stoty commented on code in PR #6507:
URL: https://github.com/apache/hbase/pull/6507#discussion_r1877458275
##########
hbase-asyncfs/src/main/java/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.java:
##########
@@ -502,12 +507,17 @@ private void checkSaslComplete() throws IOException {
Set<String> requestedQop =
ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));
String negotiatedQop = getNegotiatedQop();
+ // Treat null negotiated QOP as "auth" for the purpose of verification
+ // Code elsewhere does the same implicitly
+ if (negotiatedQop == null) {
+ negotiatedQop = "auth";
+ }
Review Comment:
That's not true.
The Hadoop code always requests some kind of QOP, at least "auth".
SASL mechanisms that don't support QOP at all, like SCRAM, will return null
negotiated qop.
Without this if, we could not use SCRAM at all, as ["auth"] does not contain
null.
The rest of the code does not check the negotiated QOP against the requested
one, so a null check is fine there.
This is the simplest way I can think of to handle non-QOP capable SASL
mechanisms.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
