HADOOP-6938. ConnectionId.getRemotePrincipal() should check if security is enabled. Contributed by Kan Zhang.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@992479 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
fa75e35f9e
commit
becf8e919a
@ -232,6 +232,9 @@ Trunk (unreleased changes)
|
||||
HADOOP-6907. Rpc client doesn't use the per-connection conf to figure
|
||||
out server's Kerberos principal (Kan Zhang via hairong)
|
||||
|
||||
HADOOP-6938. ConnectionId.getRemotePrincipal() should check if security
|
||||
is enabled. (Kan Zhang via hairong)
|
||||
|
||||
Release 0.21.0 - Unreleased
|
||||
|
||||
INCOMPATIBLE CHANGES
|
||||
|
@ -87,7 +87,7 @@ public class Client {
|
||||
private SocketFactory socketFactory; // how to create sockets
|
||||
private int refCount = 1;
|
||||
|
||||
final private static String PING_INTERVAL_NAME = "ipc.ping.interval";
|
||||
final static String PING_INTERVAL_NAME = "ipc.ping.interval";
|
||||
final static int DEFAULT_PING_INTERVAL = 60000; // 1 min
|
||||
final static int PING_CALL_ID = -1;
|
||||
|
||||
@ -1244,18 +1244,19 @@ static ConnectionId getConnectionId(InetSocketAddress addr,
|
||||
Class<?> protocol, UserGroupInformation ticket, int rpcTimeout,
|
||||
Configuration conf) throws IOException {
|
||||
String remotePrincipal = getRemotePrincipal(conf, addr, protocol);
|
||||
boolean doPing = conf.getBoolean("ipc.client.ping", true);
|
||||
return new ConnectionId(addr, protocol, ticket,
|
||||
rpcTimeout, remotePrincipal,
|
||||
conf.getInt("ipc.client.connection.maxidletime", 10000), // 10s
|
||||
conf.getInt("ipc.client.connect.max.retries", 10),
|
||||
conf.getBoolean("ipc.client.tcpnodelay", false),
|
||||
conf.getBoolean("ipc.client.ping", true),
|
||||
Client.getPingInterval(conf));
|
||||
doPing,
|
||||
(doPing ? Client.getPingInterval(conf) : 0));
|
||||
}
|
||||
|
||||
private static String getRemotePrincipal(Configuration conf,
|
||||
InetSocketAddress address, Class<?> protocol) throws IOException {
|
||||
if (protocol == null) {
|
||||
if (!UserGroupInformation.isSecurityEnabled() || protocol == null) {
|
||||
return null;
|
||||
}
|
||||
KerberosInfo krbInfo = protocol.getAnnotation(KerberosInfo.class);
|
||||
|
@ -254,6 +254,45 @@ private void doDigestRpc(Server server, TestTokenSecretManager sm)
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testPingInterval() throws Exception {
|
||||
Configuration newConf = new Configuration(conf);
|
||||
newConf.set(SERVER_PRINCIPAL_KEY, SERVER_PRINCIPAL_1);
|
||||
conf.setInt(Client.PING_INTERVAL_NAME, Client.DEFAULT_PING_INTERVAL);
|
||||
// set doPing to true
|
||||
newConf.setBoolean("ipc.client.ping", true);
|
||||
ConnectionId remoteId = ConnectionId.getConnectionId(
|
||||
new InetSocketAddress(0), TestSaslProtocol.class, null, 0, newConf);
|
||||
assertEquals(Client.DEFAULT_PING_INTERVAL, remoteId.getPingInterval());
|
||||
// set doPing to false
|
||||
newConf.setBoolean("ipc.client.ping", false);
|
||||
remoteId = ConnectionId.getConnectionId(
|
||||
new InetSocketAddress(0), TestSaslProtocol.class, null, 0, newConf);
|
||||
assertEquals(0, remoteId.getPingInterval());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testGetRemotePrincipal() throws Exception {
|
||||
try {
|
||||
Configuration newConf = new Configuration(conf);
|
||||
newConf.set(SERVER_PRINCIPAL_KEY, SERVER_PRINCIPAL_1);
|
||||
ConnectionId remoteId = ConnectionId.getConnectionId(
|
||||
new InetSocketAddress(0), TestSaslProtocol.class, null, 0, newConf);
|
||||
assertEquals(SERVER_PRINCIPAL_1, remoteId.getServerPrincipal());
|
||||
// this following test needs security to be off
|
||||
newConf.set(HADOOP_SECURITY_AUTHENTICATION, "simple");
|
||||
UserGroupInformation.setConfiguration(newConf);
|
||||
remoteId = ConnectionId.getConnectionId(new InetSocketAddress(0),
|
||||
TestSaslProtocol.class, null, 0, newConf);
|
||||
assertEquals(
|
||||
"serverPrincipal should be null when security is turned off", null,
|
||||
remoteId.getServerPrincipal());
|
||||
} finally {
|
||||
// revert back to security is on
|
||||
UserGroupInformation.setConfiguration(conf);
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testPerConnectionConf() throws Exception {
|
||||
TestTokenSecretManager sm = new TestTokenSecretManager();
|
||||
|
Loading…
Reference in New Issue
Block a user