[
https://issues.apache.org/jira/browse/HDFS-7431?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14226538#comment-14226538
]
Chris Nauroth commented on HDFS-7431:
-------------------------------------
Hello, Yi. Thank you for investigating this and posting a patch. I have a
possible idea for distinguishing the 2 cases. We throw
{{InvalidMagicNumberException}} from
{{SaslDataTransferServer#doSaslHandshake}}. Within this method, we have the
information we need to distinguish between the 2 cases:
* {{if (dnConf.getEncryptDataTransfer())}}, then it's the encrypted case.
* {{if (dnConf.getSaslPropsResolver() != null)}}, then it's the data transfer
protection case.
After checking that, we could throw exceptions with different messages
depending on the case. This could either be done with 2 distinct subclasses of
{{InvalidMagicNumberException}} or adding some kind of type tag as a member.
For the text of the messages, I suggest:
{code}
LOG.info("Failed to read expected encryption handshake from client " +
"at " + peer.getRemoteAddressString() + ". Perhaps the client " +
"is running an older version of Hadoop which does not support " +
"encryption");
{code}
{code}
LOG.info("Failed to read expected SASL data transfer protection
handshake from client " +
"at " + peer.getRemoteAddressString() + ". Perhaps the client " +
"is running an older version of Hadoop which does not support " +
"encryption");
{code}
What are your thoughts on this?
> log message for InvalidMagicNumberException may be incorrect
> ------------------------------------------------------------
>
> Key: HDFS-7431
> URL: https://issues.apache.org/jira/browse/HDFS-7431
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: security
> Reporter: Yi Liu
> Assignee: Yi Liu
> Priority: Minor
> Attachments: HDFS-7431.001.patch
>
>
> For security mode, HDFS now supports that Datanodes don't require root or
> jsvc if {{dfs.data.transfer.protection}} is configured.
> Log message for {{InvalidMagicNumberException}}, we miss one case:
> when the datanodes run on unprivileged port and
> {{dfs.data.transfer.protection}} is configured to {{authentication}} but
> {{dfs.encrypt.data.transfer}} is not configured. SASL handshake is required
> and a low version dfs client is used, then {{InvalidMagicNumberException}} is
> thrown and we write log:
> {quote}
> Failed to read expected encryption handshake from client at .... Perhaps the
> client is running an older version of Hadoop which does not support encryption
> {quote}
> Recently I run HDFS built on trunk and security is enabled, but the client is
> 2.5.1 version. Then I got the above log message, but actually I have not
> configured encryption.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
