SIMPLE_AUTH) { if (len == SaslRpcServer.SWITCH_TO_SIMPLE_AUTH) {
if (!fallbackAllowed) {
throw new IOException("Server asks us to fall back to SIMPLE " +
"auth, but this client is configured to only allow secure " +
"connections.");
}
if (LOG.isDebugEnabled()) if (LOG.isDebugEnabled())
LOG.debug("Server asks us to fall back to simple auth."); LOG.debug("Server asks us to fall back to simple auth.");
saslClient.dispose(); saslClient.dispose();

View File

@ -1196,4 +1196,17 @@
</description> </description>
</property> </property>
<property>
<name>ipc.client.fallback-to-simple-auth-allowed</name>
<value>false</value>
<description>
When a client is configured to attempt a secure connection, but attempts to
connect to an insecure server, that server may instruct the client to
switch to SASL SIMPLE (unsecure) authentication. This setting controls
whether or not the client will accept this instruction from the server.
When false (the default), the client will not allow the fallback to SIMPLE
authentication, and will abort the connection.
</description>
</property>
</configuration> </configuration>