big-data/hadoop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert "HDFS-17575. SaslDataTransferClient should use SaslParticipant to create messages. (#6933)"

Browse Source 
This reverts commit 7638b4727e.
This commit is contained in:
Tsz-Wo Nicholas Sze 2024-07-21 19:07:19 +08:00
parent 1577f57d4c
commit e48cd0e987
2 changed files with 6 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferClient.java
View File

@ -63,7 +63,6 @@
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.util.Lists;
import org.apache.hadoop.util.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -85,8 +84,6 @@ public class SaslDataTransferClient {
private static final Logger LOG = LoggerFactory.getLogger(
SaslDataTransferClient.class);
private static final byte[] EMPTY_BYTE_ARRAY = {};
private final Configuration conf;
private final AtomicBoolean fallbackToSimpleAuth;
private final SaslPropertiesResolver saslPropsResolver;
@ -522,29 +519,25 @@ private IOStreamPair doSaslHandshake(InetAddress addr,
// In which case there will be no encrypted secret sent from NN.
BlockTokenIdentifier blockTokenIdentifier =
accessToken.decodeIdentifier();
final byte[] first = sasl.evaluateChallengeOrResponse(EMPTY_BYTE_ARRAY);
if (LOG.isDebugEnabled()) {
LOG.info("first: {}", first == null ? null : first.length == 0 ? "<empty>"
: StringUtils.byteToHexString(first));
}
if (blockTokenIdentifier != null) {
byte[] handshakeSecret =
accessToken.decodeIdentifier().getHandshakeMsg();
if (handshakeSecret == null || handshakeSecret.length == 0) {
LOG.debug("Handshake secret is null, "
+ "sending without handshake secret.");
sendSaslMessage(out, first);
sendSaslMessage(out, new byte[0]);
} else {
LOG.debug("Sending handshake secret.");
BlockTokenIdentifier identifier = new BlockTokenIdentifier();
identifier.readFields(new DataInputStream(
new ByteArrayInputStream(accessToken.getIdentifier())));
String bpid = identifier.getBlockPoolId();
sendSaslMessageHandshakeSecret(out, first, handshakeSecret, bpid);
sendSaslMessageHandshakeSecret(out, new byte[0],
handshakeSecret, bpid);
}
} else {
LOG.debug("Block token id is null, sending without handshake secret.");
sendSaslMessage(out, first);
sendSaslMessage(out, new byte[0]);
}
// step 1
@ -572,7 +565,6 @@ private IOStreamPair doSaslHandshake(InetAddress addr,
cipherOptions.add(option);
}
}
LOG.debug("{}: cipherOptions={}", sasl, cipherOptions);
sendSaslMessageAndNegotiationCipherOptions(out, localResponse,
cipherOptions);

10
hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslParticipant.java
View File

@ -20,7 +20,6 @@
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.util.Map;
import java.util.Objects;
import javax.security.auth.callback.CallbackHandler;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
@ -111,7 +110,7 @@ public static SaslParticipant createClientSaslParticipant(String userName,
* @param saslServer to wrap
*/
private SaslParticipant(SaslServer saslServer) {
this.saslServer = Objects.requireNonNull(saslServer, "saslServer == null");
this.saslServer = saslServer;
this.saslClient = null;
}
@ -122,7 +121,7 @@ private SaslParticipant(SaslServer saslServer) {
*/
private SaslParticipant(SaslClient saslClient) {
this.saslServer = null;
this.saslClient = Objects.requireNonNull(saslClient, "saslClient == null");
this.saslClient = saslClient;
}
/**
@ -229,9 +228,4 @@ public IOStreamPair createStreamPair(DataOutputStream out,
new SaslOutputStream(out, saslServer));
}
}
@Override
public String toString() {
return "Sasl" + (saslServer != null? "Server" : "Client");
}
}