HADOOP-13429. Dispose of unnecessary SASL servers. Contributed by Daryn Sharp.
(cherry picked from commit b3018e73cc
)
This commit is contained in:
parent
afc8da0d86
commit
983d47ecb3
|
@ -1570,6 +1570,9 @@ public abstract class Server {
|
|||
// SASL wrapping is only used if the connection has a QOP, and
|
||||
// the value is not auth. ex. auth-int & auth-priv
|
||||
useWrap = (qop != null && !"auth".equalsIgnoreCase(qop));
|
||||
if (!useWrap) {
|
||||
disposeSasl();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1650,7 +1653,7 @@ public abstract class Server {
|
|||
private void switchToSimple() {
|
||||
// disable SASL and blank out any SASL server
|
||||
authProtocol = AuthProtocol.NONE;
|
||||
saslServer = null;
|
||||
disposeSasl();
|
||||
}
|
||||
|
||||
private RpcSaslProto buildSaslResponse(SaslState state, byte[] replyToken) {
|
||||
|
@ -1688,6 +1691,8 @@ public abstract class Server {
|
|||
try {
|
||||
saslServer.dispose();
|
||||
} catch (SaslException ignored) {
|
||||
} finally {
|
||||
saslServer = null;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -1906,7 +1911,7 @@ public abstract class Server {
|
|||
.getProtocol() : null;
|
||||
|
||||
UserGroupInformation protocolUser = ProtoUtil.getUgi(connectionContext);
|
||||
if (saslServer == null) {
|
||||
if (authProtocol == AuthProtocol.NONE) {
|
||||
user = protocolUser;
|
||||
} else {
|
||||
// user is authenticated
|
||||
|
|
|
@ -28,6 +28,7 @@ import org.apache.hadoop.fs.CommonConfigurationKeys;
|
|||
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
|
||||
import org.apache.hadoop.io.Text;
|
||||
import org.apache.hadoop.ipc.Client.ConnectionId;
|
||||
import org.apache.hadoop.ipc.Server.Connection;
|
||||
import org.apache.hadoop.net.NetUtils;
|
||||
import org.apache.hadoop.security.*;
|
||||
import org.apache.hadoop.security.SaslRpcServer.AuthMethod;
|
||||
|
@ -271,6 +272,15 @@ public class TestSaslRPC extends TestRpcBase {
|
|||
//QOP must be auth
|
||||
assertEquals(expectedQop.saslQop,
|
||||
RPC.getConnectionIdForProxy(proxy).getSaslQop());
|
||||
int n = 0;
|
||||
for (Connection connection : server.getConnections()) {
|
||||
// only qop auth should dispose of the sasl server
|
||||
boolean hasServer = (connection.saslServer != null);
|
||||
assertTrue("qop:" + expectedQop + " hasServer:" + hasServer,
|
||||
(expectedQop == QualityOfProtection.AUTHENTICATION) ^ hasServer);
|
||||
n++;
|
||||
}
|
||||
assertTrue(n > 0);
|
||||
proxy.ping(null, newEmptyRequest());
|
||||
} finally {
|
||||
stop(server, proxy);
|
||||
|
|
Loading…
Reference in New Issue