[jira] [Updated] (HBASE-22492) HBase server doesn't preserve SASL sequence number on the network

Wed, 29 May 2019 02:26:45 -0700 


     [ 
https://issues.apache.org/jira/browse/HBASE-22492?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sébastien BARNOUD updated HBASE-22492:
--------------------------------------
    Description: 
When auth-conf is enabled on RPC, the server encrypt response in setReponse() 
using saslServer. The generated cryptogram included a sequence number manage by 
saslServer. But then, when the response is sent over the network, the sequence 
number order is not preserved.

The client receives reply in the wrong order, leading to a log message from 
DigestMD5Base:
{code:java}
sasl:1481  - DIGEST41:Unmatched MACs

{code}
Then the message is discarded, leading the client to a timeout.

I propose a fix here: 
[https://github.com/sbarnoud/hbase-release/commit/ce9894ffe0e4039deecd1ed51fa135f64b311d41]

It seems that any HBase 1.x is affected.

This part of code has been fully rewritten in HBase 2.x, and i haven't do the 
analysis on HBase 2.x which may be affected.

 

  was:
When auth-conf is enabled on RPC, the server encrypt response in setReponse() 
using saslServer. The generated cryptogram included a sequence number manage by 
saslServer. But then, when the response is sent over the network, the sequence 
number order is not preserved.

The client receives reply in the wrong order, leading to a log message from 
DigestMD5Base:
{code:java}
sasl:1481  - DIGEST41:Unmatched MACs

{code}
Then the message is discarded, leading the client to a timeout.


> HBase server doesn't preserve SASL sequence number on the network
> -----------------------------------------------------------------
>
>                 Key: HBASE-22492
>                 URL: https://issues.apache.org/jira/browse/HBASE-22492
>             Project: HBase
>          Issue Type: Bug
>          Components: regionserver
>    Affects Versions: 1.1.2
>         Environment: HDP 2.6.5.108-1
>  
>            Reporter: Sébastien BARNOUD
>            Priority: Major
>
> When auth-conf is enabled on RPC, the server encrypt response in setReponse() 
> using saslServer. The generated cryptogram included a sequence number manage 
> by saslServer. But then, when the response is sent over the network, the 
> sequence number order is not preserved.
> The client receives reply in the wrong order, leading to a log message from 
> DigestMD5Base:
> {code:java}
> sasl:1481  - DIGEST41:Unmatched MACs
> {code}
> Then the message is discarded, leading the client to a timeout.
> I propose a fix here: 
> [https://github.com/sbarnoud/hbase-release/commit/ce9894ffe0e4039deecd1ed51fa135f64b311d41]
> It seems that any HBase 1.x is affected.
> This part of code has been fully rewritten in HBase 2.x, and i haven't do the 
> analysis on HBase 2.x which may be affected.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to