[jira] [Commented] (HDFS-17575) SaslDataTransferClient should use SaslParticipant to create messages

[ASF GitHub Bot (Jira)]

    [ 
https://issues.apache.org/jira/browse/HDFS-17575?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17867591#comment-17867591
 ] 

ASF GitHub Bot commented on HDFS-17575:
---------------------------------------

ayushtkn commented on PR #6933:
URL: https://github.com/apache/hadoop/pull/6933#issuecomment-2241535741

   Hi @szetszwo / @arp7 
   This PR seems to create some issues
   ```
   javax.security.sasl.SaslException: DIGEST-MD5: Digest-challenge format 
violation: algorithm directive missing
        at 
com.sun.security.sasl.digest.DigestMD5Client.processChallenge(DigestMD5Client.java:291)
        at 
com.sun.security.sasl.digest.DigestMD5Client.evaluateChallenge(DigestMD5Client.java:220)
        at 
org.apache.hadoop.hdfs.protocol.datatransfer.sasl.SaslParticipant.evaluateChallengeOrResponse(SaslParticipant.java:135)
        at 
org.apache.hadoop.hdfs.protocol.datatransfer.sasl.SaslDataTransferClient.doSaslHandshake(SaslDataTransferClient.java:525)
        at 
org.apache.hadoop.hdfs.protocol.datatransfer.sasl.SaslDataTransferClient.getSaslStreams(SaslDataTransferClient.java:449)
        at 
org.apache.hadoop.hdfs.protocol.datatransfer.sasl.SaslDataTransferClient.send(SaslDataTransferClient.java:292)
        at 
org.apache.hadoop.hdfs.protocol.datatransfer.sasl.SaslDataTransferClient.checkTrustAndSend(SaslDataTransferClient.java:239)
        at 
org.apache.hadoop.hdfs.protocol.datatransfer.sasl.SaslDataTransferClient.socketSend(SaslDataTransferClient.java:206)
        at 
org.apache.hadoop.hdfs.protocol.datatransfer.sasl.SaslDataTransferClient.socketSend(SaslDataTransferClient.java:196)
        at 
org.apache.hadoop.hdfs.DataStreamer.createBlockOutputStream(DataStreamer.java:1900)
        at 
org.apache.hadoop.hdfs.DataStreamer.setupPipelineForCreate(DataStreamer.java:1842)
        at org.apache.hadoop.hdfs.DataStreamer.run(DataStreamer.java:752)
   ```
   
   Can try running ``TestSaslDataTransfer`` or see the failures here:
   https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6951/2/testReport/
   
   Moreover, this part is also bit confusing:
   ```
         if (LOG.isDebugEnabled()) {
           LOG.info("first: {}", first == null ? null : first.length == 0 ? 
"<empty>"
               : StringUtils.byteToHexString(first));
         }
   ```
   
https://github.com/apache/hadoop/pull/6933/files#diff-00d610fa84540aaa134ec7a70bd37f8a1c5726565f5a65054de5df6951484df6R526-R529
   
   Why are we checking ``isDebugEnabled`` when we are logging at ``info`` level
   




> SaslDataTransferClient should use SaslParticipant to create messages
> --------------------------------------------------------------------
>
>                 Key: HDFS-17575
>                 URL: https://issues.apache.org/jira/browse/HDFS-17575
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>          Components: security
>            Reporter: Tsz-wo Sze
>            Assignee: Tsz-wo Sze
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 3.5.0
>
>
> Currently, a SaslDataTransferClient may send a message without using its 
> SaslParticipant as below.  {code}
>           sendSaslMessage(out, new byte[0]);
> {code}
> Instead, it should use its SaslParticipant to create the response.
> {code}
>       byte[] localResponse = sasl.evaluateChallengeOrResponse(remoteResponse);
>       sendSaslMessage(out, localResponse);
> {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org