HADOOP-17392. Remote exception messages should not include the exception class (#2486). Contributed by Daryn Sharp and Ahmed Hussein

This commit is contained in:
Ahmed Hussein 2020-12-03 10:55:51 -06:00 committed by GitHub
parent 9170eb566b
commit f94e927bfb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 19 additions and 9 deletions

View File

@ -18,6 +18,7 @@
package org.apache.hadoop.ipc; package org.apache.hadoop.ipc;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.thirdparty.com.google.common.annotations.VisibleForTesting; import org.apache.hadoop.thirdparty.com.google.common.annotations.VisibleForTesting;
import org.apache.hadoop.thirdparty.com.google.common.base.Preconditions; import org.apache.hadoop.thirdparty.com.google.common.base.Preconditions;
import org.apache.hadoop.thirdparty.com.google.common.util.concurrent.ThreadFactoryBuilder; import org.apache.hadoop.thirdparty.com.google.common.util.concurrent.ThreadFactoryBuilder;
@ -857,7 +858,8 @@ public class Client implements AutoCloseable {
} }
} else if (UserGroupInformation.isSecurityEnabled()) { } else if (UserGroupInformation.isSecurityEnabled()) {
if (!fallbackAllowed) { if (!fallbackAllowed) {
throw new IOException("Server asks us to fall back to SIMPLE " + throw new AccessControlException(
"Server asks us to fall back to SIMPLE " +
"auth, but this client is configured to only allow secure " + "auth, but this client is configured to only allow secure " +
"connections."); "connections.");
} }

View File

@ -2202,7 +2202,7 @@ public abstract class Server {
private void doSaslReply(Exception ioe) throws IOException { private void doSaslReply(Exception ioe) throws IOException {
setupResponse(authFailedCall, setupResponse(authFailedCall,
RpcStatusProto.FATAL, RpcErrorCodeProto.FATAL_UNAUTHORIZED, RpcStatusProto.FATAL, RpcErrorCodeProto.FATAL_UNAUTHORIZED,
null, ioe.getClass().getName(), ioe.toString()); null, ioe.getClass().getName(), ioe.getMessage());
sendResponse(authFailedCall); sendResponse(authFailedCall);
} }
@ -2597,8 +2597,7 @@ public abstract class Server {
final RpcCall call = new RpcCall(this, callId, retry); final RpcCall call = new RpcCall(this, callId, retry);
setupResponse(call, setupResponse(call,
rse.getRpcStatusProto(), rse.getRpcErrorCodeProto(), null, rse.getRpcStatusProto(), rse.getRpcErrorCodeProto(), null,
t.getClass().getName(), t.getClass().getName(), t.getMessage());
t.getMessage() != null ? t.getMessage() : t.toString());
sendResponse(call); sendResponse(call);
} }
} }

View File

@ -46,6 +46,7 @@ import java.util.concurrent.ConcurrentHashMap;
import javax.net.SocketFactory; import javax.net.SocketFactory;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.thirdparty.com.google.common.cache.Cache; import org.apache.hadoop.thirdparty.com.google.common.cache.Cache;
import org.apache.hadoop.thirdparty.com.google.common.cache.CacheBuilder; import org.apache.hadoop.thirdparty.com.google.common.cache.CacheBuilder;
@ -874,6 +875,11 @@ public class NetUtils {
+ " failed on socket exception: " + exception + " failed on socket exception: " + exception
+ ";" + ";"
+ see("SocketException")); + see("SocketException"));
} else if (exception instanceof AccessControlException) {
return wrapWithMessage(exception,
"Call From "
+ localHost + " to " + destHost + ":" + destPort
+ " failed: " + exception.getMessage());
} else { } else {
// 1. Return instance of same type with exception msg if Exception has a // 1. Return instance of same type with exception msg if Exception has a
// String constructor. // String constructor.

View File

@ -533,12 +533,15 @@ public class TestSaslRPC extends TestRpcBase {
} }
private static Pattern BadToken = private static Pattern BadToken =
Pattern.compile(".*DIGEST-MD5: digest response format violation.*"); Pattern.compile("^" + RemoteException.class.getName() +
"\\("+ SaslException.class.getName() + "\\): " +
"DIGEST-MD5: digest response format violation.*");
private static Pattern KrbFailed = private static Pattern KrbFailed =
Pattern.compile(".*Failed on local exception:.* " + Pattern.compile(".*Failed on local exception:.* " +
"Failed to specify server's Kerberos principal name.*"); "Failed to specify server's Kerberos principal name.*");
private static Pattern Denied(AuthMethod method) { private static Pattern Denied(AuthMethod method) {
return Pattern.compile(".*RemoteException.*AccessControlException.*: " return Pattern.compile("^" + RemoteException.class.getName() +
"\\(" + AccessControlException.class.getName() + "\\): "
+ method + " authentication is not enabled.*"); + method + " authentication is not enabled.*");
} }
private static Pattern No(AuthMethod ... method) { private static Pattern No(AuthMethod ... method) {
@ -547,10 +550,10 @@ public class TestSaslRPC extends TestRpcBase {
"Client cannot authenticate via:\\[" + methods + "\\].*"); "Client cannot authenticate via:\\[" + methods + "\\].*");
} }
private static Pattern NoTokenAuth = private static Pattern NoTokenAuth =
Pattern.compile(".*IllegalArgumentException: " + Pattern.compile("^" + IllegalArgumentException.class.getName() + ": " +
"TOKEN authentication requires a secret manager"); "TOKEN authentication requires a secret manager");
private static Pattern NoFallback = private static Pattern NoFallback =
Pattern.compile(".*Failed on local exception:.* " + Pattern.compile("^" + AccessControlException.class.getName() + ":.* " +
"Server asks us to fall back to SIMPLE auth, " + "Server asks us to fall back to SIMPLE auth, " +
"but this client is configured to only allow secure connections.*"); "but this client is configured to only allow secure connections.*");