[jira] [Commented] (HBASE-15830) Sasl encryption doesn't work with AsyncRpcChannelImpl

Tue, 24 May 2016 01:24:23 -0700 

    [ 
https://issues.apache.org/jira/browse/HBASE-15830?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15297884#comment-15297884
 ] 

Colin Ma commented on HBASE-15830:
----------------------------------

hi, [~ghelmling], thanks for the review. I updated the patch according to your 
comments.
Please see my answer for the following comments:
* in getChannelHeaderBytes(AuthMethod authMethod), why not use 
IPCUtil.getTotalSizeWhenWrittenDelimited() instead of hard-coding the extra 4 
bytes?
For every message to RpcServer, the total size should be size of message body + 
4(which is int size). But IPCUtil.getTotalSizeWhenWrittenDelimited() can't 
compute the correct size for RpcServer, so the extra 4 bytes is used.
* Don't we need to write the connection header in both cases?
If qop == auth, the connection header will be written in 
successfulConnectHandler.onSuccess(ctx.channel()). To avoid the deadlocks 
problem(refer the [source 
code|https://github.com/apache/hbase/blob/master/hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/AsyncRpcChannelImpl.java#L212]),
 the connection header should be written in SaslClientHandler.channelRead().
For the test case, I haven't tested this on a real cluster, just tested with 
AbstractTestSecureIPC.testSaslWithCommonQop().
The link for reviewboard is in this JIRA, you also can publish the comments 
there. 

> Sasl encryption doesn't work with AsyncRpcChannelImpl
> -----------------------------------------------------
>
>                 Key: HBASE-15830
>                 URL: https://issues.apache.org/jira/browse/HBASE-15830
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Colin Ma
>         Attachments: HBASE-15830.001.patch, HBASE-15830.002.patch, 
> HBASE-15830.003.patch
>
>
> Currently, sasl encryption doesn't work with AsyncRpcChannelImpl, there has 3 
> problems:
> 1. 
> [sourcecode|https://github.com/apache/hbase/blob/master/hbase-client/src/main/java/org/apache/hadoop/hbase/security/SaslClientHandler.java#L308]
>  will throw the following exception:
> java.lang.UnsupportedOperationException: direct buffer
>       at 
> io.netty.buffer.UnpooledUnsafeDirectByteBuf.array(UnpooledUnsafeDirectByteBuf.java:199)
>       at 
> org.apache.hadoop.hbase.security.SaslClientHandler.write(SaslClientHandler.java:308)
> 2. 
> [sourcecode|https://github.com/apache/hbase/blob/master/hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/AsyncRpcChannelImpl.java#L212]
>  has deadlocks problem.
> 3. TestAsyncSecureIPC doesn't cover the sasl encryption test case.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to