[jira] [Commented] (ZOOKEEPER-1437) Client uses session before SASL authentication complete

[Rakesh R (JIRA)]

    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-1437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13413635#comment-13413635
 ] 

Rakesh R commented on ZOOKEEPER-1437:
-------------------------------------

Hi Eugene, Sorry to join late. BTW the patch looks great and just few 
suggestions.

----
#1# 
{code}
throw new SaslException("Failed to send SASL packet to server due " +
              "to IOException:" + e);
LOG.error("SASL authentication with Zookeeper Quorum member failed: " + e);
{code}
Instead of appending the exception, would be good to pass exception as an 
argument.
----
#2# Say, client and server got partitioned. Now the 'respondToServer' will fail 
and marking the state as FAILED, also 'gotLastPacket = true'. Here I'm just 
doubting, whether to mark 'gotLastPacket=true' rather what about considering as 
authenticationInProgress and continue?

{code}
public void respondToServer(byte[] serverToken, ClientCnxn cnxn) {
      if (!(saslClient.isComplete())) {
         try {
         //...
              sendSaslPacket(saslToken, cnxn);
         //....
         } catch (SaslException e) {
             saslState = SaslState.FAILED;
             gotLastPacket = true;
         }
}

public boolean clientTunneledAuthenticationInProgress() {
          //....
          //...
            if (((isComplete()) ||
                    (isFailed())) &&
                    (gotLastPacket == false)) {
                return true;
            }
}
{code}
                
> Client uses session before SASL authentication complete
> -------------------------------------------------------
>
>                 Key: ZOOKEEPER-1437
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1437
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: java client
>    Affects Versions: 3.4.3
>            Reporter: Thomas Weise
>            Assignee: Eugene Koontz
>             Fix For: 3.4.4, 3.5.0
>
>         Attachments: ZOOKEEPER-1437.patch, ZOOKEEPER-1437.patch, 
> ZOOKEEPER-1437.patch, ZOOKEEPER-1437.patch, ZOOKEEPER-1437.patch, 
> ZOOKEEPER-1437.patch, ZOOKEEPER-1437.patch, ZOOKEEPER-1437.patch, 
> ZOOKEEPER-1437.patch, ZOOKEEPER-1437.patch, ZOOKEEPER-1437.patch, 
> ZOOKEEPER-1437.patch, ZOOKEEPER-1437.patch, ZOOKEEPER-1437.patch, 
> ZOOKEEPER-1437.patch, getXidCallHierarchy.png
>
>
> Found issue in the context of hbase region server startup, but can be 
> reproduced w/ zkCli alone.
> getData may occur prior to SaslAuthenticated and fail with NoAuth. This is 
> not expected behavior when the client is configured to use SASL.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira