hbase

History

Andrew Purtell eef5edb403 HBASE-27204 BlockingRpcClient will hang for 20 seconds when SASL is enabled after finishing negotiation (#4642 ) Revert "HBASE-24579: Failed SASL authentication does not result in an exception on client side (#1921)" This reverts commit `bd79c4065c`. When Kerberos authentication succeeds, on the server side, after receiving the final SASL token from the client, we simply wait for the client to continue by sending the connection header. After HBASE-24579, on the client side, an additional readStatus() was added, which mistakenly assumes that after negotiation has completed a status code will be sent. However when authentication has succeeded the server will not send one. As a result the client will hang and only throw an exception when the configured read timeout is reached, which is 20 seconds by default. We cannot unilaterally send the expected additional status code from the server side because older clients will not expect it. The first call will fail because the client finds unexpected bytes in the stream ahead of the call response. Fabricating a call response also does not seem a viable strategy for backwards compatibility. The HBASE-24579 change needs to be reconsidered given the difficult backwards compatibility challenges here. Signed-off-by: Duo Zhang <zhangduo@apache.org> Signed-off-by: Viraj Jasani <vjasani@apache.org>	2022-07-24 23:06:58 -07:00
..
main	HBASE-27204 BlockingRpcClient will hang for 20 seconds when SASL is enabled after finishing negotiation (#4642 )	2022-07-24 23:06:58 -07:00
test	HBASE-27204 BlockingRpcClient will hang for 20 seconds when SASL is enabled after finishing negotiation (#4642 )	2022-07-24 23:06:58 -07:00

Andrew Purtell eef5edb403 HBASE-27204 BlockingRpcClient will hang for 20 seconds when SASL is enabled after finishing negotiation (#4642 )

Revert "HBASE-24579: Failed SASL authentication does not result in an exception on client side (#1921)"

This reverts commit bd79c4065c.

When Kerberos authentication succeeds, on the server side, after
receiving the final SASL token from the client, we simply wait for
the client to continue by sending the connection header.
After HBASE-24579, on the client side, an additional readStatus()
was added, which mistakenly assumes that after negotiation has
completed a status code will be sent. However when authentication
has succeeded the server will not send one. As a result the client
will hang and only throw an exception when the configured read
timeout is reached, which is 20 seconds by default.

We cannot unilaterally send the expected additional status code
from the server side because older clients will not expect it. The
first call will fail because the client finds unexpected bytes in
the stream ahead of the call response. Fabricating a call response
also does not seem a viable strategy for backwards compatibility.

The HBASE-24579 change needs to be reconsidered given the
difficult backwards compatibility challenges here.

Signed-off-by: Duo Zhang <zhangduo@apache.org>
Signed-off-by: Viraj Jasani <vjasani@apache.org>

2022-07-24 23:06:58 -07:00

main HBASE-27204 BlockingRpcClient will hang for 20 seconds when SASL is enabled after finishing negotiation (#4642 ) 2022-07-24 23:06:58 -07:00

test HBASE-27204 BlockingRpcClient will hang for 20 seconds when SASL is enabled after finishing negotiation (#4642 ) 2022-07-24 23:06:58 -07:00