[jira] [Commented] (ZOOKEEPER-1437) Client uses session before SASL authentication complete

Tue, 15 May 2012 20:26:56 -0700 

    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-1437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13276413#comment-13276413
 ] 

Eugene Koontz commented on ZOOKEEPER-1437:
------------------------------------------

Hi Patrick,

I think I understand you but I want to make sure:
 
Your idea is that ClientCnxn:queueSaslPacket() will use a 
java.util.concurrent.CountDownLatch to determine when SASL authentication is 
complete. The client's Main thread will await() on this latch. Meanwhile, the 
client's SendThread will be sending and receiving SASL packets until the 
ZooKeeperSaslClient has finished authenticating with the server. When SASL 
authentication is finished (successfully or not), the Send thread will 
countDown() the latch, and the Main thread will be able to continue, causing 
its packets to be enqueued on the outgoingQueue. 

NIOServerCnxn::doIO() will not need any changes - it will simply send and 
receive packets in the outgoingQueue's natural ordering, without regard to 
their type. But because of the latch in ClientCnxn:queueSaslPacket(), the 
packets will be ordered so that no permissions-requiring packets are sent 
before authentication completes.
                
> Client uses session before SASL authentication complete
> -------------------------------------------------------
>
>                 Key: ZOOKEEPER-1437
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1437
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: java client
>    Affects Versions: 3.4.3
>            Reporter: Thomas Weise
>            Assignee: Eugene Koontz
>             Fix For: 3.4.4, 3.5.0
>
>         Attachments: ZOOKEEPER-1437.patch, ZOOKEEPER-1437.patch, 
> ZOOKEEPER-1437.patch, ZOOKEEPER-1437.patch, ZOOKEEPER-1437.patch, 
> ZOOKEEPER-1437.patch, ZOOKEEPER-1437.patch, ZOOKEEPER-1437.patch
>
>
> Found issue in the context of hbase region server startup, but can be 
> reproduced w/ zkCli alone.
> getData may occur prior to SaslAuthenticated and fail with NoAuth. This is 
> not expected behavior when the client is configured to use SASL.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to