Skip to content

HBASE-28970 Get asyncfs working with custom SASL mechanisms #6507

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
stoty merged 3 commits into from
Jan 9, 2025
Merged

HBASE-28970 Get asyncfs working with custom SASL mechanisms #6507

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
8af0310
HBASE-28970 Get asyncfs working with custom SASL mechanisms
stoty Nov 8, 2024
2969515
apply spotless
stoty Dec 3, 2024
56a7d83
minimal optimization
stoty Dec 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 13 additions & 3 deletions .../main/java/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,8 @@ private FanOutOneBlockAsyncDFSOutputSaslHelper() {

private static final String SERVER_NAME = "0";
private static final String PROTOCOL = "hdfs";
private static final String MECHANISM = "DIGEST-MD5";
private static final String MECHANISM =
org.apache.hadoop.security.SaslRpcServer.AuthMethod.TOKEN.getMechanismName();
private static final int SASL_TRANSFER_MAGIC_NUMBER = 0xDEADBEEF;
private static final String NAME_DELIMITER = " ";

Expand Down Expand Up @@ -461,7 +462,11 @@ private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload,
@Override
public void handlerAdded(ChannelHandlerContext ctx) throws Exception {
safeWrite(ctx, ctx.alloc().buffer(4).writeInt(SASL_TRANSFER_MAGIC_NUMBER));
sendSaslMessage(ctx, new byte[0]);
byte[] firstMessage = new byte[0];
if (saslClient.hasInitialResponse()) {
firstMessage = saslClient.evaluateChallenge(firstMessage);
}
sendSaslMessage(ctx, firstMessage);
ctx.flush();
step++;
}
Expand Down Expand Up @@ -502,12 +507,17 @@ private void checkSaslComplete() throws IOException {
Set<String> requestedQop =
ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));
String negotiatedQop = getNegotiatedQop();
// Treat null negotiated QOP as "auth" for the purpose of verification
// Code elsewhere does the same implicitly
if (negotiatedQop == null) {
negotiatedQop = "auth";
}
LOG.debug(
"Verifying QOP, requested QOP = " + requestedQop + ", negotiated QOP = " + negotiatedQop);
if (!requestedQop.contains(negotiatedQop)) {
throw new IOException(String.format("SASL handshake completed, but "
+ "channel does not have acceptable quality of protection, "
+ "requested = %s, negotiated = %s", requestedQop, negotiatedQop));
+ "requested = %s, negotiated(effective) = %s", requestedQop, negotiatedQop));
}
}

Expand Down