big-data/hadoop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HADOOP-9850. RPC kerberos errors don't trigger relogin. Contributed by Daryn Sharp.

Browse Source 
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1511823 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Kihwal Lee 2013-08-08 15:03:12 +00:00
parent 78cea88e48
commit c6ba793b65
3 changed files with 20 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hadoop-common-project/hadoop-common/CHANGES.txt
View File

@ -699,6 +699,8 @@ Release 2.1.0-beta - 2013-08-06
HADOOP-9816. RPC Sasl QOP is broken (daryn) HADOOP-9816. RPC Sasl QOP is broken (daryn)
HADOOP-9850. RPC kerberos errors don't trigger relogin. (daryn via kihwal)
BREAKDOWN OF HADOOP-8562 SUBTASKS AND RELATED JIRAS BREAKDOWN OF HADOOP-8562 SUBTASKS AND RELATED JIRAS
HADOOP-8924. Hadoop Common creating package-info.java must not depend on HADOOP-8924. Hadoop Common creating package-info.java must not depend on

1
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java
View File

@ -713,6 +713,7 @@ public AuthMethod run()
} }
}); });
} catch (Exception ex) { } catch (Exception ex) {
authMethod = saslRpcClient.getAuthMethod();
if (rand == null) { if (rand == null) {
rand = new Random(); rand = new Random();
} }

19
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java
View File

@ -83,6 +83,7 @@ public class SaslRpcClient {
private final Configuration conf; private final Configuration conf;
private SaslClient saslClient; private SaslClient saslClient;
private AuthMethod authMethod;
private static final RpcRequestHeaderProto saslHeader = ProtoUtil private static final RpcRequestHeaderProto saslHeader = ProtoUtil
.makeRpcRequestHeader(RpcKind.RPC_PROTOCOL_BUFFER, .makeRpcRequestHeader(RpcKind.RPC_PROTOCOL_BUFFER,
@ -113,6 +114,18 @@ public Object getNegotiatedProperty(String key) {
return (saslClient != null) ? saslClient.getNegotiatedProperty(key) : null; return (saslClient != null) ? saslClient.getNegotiatedProperty(key) : null;
} }
// the RPC Client has an inelegant way of handling expiration of TGTs
// acquired via a keytab. any connection failure causes a relogin, so
// the Client needs to know what authMethod was being attempted if an
// exception occurs. the SASL prep for a kerberos connection should
// ideally relogin if necessary instead of exposing this detail to the
// Client
@InterfaceAudience.Private
public AuthMethod getAuthMethod() {
return authMethod;
}
/** /**
* Instantiate a sasl client for the first supported auth type in the * Instantiate a sasl client for the first supported auth type in the
* given list. The auth type must be defined, enabled, and the user * given list. The auth type must be defined, enabled, and the user
@ -319,8 +332,9 @@ public AuthMethod saslConnect(InputStream inS, OutputStream outS)
DataOutputStream outStream = new DataOutputStream(new BufferedOutputStream( DataOutputStream outStream = new DataOutputStream(new BufferedOutputStream(
outS)); outS));
// redefined if/when a SASL negotiation completes // redefined if/when a SASL negotiation starts, can be queried if the
AuthMethod authMethod = AuthMethod.SIMPLE; // negotiation fails
authMethod = AuthMethod.SIMPLE;
sendSaslMessage(outStream, negotiateRequest); sendSaslMessage(outStream, negotiateRequest);
@ -357,6 +371,7 @@ public AuthMethod saslConnect(InputStream inS, OutputStream outS)
case NEGOTIATE: { case NEGOTIATE: {
// create a compatible SASL client, throws if no supported auths // create a compatible SASL client, throws if no supported auths
SaslAuth saslAuthType = selectSaslClient(saslMessage.getAuthsList()); SaslAuth saslAuthType = selectSaslClient(saslMessage.getAuthsList());
// define auth being attempted, caller can query if connect fails
authMethod = AuthMethod.valueOf(saslAuthType.getMethod()); authMethod = AuthMethod.valueOf(saslAuthType.getMethod());
byte[] responseToken = null; byte[] responseToken = null;