This is an automated email from the ASF dual-hosted git repository.
stoty pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hbase.git
The following commit(s) were added to refs/heads/master by this push:
new 9036d88ab5f HBASE-28970 Get asyncfs working with custom SASL
mechanisms (#6507)
9036d88ab5f is described below
commit 9036d88ab5f6e60ccfaa7dcec79448c4e49f3e6a
Author: Istvan Toth <[email protected]>
AuthorDate: Thu Jan 9 12:09:50 2025 +0100
HBASE-28970 Get asyncfs working with custom SASL mechanisms (#6507)
---
.../asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.java | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git
a/hbase-asyncfs/src/main/java/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.java
b/hbase-asyncfs/src/main/java/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.java
index 4f5ae5b22a9..a39c4fba791 100644
---
a/hbase-asyncfs/src/main/java/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.java
+++
b/hbase-asyncfs/src/main/java/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.java
@@ -112,7 +112,8 @@ public final class FanOutOneBlockAsyncDFSOutputSaslHelper {
private static final String SERVER_NAME = "0";
private static final String PROTOCOL = "hdfs";
- private static final String MECHANISM = "DIGEST-MD5";
+ private static final String MECHANISM =
+
org.apache.hadoop.security.SaslRpcServer.AuthMethod.TOKEN.getMechanismName();
private static final int SASL_TRANSFER_MAGIC_NUMBER = 0xDEADBEEF;
private static final String NAME_DELIMITER = " ";
@@ -461,7 +462,11 @@ public final class FanOutOneBlockAsyncDFSOutputSaslHelper {
@Override
public void handlerAdded(ChannelHandlerContext ctx) throws Exception {
safeWrite(ctx,
ctx.alloc().buffer(4).writeInt(SASL_TRANSFER_MAGIC_NUMBER));
- sendSaslMessage(ctx, new byte[0]);
+ byte[] firstMessage = new byte[0];
+ if (saslClient.hasInitialResponse()) {
+ firstMessage = saslClient.evaluateChallenge(firstMessage);
+ }
+ sendSaslMessage(ctx, firstMessage);
ctx.flush();
step++;
}
@@ -502,12 +507,17 @@ public final class FanOutOneBlockAsyncDFSOutputSaslHelper
{
Set<String> requestedQop =
ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));
String negotiatedQop = getNegotiatedQop();
+ // Treat null negotiated QOP as "auth" for the purpose of verification
+ // Code elsewhere does the same implicitly
+ if (negotiatedQop == null) {
+ negotiatedQop = "auth";
+ }
LOG.debug(
"Verifying QOP, requested QOP = " + requestedQop + ", negotiated QOP =
" + negotiatedQop);
if (!requestedQop.contains(negotiatedQop)) {
throw new IOException(String.format("SASL handshake completed, but "
+ "channel does not have acceptable quality of protection, "
- + "requested = %s, negotiated = %s", requestedQop, negotiatedQop));
+ + "requested = %s, negotiated(effective) = %s", requestedQop,
negotiatedQop));
}
}
