Sébastien BARNOUD created HBASE-22492:
-----------------------------------------
Summary: HBase server doesn't preserve SASL sequence number on the
network
Key: HBASE-22492
URL: https://issues.apache.org/jira/browse/HBASE-22492
Project: HBase
Issue Type: Bug
Components: regionserver
Affects Versions: 1.1.2
Environment: HDP 2.6.5.108-1
I propose a fix here:
[https://github.com/sbarnoud/hbase-release/commit/ce9894ffe0e4039deecd1ed51fa135f64b311d41]
It seems that any HBase 1.x is affected.
This part of code has been fully rewritten in HBase 2.x, and i haven't do the
analysis on HBase 2.x which may be affected.
Reporter: Sébastien BARNOUD
When auth-conf is enabled on RPC, the server encrypt response in setReponse()
using saslServer. The generated cryptogram included a sequence number manage by
saslServer. But then, when the response is sent over the network, the sequence
number is not preserved.
The client receives reply in the wrong order, leading to a log message from
DigestMD5Base:
{code:java}
sasl:1481 - DIGEST41:Unmatched MACs
{code}
Then the message is discarded, leading the client to a timeout.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
