[
https://issues.apache.org/jira/browse/HADOOP-19306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17898001#comment-17898001
]
ASF GitHub Bot commented on HADOOP-19306:
-----------------------------------------
jojochuang commented on code in PR #7140:
URL: https://github.com/apache/hadoop/pull/7140#discussion_r1840735896
##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslMechanismFactory.java:
##########
@@ -0,0 +1,75 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.security;
+
+import org.apache.hadoop.HadoopIllegalArgumentException;
+import org.apache.hadoop.classification.InterfaceAudience;
+import org.apache.hadoop.classification.InterfaceStability;
+import org.apache.hadoop.conf.Configuration;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import static
org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY_SASL_MECHANISM_DEFAULT;
+import static
org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY_SASL_MECHANISM_KEY;
+
+/**
+ * SASL related constants.
+ */
[email protected]({"HDFS", "MapReduce"})
Review Comment:
should we open this open for YARN too?
##########
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferServer.java:
##########
@@ -224,21 +225,8 @@ static final class SaslServerCallbackHandler
*/
SaslServerCallbackHandler(Configuration conf, PasswordFunction
passwordFunction) {
this.passwordFunction = passwordFunction;
-
- final Class<?> clazz = conf.getClass(
-
HdfsClientConfigKeys.DFS_DATA_TRANSFER_SASL_CUSTOMIZEDCALLBACKHANDLER_CLASS_KEY,
- CustomizedCallbackHandler.DefaultHandler.class);
- final Object callbackHandler;
- try {
- callbackHandler = clazz.newInstance();
- } catch (Exception e) {
- throw new IllegalStateException("Failed to create a new instance of "
+ clazz, e);
- }
- if (callbackHandler instanceof CustomizedCallbackHandler) {
- customizedCallbackHandler = (CustomizedCallbackHandler)
callbackHandler;
- } else {
- customizedCallbackHandler =
CustomizedCallbackHandler.delegate(callbackHandler);
- }
+ this.customizedCallbackHandler = CustomizedCallbackHandler.get(
+
HdfsClientConfigKeys.DFS_DATA_TRANSFER_SASL_CUSTOMIZEDCALLBACKHANDLER_CLASS_KEY,
conf);
Review Comment:
maybe it should use HADOOP_SECURITY_SASL_CUSTOMIZEDCALLBACKHANDLER_CLASS_KEY
to be consistent? not sure.
##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslMechanismFactory.java:
##########
@@ -0,0 +1,75 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.security;
+
+import org.apache.hadoop.HadoopIllegalArgumentException;
+import org.apache.hadoop.classification.InterfaceAudience;
+import org.apache.hadoop.classification.InterfaceStability;
+import org.apache.hadoop.conf.Configuration;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import static
org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY_SASL_MECHANISM_DEFAULT;
+import static
org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY_SASL_MECHANISM_KEY;
+
+/**
+ * SASL related constants.
+ */
[email protected]({"HDFS", "MapReduce"})
[email protected]
+public final class SaslMechanismFactory {
+ static final Logger LOG =
LoggerFactory.getLogger(SaslMechanismFactory.class);
+
+ private static final String SASL_MECHANISM_ENV = "HADOOP_SASL_MECHANISM";
+ private static final String SASL_MECHANISM;
+
+ static {
+ // env
+ final String envValue = System.getenv(SASL_MECHANISM_ENV);
+ LOG.debug("{} = {} (env)", SASL_MECHANISM_ENV, envValue);
+
+ // conf
+ final Configuration conf = new Configuration();
Review Comment:
I am a little concerned about this one.
If an application loads configuration from a custom path,
SaslMechanismFactory initialized this way will load configurations from default
path, and results in unexpected behavior to the user.
And that is a potential security issue. I had some grief over similar
problems before, see:
[HADOOP-13638](https://issues.apache.org/jira/browse/HADOOP-13638)
##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslConstants.java:
##########
@@ -1,45 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.security;
-
-import org.apache.hadoop.classification.InterfaceAudience;
-import org.apache.hadoop.classification.InterfaceStability;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * SASL related constants.
- */
[email protected]({"HDFS", "MapReduce"})
[email protected]
-public class SaslConstants {
Review Comment:
this class is not available in any offcial Apache Hadoop releases, so it's
okay to remove it.
> Support user defined auth Callback in SaslRpcServer
> ---------------------------------------------------
>
> Key: HADOOP-19306
> URL: https://issues.apache.org/jira/browse/HADOOP-19306
> Project: Hadoop Common
> Issue Type: Improvement
> Components: ipc, security
> Reporter: Tsz-wo Sze
> Assignee: Tsz-wo Sze
> Priority: Major
> Labels: pull-request-available
>
> Similar to HDFS-17576, SaslRpcServer should support CustomizedCallbackHandler.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
