[jira] [Commented] (ZOOKEEPER-2036) Client which is not unauthorized able to access the Secure Data which is created by the Secure Client

Mon, 15 Sep 2014 01:13:06 -0700 

    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-2036?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14133680#comment-14133680
 ] 

Brahma Reddy Battula commented on ZOOKEEPER-2036:
-------------------------------------------------

Since we are allowing to connect the secure cluster without jaas.conf, I think, 
we need to maintain ACL such that only authorised user will be able to access..

Please correct me If I am wrong..

> Client which is not unauthorized able to access the Secure Data which is 
> created by the Secure Client
> -----------------------------------------------------------------------------------------------------
>
>                 Key: ZOOKEEPER-2036
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2036
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: server
>    Affects Versions: 3.4.5
>            Reporter: Brahma Reddy Battula
>            Priority: Blocker
>
>  *{color:blue}Scenario:{color}* 
> Started the Secure ZK Cluster.
> Logged with Secure ZK Client(by passing valid jaas.conf) and created the 
> Znodes
> Now logged in to same secure cluster using unsecure ZKClient (without 
> jaas.conf) to same Cluster and able to access the data which is created by 
> the Secured Client..
>  *{color:blue}Secured Client{color}:(which is created the Znodes)* 
> 2014-09-15 13:40:56,288 [myid:] - INFO  
> [main-SendThread(localhost:2181):ZooKeeperSaslClient$1@285] - Client will use 
> GSSAPI as SASL mechanism.
> 2014-09-15 13:40:56,296 [myid:] - INFO  [Thread-1:Login@301] - TGT valid 
> starting at:        Mon Sep 15 13:40:56 IST 2014
> 2014-09-15 13:40:56,296 [myid:] - INFO  [Thread-1:Login@302] - TGT expires:   
>                Tue Sep 16 13:40:56 IST 2014
> 2014-09-15 13:40:56,296 [myid:] - INFO  [Thread-1:Login$1@181] - TGT refresh 
> sleeping until: Tue Sep 16 09:36:04 IST 2014
> 2014-09-15 13:40:56,302 [myid:] - INFO  
> [main-SendThread(localhost:2181):ClientCnxn$SendThread@1000] - Opening socket 
> connection to server localhost/0:0:0:0:0:0:0:1:2181. Will attempt to 
> SASL-authenticate using Login Context section 'Client'
> 2014-09-15 13:40:56,308 [myid:] - INFO  
> [main-SendThread(localhost:2181):ClientCnxn$SendThread@855] - Socket 
> connection established to localhost/0:0:0:0:0:0:0:1:2181, initiating session
> 2014-09-15 13:40:56,344 [myid:] - INFO  
> [main-SendThread(localhost:2181):ClientCnxn$SendThread@1260] - Session 
> establishment complete on server localhost/0:0:0:0:0:0:0:1:2181, sessionid = 
> 0x1486856657e0016, negotiated timeout = 30000
> WATCHER::
> WatchedEvent state:SyncConnected type:None path:null
> WATCHER::
> WatchedEvent state:SaslAuthenticated type:None path:null
> [zk: localhost:2181(CONNECTED) 1] create -s /tmp-seq 'sd:er:'
> Created /tmp-seq0000000003
> [zk: localhost:2181(CONNECTED) 2] create -s /tmp-seq 'sd:er:'
> Created /tmp-seq0000000004
> [zk: localhost:2181(CONNECTED) 0] ls /
> [tmp-seq0000000004, tmp-seq0000000003, hadoop, hadoop-ha, tmp-seq0000000002, 
> zookeeper]
>  *{color:blue}UnSecured Client{color}:(which is Accesing Znodes)* 
> 014-09-15 13:00:30,441 [myid:] - INFO  
> [main-SendThread(localhost:2181):ClientCnxn$SendThread@1000] - Opening socket 
> connection to server localhost/127.0.0.1:2181
> WatchedEvent state:AuthFailed type:None path:null
> JLine support is enabled
> 2014-09-15 13:00:30,451 [myid:] - INFO  
> [main-SendThread(localhost:2181):ClientCnxn$SendThread@855] - Socket 
> connection established to localhost/127.0.0.1:2181, initiating session
> [zk: localhost:2181(CONNECTING) 0] 2014-09-15 13:00:30,488 [myid:] - INFO  
> [main-SendThread(localhost:2181):ClientCnxn$SendThread@1260] - Session 
> establishment complete on server localhost/127.0.0.1:2181, sessionid = 
> 0x348685662250005, negotiated timeout = 30000
> WATCHER::
> WatchedEvent state:SyncConnected type:None path:null
> [zk: localhost:2181(CONNECTED) 0] ls /
> [tmp-seq0000000004, tmp-seq0000000003, hadoop, hadoop-ha, tmp-seq0000000002, 
> zookeeper]
> [zk: localhost:2181(CONNECTED) 1] get /tmp-seq000000000
> tmp-seq0000000004   tmp-seq0000000003   tmp-seq0000000002
> [zk: localhost:2181(CONNECTED) 1] get /tmp-seq0000000002
> ''
> cZxid = 0x100000040
> ctime = Mon Sep 15 12:51:50 IST 2014
> mZxid = 0x100000040
> mtime = Mon Sep 15 12:51:50 IST 2014
> pZxid = 0x100000040
> cversion = 0
> dataVersion = 0
> aclVersion = 0
> ephemeralOwner = 0x0
> dataLength = 2
> numChildren = 0



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to