[zookeeper] branch master updated: ZOOKEEPER-3331: Automatically add IP authorization for Netty connections

fangmin Mon, 06 May 2019 09:33:05 -0700

This is an automated email from the ASF dual-hosted git repository.

fangmin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zookeeper.git



The following commit(s) were added to refs/heads/master by this push:
     new c677605  ZOOKEEPER-3331: Automatically add IP authorization for Netty 
connections
c677605 is described below

commit c67760523492b8da033c7bc0ea3076ab4acf1a93
Author: Brian Nixon <[email protected]>
AuthorDate: Mon May 6 09:32:30 2019 -0700

    ZOOKEEPER-3331: Automatically add IP authorization for Netty connections
    
    Author: Brian Nixon <[email protected]>
    
    Reviewers: [email protected], [email protected]
    
    Closes #867 from enixon/netty-ip-auth
---
 .../apache/zookeeper/server/NettyServerCnxn.java   |  4 +++
 .../java/org/apache/zookeeper/test/ACLTest.java    | 37 ++++++++++++++++++++++
 2 files changed, 41 insertions(+)

diff --git 
a/zookeeper-server/src/main/java/org/apache/zookeeper/server/NettyServerCnxn.java
 
b/zookeeper-server/src/main/java/org/apache/zookeeper/server/NettyServerCnxn.java
index 50cd674..c73af01 100644
--- 
a/zookeeper-server/src/main/java/org/apache/zookeeper/server/NettyServerCnxn.java
+++ 
b/zookeeper-server/src/main/java/org/apache/zookeeper/server/NettyServerCnxn.java
@@ -22,6 +22,7 @@ import java.io.BufferedWriter;
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.io.Writer;
+import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.nio.ByteBuffer;
 import java.nio.channels.SelectionKey;
@@ -40,6 +41,7 @@ import io.netty.util.concurrent.Future;
 import io.netty.util.concurrent.GenericFutureListener;
 import org.apache.jute.BinaryInputArchive;
 import org.apache.jute.Record;
+import org.apache.zookeeper.data.Id;
 import org.apache.zookeeper.data.Stat;
 import org.apache.zookeeper.WatchedEvent;
 import org.apache.zookeeper.proto.ReplyHeader;
@@ -74,6 +76,8 @@ public class NettyServerCnxn extends ServerCnxn {
         if (this.factory.login != null) {
             this.zooKeeperSaslServer = new ZooKeeperSaslServer(factory.login);
         }
+        InetAddress addr = ((InetSocketAddress) 
channel.remoteAddress()).getAddress();
+        addAuthInfo(new Id("ip", addr.getHostAddress()));
     }
 
     @Override
diff --git 
a/zookeeper-server/src/test/java/org/apache/zookeeper/test/ACLTest.java 
b/zookeeper-server/src/test/java/org/apache/zookeeper/test/ACLTest.java
index 36e5908..8b83d9f 100644
--- a/zookeeper-server/src/test/java/org/apache/zookeeper/test/ACLTest.java
+++ b/zookeeper-server/src/test/java/org/apache/zookeeper/test/ACLTest.java
@@ -25,6 +25,7 @@ import java.util.ArrayList;
 import java.util.List;
 import java.util.concurrent.CountDownLatch;
 
+import org.apache.zookeeper.server.ServerCnxn;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.apache.zookeeper.CreateMode;
@@ -62,6 +63,42 @@ public class ACLTest extends ZKTestCase implements Watcher {
     }
 
     @Test
+    public void testNettyIpAuthDefault() throws Exception {
+        String HOSTPORT = "127.0.0.1:" + PortAssignment.unique();
+        System.setProperty(ServerCnxnFactory.ZOOKEEPER_SERVER_CNXN_FACTORY,
+                "org.apache.zookeeper.server.NettyServerCnxnFactory");
+        ClientBase.setupTestEnv();
+        File tmpDir = ClientBase.createTmpDir();
+        ZooKeeperServer zks = new ZooKeeperServer(tmpDir, tmpDir, 3000);
+        SyncRequestProcessor.setSnapCount(1000);
+        final int PORT = Integer.parseInt(HOSTPORT.split(":")[1]);
+        ServerCnxnFactory f = ServerCnxnFactory.createFactory(PORT, -1);
+        f.startup(zks);
+        try {
+            LOG.info("starting up the zookeeper server .. waiting");
+            Assert.assertTrue("waiting for server being up",
+                    ClientBase.waitForServerUp(HOSTPORT, CONNECTION_TIMEOUT));
+            ClientBase.createZKClient(HOSTPORT);
+            for (ServerCnxn cnxn : f.getConnections()) {
+                boolean foundID = false;
+                for (Id id : cnxn.getAuthInfo()) {
+                    if (id.getScheme().equals("ip")) {
+                        foundID = true;
+                        break;
+                    }
+                }
+                Assert.assertTrue(foundID);
+            }
+        } finally {
+            f.shutdown();
+            zks.shutdown();
+            Assert.assertTrue("waiting for server down",
+                    ClientBase.waitForServerDown(HOSTPORT, 
CONNECTION_TIMEOUT));
+            
System.clearProperty(ServerCnxnFactory.ZOOKEEPER_SERVER_CNXN_FACTORY);
+        }
+    }
+
+    @Test
     public void testDisconnectedAddAuth() throws Exception {
         File tmpDir = ClientBase.createTmpDir();
         ClientBase.setupTestEnv();

[zookeeper] branch master updated: ZOOKEEPER-3331: Automatically add IP authorization for Netty connections

Reply via email to