HADOOP-9880. SASL changes from HADOOP-9421 breaks Secure HA NN. Contributed by Daryn Sharp.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1514913 13f79535-47bb-0310-9956-ffa450edef68
2013-08-16 22:35:19 +00:00 · 2013-08-16 22:35:19 +00:00 · 52f0259502
commit 52f0259502
parent 9ba95136e2
4 changed files with 34 additions and 2 deletions
--- a/hadoop-common-project/hadoop-common/CHANGES.txt
+++ b/hadoop-common-project/hadoop-common/CHANGES.txt
@ -399,6 +399,9 @@ Release 2.1.1-beta - UNRELEASED

    HADOOP-9868. Server must not advertise kerberos realm. (daryn via kihwal)

+    HADOOP-9880. SASL changes from HADOOP-9421 breaks Secure HA NN. (daryn via
+    jing9)
+
 Release 2.1.0-beta - 2013-08-22

  INCOMPATIBLE CHANGES
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java
@ -1311,7 +1311,15 @@ private void saslProcess(RpcSaslProto saslMessage)
          Throwable cause = e;
          while (cause != null) {
            if (cause instanceof InvalidToken) {
-              sendToClient = (InvalidToken) cause;
+              // FIXME: hadoop method signatures are restricting the SASL
+              // callbacks to only returning InvalidToken, but some services
+              // need to throw other exceptions (ex. NN + StandyException),
+              // so for now we'll tunnel the real exceptions via an
+              // InvalidToken's cause which normally is not set 
+              if (cause.getCause() != null) {
+                cause = cause.getCause();
+              }
+              sendToClient = (IOException) cause;
              break;
            }
            cause = cause.getCause();
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcServer.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcServer.java
@ -127,7 +127,6 @@ public SaslServer create(Connection connection,
    final CallbackHandler callback;
    switch (authMethod) {
      case TOKEN: {
-        secretManager.checkAvailableForRead();
        callback = new SaslDigestCallbackHandler(secretManager, connection);
        break;
      }
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/delegation/DelegationTokenSecretManager.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/delegation/DelegationTokenSecretManager.java
@ -81,6 +81,28 @@ public DelegationTokenIdentifier createIdentifier() {
    return new DelegationTokenIdentifier();
  }
  
+  @Override
+  public synchronized byte[] retrievePassword(
+      DelegationTokenIdentifier identifier) throws InvalidToken {
+    try {
+      // this check introduces inconsistency in the authentication to a
+      // HA standby NN.  non-token auths are allowed into the namespace which
+      // decides whether to throw a StandbyException.  tokens are a bit
+      // different in that a standby may be behind and thus not yet know
+      // of all tokens issued by the active NN.  the following check does
+      // not allow ANY token auth, however it should allow known tokens in
+      checkAvailableForRead();
+    } catch (StandbyException se) {
+      // FIXME: this is a hack to get around changing method signatures by
+      // tunneling a non-InvalidToken exception as the cause which the
+      // RPC server will unwrap before returning to the client
+      InvalidToken wrappedStandby = new InvalidToken("StandbyException");
+      wrappedStandby.initCause(se);
+      throw wrappedStandby;
+    }
+    return super.retrievePassword(identifier);
+  }
+  
  @Override //SecretManager
  public void checkAvailableForRead() throws StandbyException {
    namesystem.checkOperation(OperationCategory.READ);