Author: shv Date: Tue Jul 30 18:10:51 2013 New Revision: 1508564 URL: http://svn.apache.org/r1508564 Log: Clean up an IPC error message. Contributed by Aaron T. Myers.
Modified: hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeys.java hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/TestSaslRPC.java Modified: hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeys.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeys.java?rev=1508564&r1=1508563&r2=1508564&view=diff ============================================================================== --- hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeys.java (original) +++ hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeys.java Tue Jul 30 18:10:51 2013 @@ -202,5 +202,8 @@ public class CommonConfigurationKeys ext public static final long HADOOP_SECURITY_UID_NAME_CACHE_TIMEOUT_DEFAULT = 4*60*60; // 4 hours + + public static final String IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_KEY = "ipc.client.fallback-to-simple-auth-allowed"; + public static final boolean IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_DEFAULT = false; } Modified: hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java?rev=1508564&r1=1508563&r2=1508564&view=diff ============================================================================== --- hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java (original) +++ hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java Tue Jul 30 18:10:51 2013 @@ -108,6 +108,8 @@ public class Client { private int refCount = 1; private final int connectionTimeout; + + private final boolean fallbackAllowed; final static int PING_CALL_ID = -1; @@ -452,7 +454,8 @@ public class Client { private synchronized boolean setupSaslConnection(final InputStream in2, final OutputStream out2) throws IOException { - saslRpcClient = new SaslRpcClient(authMethod, token, serverPrincipal); + saslRpcClient = new SaslRpcClient(authMethod, token, serverPrincipal, + fallbackAllowed); return saslRpcClient.saslConnect(in2, out2); } @@ -1045,6 +1048,8 @@ public class Client { this.socketFactory = factory; this.connectionTimeout = conf.getInt(CommonConfigurationKeys.IPC_CLIENT_CONNECT_TIMEOUT_KEY, CommonConfigurationKeys.IPC_CLIENT_CONNECT_TIMEOUT_DEFAULT); + this.fallbackAllowed = conf.getBoolean(CommonConfigurationKeys.IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_KEY, + CommonConfigurationKeys.IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_DEFAULT); } /** Modified: hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java?rev=1508564&r1=1508563&r2=1508564&view=diff ============================================================================== --- hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java (original) +++ hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java Tue Jul 30 18:10:51 2013 @@ -59,6 +59,7 @@ public class SaslRpcClient { public static final Log LOG = LogFactory.getLog(SaslRpcClient.class); private final SaslClient saslClient; + private final boolean fallbackAllowed; /** * Create a SaslRpcClient for an authentication method @@ -69,8 +70,10 @@ public class SaslRpcClient { * token to use if needed by the authentication method */ public SaslRpcClient(AuthMethod method, - Token<? extends TokenIdentifier> token, String serverPrincipal) + Token<? extends TokenIdentifier> token, String serverPrincipal, + boolean fallbackAllowed) throws IOException { + this.fallbackAllowed = fallbackAllowed; String saslUser = null; String saslProtocol = null; String saslServerName = null; @@ -155,6 +158,11 @@ public class SaslRpcClient { readStatus(inStream); int len = inStream.readInt(); if (len == SaslRpcServer.SWITCH_TO_SIMPLE_AUTH) { + if (!fallbackAllowed) { + throw new IOException("Server asks us to fall back to SIMPLE " + + "auth, but this client is configured to only allow secure " + + "connections."); + } if (LOG.isDebugEnabled()) LOG.debug("Server asks us to fall back to simple auth."); saslClient.dispose(); Modified: hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml?rev=1508564&r1=1508563&r2=1508564&view=diff ============================================================================== --- hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml (original) +++ hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml Tue Jul 30 18:10:51 2013 @@ -1208,4 +1208,17 @@ </description> </property> +<property> + <name>ipc.client.fallback-to-simple-auth-allowed</name> + <value>false</value> + <description> + When a client is configured to attempt a secure connection, but attempts to + connect to an insecure server, that server may instruct the client to + switch to SASL SIMPLE (unsecure) authentication. This setting controls + whether or not the client will accept this instruction from the server. + When false (the default), the client will not allow the fallback to SIMPLE + authentication, and will abort the connection. + </description> +</property> + </configuration> Modified: hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/TestSaslRPC.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/TestSaslRPC.java?rev=1508564&r1=1508563&r2=1508564&view=diff ============================================================================== --- hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/TestSaslRPC.java (original) +++ hadoop/common/branches/branch-2.0.6-alpha/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/TestSaslRPC.java Tue Jul 30 18:10:51 2013 @@ -727,6 +727,9 @@ public class TestSaslRPC { final Configuration clientConf = new Configuration(conf); SecurityUtil.setAuthenticationMethod(clientAuth, clientConf); UserGroupInformation.setConfiguration(clientConf); + clientConf.setBoolean( + CommonConfigurationKeys.IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_KEY, + true); final UserGroupInformation clientUgi = UserGroupInformation.createRemoteUser(currentUser + "-CLIENT");