Brahma Reddy Battula created ZOOKEEPER-2036:
-----------------------------------------------
Summary: Client which is not unauthorized able to access the
Secure Data which is created by the Secure Client
Key: ZOOKEEPER-2036
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2036
Project: ZooKeeper
Issue Type: Bug
Components: server
Affects Versions: 3.4.5
Reporter: Brahma Reddy Battula
Priority: Blocker
*{color:blue}Scenario:{color}*
Started the Secure ZK Cluster.
Logged with Secure ZK Client(by passing valid jaas.conf) and created the Znodes
Now logged in to same secure cluster using unsecure ZKClient (without
jaas.conf) to same Cluster and able to access the data which is created by the
Secured Client..
*{color:blue}Secured Client{color}:(which is created the Znodes)*
2014-09-15 13:40:56,288 [myid:] - INFO
[main-SendThread(localhost:2181):ZooKeeperSaslClient$1@285] - Client will use
GSSAPI as SASL mechanism.
2014-09-15 13:40:56,296 [myid:] - INFO [Thread-1:Login@301] - TGT valid
starting at: Mon Sep 15 13:40:56 IST 2014
2014-09-15 13:40:56,296 [myid:] - INFO [Thread-1:Login@302] - TGT expires:
Tue Sep 16 13:40:56 IST 2014
2014-09-15 13:40:56,296 [myid:] - INFO [Thread-1:Login$1@181] - TGT refresh
sleeping until: Tue Sep 16 09:36:04 IST 2014
2014-09-15 13:40:56,302 [myid:] - INFO
[main-SendThread(localhost:2181):ClientCnxn$SendThread@1000] - Opening socket
connection to server localhost/0:0:0:0:0:0:0:1:2181. Will attempt to
SASL-authenticate using Login Context section 'Client'
2014-09-15 13:40:56,308 [myid:] - INFO
[main-SendThread(localhost:2181):ClientCnxn$SendThread@855] - Socket connection
established to localhost/0:0:0:0:0:0:0:1:2181, initiating session
2014-09-15 13:40:56,344 [myid:] - INFO
[main-SendThread(localhost:2181):ClientCnxn$SendThread@1260] - Session
establishment complete on server localhost/0:0:0:0:0:0:0:1:2181, sessionid =
0x1486856657e0016, negotiated timeout = 30000
WATCHER::
WatchedEvent state:SyncConnected type:None path:null
WATCHER::
WatchedEvent state:SaslAuthenticated type:None path:null
[zk: localhost:2181(CONNECTED) 1] create -s /tmp-seq 'sd:er:'
Created /tmp-seq0000000003
[zk: localhost:2181(CONNECTED) 2] create -s /tmp-seq 'sd:er:'
Created /tmp-seq0000000004
[zk: localhost:2181(CONNECTED) 0] ls /
[tmp-seq0000000004, tmp-seq0000000003, hadoop, hadoop-ha, tmp-seq0000000002,
zookeeper]
*{color:blue}UnSecured Client{color}:(which is Accesing Znodes)*
014-09-15 13:00:30,441 [myid:] - INFO
[main-SendThread(localhost:2181):ClientCnxn$SendThread@1000] - Opening socket
connection to server localhost/127.0.0.1:2181
WatchedEvent state:AuthFailed type:None path:null
JLine support is enabled
2014-09-15 13:00:30,451 [myid:] - INFO
[main-SendThread(localhost:2181):ClientCnxn$SendThread@855] - Socket connection
established to localhost/127.0.0.1:2181, initiating session
[zk: localhost:2181(CONNECTING) 0] 2014-09-15 13:00:30,488 [myid:] - INFO
[main-SendThread(localhost:2181):ClientCnxn$SendThread@1260] - Session
establishment complete on server localhost/127.0.0.1:2181, sessionid =
0x348685662250005, negotiated timeout = 30000
WATCHER::
WatchedEvent state:SyncConnected type:None path:null
[zk: localhost:2181(CONNECTED) 0] ls /
[tmp-seq0000000004, tmp-seq0000000003, hadoop, hadoop-ha, tmp-seq0000000002,
zookeeper]
[zk: localhost:2181(CONNECTED) 1] get /tmp-seq000000000
tmp-seq0000000004 tmp-seq0000000003 tmp-seq0000000002
[zk: localhost:2181(CONNECTED) 1] get /tmp-seq0000000002
''
cZxid = 0x100000040
ctime = Mon Sep 15 12:51:50 IST 2014
mZxid = 0x100000040
mtime = Mon Sep 15 12:51:50 IST 2014
pZxid = 0x100000040
cversion = 0
dataVersion = 0
aclVersion = 0
ephemeralOwner = 0x0
dataLength = 2
numChildren = 0
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
