[jira] [Commented] (ZOOKEEPER-1534) Zookeeper server do not send Sal authentication failure notification to the client
[ https://issues.apache.org/jira/browse/ZOOKEEPER-1534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16364753#comment-16364753 ] ASF GitHub Bot commented on ZOOKEEPER-1534: --- Github user eolivelli commented on a diff in the pull request: https://github.com/apache/zookeeper/pull/457#discussion_r168302873 --- Diff: src/java/main/org/apache/zookeeper/server/ZooKeeperServer.java --- @@ -1101,8 +1102,16 @@ public void processPacket(ServerCnxn cnxn, ByteBuffer incomingBuffer) throws IOE } else { if (h.getType() == OpCode.sasl) { Record rsp = processSasl(incomingBuffer,cnxn); -ReplyHeader rh = new ReplyHeader(h.getXid(), 0, KeeperException.Code.OK.intValue()); -cnxn.sendResponse(rh,rsp, "response"); // not sure about 3rd arg..what is it? +if (rsp == null) { +ReplyHeader rh = new ReplyHeader(h.getXid(), 0, Code.AUTHFAILED.intValue()); +cnxn.sendResponse(rh, new SetSASLResponse(AUTHENTICATION_FAILED.getBytes()), "response"); // not sure about 3rd arg..what is it? +LOG.warn("Closing client connection due to SASL authentication failure."); --- End diff -- Can we log at least the ip address of the client? > Zookeeper server do not send Sal authentication failure notification to the > client > -- > > Key: ZOOKEEPER-1534 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1534 > Project: ZooKeeper > Issue Type: Bug > Components: server >Affects Versions: 3.4.3 > Environment: Windows 7. Zookeeper 3.4.3 Curator 1.1.15 Java 1.6 >Reporter: Tally Tsabary >Priority: Major > > Server side: zookeeper 3.4.3 with patch ZOOKEEPER-1437.patch 22/Jun/12 00:24 > Client side: java, Curator 1.1.15, zookeeper 3.4.3 with patch > ZOOKEEPER-1437.patch 22/Jun/12 00:24 > Environment configured to use Sasl authentication. > While the authenticatiion is successful, everything works fine. > In case of authentication failue, it seems that the zk server catch the > SaslException and close the socket without sending any additional > notification to the client, so despite the client has an implementation to > handle Sasl authentication failure, it is never used… > > Details: > = > > > zk server log: > {noformat} > 2012-08-10 11:00:46,730 [myid:] - INFO > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxnFactory@213] - > Accepted socket connection from /127.0.0.1:50208 > 2012-08-10 11:00:46,731 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@780] - Session > establishment request from client /127.0.0.1:50208 client's lastZxid is 0x0 > 2012-08-10 11:00:46,731 [myid:] - INFO > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@838] - Client > attempting to establish new session at /127.0.0.1:50208 > 2012-08-10 11:00:46,733 [myid:] - DEBUG > [SyncThread:0:FinalRequestProcessor@88] - Processing request:: > sessionid:0x1390fd2ee630004 type:createSession cxid:0x0 zxid:0x26b > txntype:-10 reqpath:n/a > 2012-08-10 11:00:46,733 [myid:] - DEBUG > [SyncThread:0:FinalRequestProcessor@160] - sessionid:0x1390fd2ee630004 > type:createSession cxid:0x0 zxid:0x26b txntype:-10 reqpath:n/a > 2012-08-10 11:00:46,734 [myid:] - INFO [SyncThread:0:ZooKeeperServer@604] - > Established session 0x1390fd2ee630004 with negotiated timeout 4 for > client /127.0.0.1:50208 > 2012-08-10 11:00:46,736 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@919] - Responding > to client SASL token. > 2012-08-10 11:00:46,736 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@923] - Size of > client SASL token: 0 > 2012-08-10 11:00:46,736 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@954] - Size of > server SASL response: 101 > 2012-08-10 11:00:46,740 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@919] - Responding > to client SASL token. > 2012-08-10 11:00:46,741 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@923] - Size of > client SASL token: 272 > 2012-08-10 11:00:46,741 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:SaslServerCallbackHandler@106] - > client supplied realm: zk-sasl-md5 > 2012-08-10 11:00:46,741 [myid:] - WARN > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@939] - Client > failed to SASL authenticate: javax.security.sasl.SaslException: DIGEST-MD5: > digest response format violation. Mismatched response. > 2012-08-10 11:00:46,742 [myid:] - WARN > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@945] - Closing > client connection
[jira] [Commented] (ZOOKEEPER-1534) Zookeeper server do not send Sal authentication failure notification to the client
[ https://issues.apache.org/jira/browse/ZOOKEEPER-1534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16364755#comment-16364755 ] ASF GitHub Bot commented on ZOOKEEPER-1534: --- Github user eolivelli commented on a diff in the pull request: https://github.com/apache/zookeeper/pull/457#discussion_r168304302 --- Diff: src/java/test/org/apache/zookeeper/test/WatcherAuthTest.java --- @@ -0,0 +1,84 @@ +package org.apache.zookeeper.test; + +import org.apache.zookeeper.WatchedEvent; +import org.apache.zookeeper.ZooKeeper; +import org.apache.zookeeper.client.ZKClientConfig; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Ignore; +import org.junit.Test; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.io.File; +import java.io.FileWriter; +import java.io.IOException; +import java.util.concurrent.LinkedBlockingQueue; + +import static org.apache.zookeeper.test.ClientBase.createTmpDir; + +public class WatcherAuthTest { --- End diff -- I am sorry, I can't find in this test where ate we starting the server > Zookeeper server do not send Sal authentication failure notification to the > client > -- > > Key: ZOOKEEPER-1534 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1534 > Project: ZooKeeper > Issue Type: Bug > Components: server >Affects Versions: 3.4.3 > Environment: Windows 7. Zookeeper 3.4.3 Curator 1.1.15 Java 1.6 >Reporter: Tally Tsabary >Priority: Major > > Server side: zookeeper 3.4.3 with patch ZOOKEEPER-1437.patch 22/Jun/12 00:24 > Client side: java, Curator 1.1.15, zookeeper 3.4.3 with patch > ZOOKEEPER-1437.patch 22/Jun/12 00:24 > Environment configured to use Sasl authentication. > While the authenticatiion is successful, everything works fine. > In case of authentication failue, it seems that the zk server catch the > SaslException and close the socket without sending any additional > notification to the client, so despite the client has an implementation to > handle Sasl authentication failure, it is never used… > > Details: > = > > > zk server log: > {noformat} > 2012-08-10 11:00:46,730 [myid:] - INFO > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxnFactory@213] - > Accepted socket connection from /127.0.0.1:50208 > 2012-08-10 11:00:46,731 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@780] - Session > establishment request from client /127.0.0.1:50208 client's lastZxid is 0x0 > 2012-08-10 11:00:46,731 [myid:] - INFO > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@838] - Client > attempting to establish new session at /127.0.0.1:50208 > 2012-08-10 11:00:46,733 [myid:] - DEBUG > [SyncThread:0:FinalRequestProcessor@88] - Processing request:: > sessionid:0x1390fd2ee630004 type:createSession cxid:0x0 zxid:0x26b > txntype:-10 reqpath:n/a > 2012-08-10 11:00:46,733 [myid:] - DEBUG > [SyncThread:0:FinalRequestProcessor@160] - sessionid:0x1390fd2ee630004 > type:createSession cxid:0x0 zxid:0x26b txntype:-10 reqpath:n/a > 2012-08-10 11:00:46,734 [myid:] - INFO [SyncThread:0:ZooKeeperServer@604] - > Established session 0x1390fd2ee630004 with negotiated timeout 4 for > client /127.0.0.1:50208 > 2012-08-10 11:00:46,736 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@919] - Responding > to client SASL token. > 2012-08-10 11:00:46,736 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@923] - Size of > client SASL token: 0 > 2012-08-10 11:00:46,736 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@954] - Size of > server SASL response: 101 > 2012-08-10 11:00:46,740 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@919] - Responding > to client SASL token. > 2012-08-10 11:00:46,741 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@923] - Size of > client SASL token: 272 > 2012-08-10 11:00:46,741 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:SaslServerCallbackHandler@106] - > client supplied realm: zk-sasl-md5 > 2012-08-10 11:00:46,741 [myid:] - WARN > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@939] - Client > failed to SASL authenticate: javax.security.sasl.SaslException: DIGEST-MD5: > digest response format violation. Mismatched response. > 2012-08-10 11:00:46,742 [myid:] - WARN > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@945] - Closing > client connection due to SASL authentication failure. > 2012-08-10 11:00:46,742 [myid:] - INFO > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxn@1000] - Closed > socket
[jira] [Commented] (ZOOKEEPER-1534) Zookeeper server do not send Sal authentication failure notification to the client
[ https://issues.apache.org/jira/browse/ZOOKEEPER-1534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16364756#comment-16364756 ] ASF GitHub Bot commented on ZOOKEEPER-1534: --- Github user eolivelli commented on a diff in the pull request: https://github.com/apache/zookeeper/pull/457#discussion_r168302735 --- Diff: src/java/main/org/apache/zookeeper/client/ZooKeeperSaslClient.java --- @@ -310,6 +313,9 @@ public void respondToServer(byte[] serverToken, ClientCnxn cnxn) { // TODO: introspect about runtime environment (such as jaas.conf) saslState = SaslState.FAILED; throw new SaslException("Error in authenticating with a Zookeeper Quorum member: the quorum member's saslToken is null."); +} else if (new String(saslToken).equals(AUTHENTICATION_FAILED)) { --- End diff -- Not setting an explicit charset is a code smell, in this case we are using only chars so it won't be a gread deal, but it is better ti have clean code > Zookeeper server do not send Sal authentication failure notification to the > client > -- > > Key: ZOOKEEPER-1534 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1534 > Project: ZooKeeper > Issue Type: Bug > Components: server >Affects Versions: 3.4.3 > Environment: Windows 7. Zookeeper 3.4.3 Curator 1.1.15 Java 1.6 >Reporter: Tally Tsabary >Priority: Major > > Server side: zookeeper 3.4.3 with patch ZOOKEEPER-1437.patch 22/Jun/12 00:24 > Client side: java, Curator 1.1.15, zookeeper 3.4.3 with patch > ZOOKEEPER-1437.patch 22/Jun/12 00:24 > Environment configured to use Sasl authentication. > While the authenticatiion is successful, everything works fine. > In case of authentication failue, it seems that the zk server catch the > SaslException and close the socket without sending any additional > notification to the client, so despite the client has an implementation to > handle Sasl authentication failure, it is never used… > > Details: > = > > > zk server log: > {noformat} > 2012-08-10 11:00:46,730 [myid:] - INFO > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxnFactory@213] - > Accepted socket connection from /127.0.0.1:50208 > 2012-08-10 11:00:46,731 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@780] - Session > establishment request from client /127.0.0.1:50208 client's lastZxid is 0x0 > 2012-08-10 11:00:46,731 [myid:] - INFO > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@838] - Client > attempting to establish new session at /127.0.0.1:50208 > 2012-08-10 11:00:46,733 [myid:] - DEBUG > [SyncThread:0:FinalRequestProcessor@88] - Processing request:: > sessionid:0x1390fd2ee630004 type:createSession cxid:0x0 zxid:0x26b > txntype:-10 reqpath:n/a > 2012-08-10 11:00:46,733 [myid:] - DEBUG > [SyncThread:0:FinalRequestProcessor@160] - sessionid:0x1390fd2ee630004 > type:createSession cxid:0x0 zxid:0x26b txntype:-10 reqpath:n/a > 2012-08-10 11:00:46,734 [myid:] - INFO [SyncThread:0:ZooKeeperServer@604] - > Established session 0x1390fd2ee630004 with negotiated timeout 4 for > client /127.0.0.1:50208 > 2012-08-10 11:00:46,736 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@919] - Responding > to client SASL token. > 2012-08-10 11:00:46,736 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@923] - Size of > client SASL token: 0 > 2012-08-10 11:00:46,736 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@954] - Size of > server SASL response: 101 > 2012-08-10 11:00:46,740 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@919] - Responding > to client SASL token. > 2012-08-10 11:00:46,741 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@923] - Size of > client SASL token: 272 > 2012-08-10 11:00:46,741 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:SaslServerCallbackHandler@106] - > client supplied realm: zk-sasl-md5 > 2012-08-10 11:00:46,741 [myid:] - WARN > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@939] - Client > failed to SASL authenticate: javax.security.sasl.SaslException: DIGEST-MD5: > digest response format violation. Mismatched response. > 2012-08-10 11:00:46,742 [myid:] - WARN > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@945] - Closing > client connection due to SASL authentication failure. > 2012-08-10 11:00:46,742 [myid:] - INFO > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxn@1000] - Closed > socket connection for client /127.0.0.1:50208 which had sessionid > 0x1390fd2ee630004 > 2012-08-10 11:00:46,743 [myid:] - ERROR >
[jira] [Commented] (ZOOKEEPER-1534) Zookeeper server do not send Sal authentication failure notification to the client
[ https://issues.apache.org/jira/browse/ZOOKEEPER-1534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16364754#comment-16364754 ] ASF GitHub Bot commented on ZOOKEEPER-1534: --- Github user eolivelli commented on a diff in the pull request: https://github.com/apache/zookeeper/pull/457#discussion_r168303288 --- Diff: src/java/test/org/apache/zookeeper/test/WatcherAuthTest.java --- @@ -0,0 +1,84 @@ +package org.apache.zookeeper.test; + +import org.apache.zookeeper.WatchedEvent; +import org.apache.zookeeper.ZooKeeper; +import org.apache.zookeeper.client.ZKClientConfig; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Ignore; +import org.junit.Test; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.io.File; +import java.io.FileWriter; +import java.io.IOException; +import java.util.concurrent.LinkedBlockingQueue; + +import static org.apache.zookeeper.test.ClientBase.createTmpDir; + +public class WatcherAuthTest { + +protected static final Logger LOG = LoggerFactory.getLogger(WatcherTest.class); + +private class MyWatcher extends ClientBase.CountdownWatcher { +LinkedBlockingQueue events = +new LinkedBlockingQueue(); + +@Override +public void process(WatchedEvent event) { +super.process(event); +if (event.getState() == Event.KeeperState.AuthFailed) { +try { +events.put(event); +} catch (InterruptedException e) { +LOG.warn("ignoring interrupt during event.put"); +} +} +} +} + +@Before +public void setUp() throws Exception { +// Reset to default value since some test cases set this to true. +// Needed for JDK7 since unit test can run is random order +System.setProperty(ZKClientConfig.DISABLE_AUTO_WATCH_RESET, "false"); +} + +// Note: This test only works with a real ZKServer, running with TestServer masks the bug +@Ignore +@Test +public void testWatcherCanGetAuthFailedEvents() throws Exception { +MyWatcher myWatcher = new MyWatcher(); + System.setProperty("zookeeper.authProvider.1","org.apache.zookeeper.server.auth.SASLAuthenticationProvider"); +try { +File tmpDir = createTmpDir(); +File saslConfFile = new File(tmpDir, "jaas.conf"); +FileWriter fwriter = new FileWriter(saslConfFile); + +fwriter.write("" + +"Server {\n" + +" org.apache.zookeeper.server.auth.DigestLoginModule required\n" + +" user_super=\"test\";\n" + +"};\n" + +"Client {\n" + +" org.apache.zookeeper.server.auth.DigestLoginModule required\n" + +" username=\"super\"\n" + +" password=\"test1\";\n" + // NOTE: wrong password ('test' != 'test1') : this is to test SASL authentication failure. +"};" + "\n"); +fwriter.close(); + System.setProperty("java.security.auth.login.config",saslConfFile.getAbsolutePath()); +} +catch (IOException e) { +// could not create tmp directory to hold JAAS conf file. +} + +// Specify your ZK Server endpoints here +ZooKeeper zk = new ZooKeeper("127.0.0.1:2281", 2, myWatcher); --- End diff -- We should close this handle > Zookeeper server do not send Sal authentication failure notification to the > client > -- > > Key: ZOOKEEPER-1534 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1534 > Project: ZooKeeper > Issue Type: Bug > Components: server >Affects Versions: 3.4.3 > Environment: Windows 7. Zookeeper 3.4.3 Curator 1.1.15 Java 1.6 >Reporter: Tally Tsabary >Priority: Major > > Server side: zookeeper 3.4.3 with patch ZOOKEEPER-1437.patch 22/Jun/12 00:24 > Client side: java, Curator 1.1.15, zookeeper 3.4.3 with patch > ZOOKEEPER-1437.patch 22/Jun/12 00:24 > Environment configured to use Sasl authentication. > While the authenticatiion is successful, everything works fine. > In case of authentication failue, it seems that the zk server catch the > SaslException and close the socket without sending any additional > notification to the client, so despite the client has an implementation to >
[jira] [Commented] (ZOOKEEPER-1534) Zookeeper server do not send Sal authentication failure notification to the client
[ https://issues.apache.org/jira/browse/ZOOKEEPER-1534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16352617#comment-16352617 ] ASF GitHub Bot commented on ZOOKEEPER-1534: --- GitHub user craz186 opened a pull request: https://github.com/apache/zookeeper/pull/457 ZOOKEEPER-1534: ZookeeperServer now returns AuthFailed events for SASL cred failures ZookeeperServer previously closed client connections instead of returning AuthFailed events for SASL authentication failures. This PR changes the Zookeeper Server to return an AuthFailed event and then afterwards closes the connection. I am unsure of the standard for SetSaslResponses and would appreciate any feedback as to how to represent a failed Authentication through SetSaslResponse objects. Currently I am just returning a string. Note: The unit test I've supplied will only work with a real ZKServer, it seems that the testing server hides this bug and I've been unable to reproduce with the Testing Server. You can merge this pull request into a Git repository by running: $ git pull https://github.com/craz186/zookeeper ZOOKEEPER-1534 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/zookeeper/pull/457.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #457 commit add6963b8e62f3ccdaf80f1a02428544c3a105d8 Author: sean.gibbonsDate: 2018-02-05T16:09:59Z ZOOKEEPER-1534: ZookeeperServer now returns AuthFailed events instead of closing client connection when SASL authentication uses invalid credentials, added unit test to demonstrate > Zookeeper server do not send Sal authentication failure notification to the > client > -- > > Key: ZOOKEEPER-1534 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1534 > Project: ZooKeeper > Issue Type: Bug > Components: server >Affects Versions: 3.4.3 > Environment: Windows 7. Zookeeper 3.4.3 Curator 1.1.15 Java 1.6 >Reporter: Tally Tsabary >Priority: Major > > Server side: zookeeper 3.4.3 with patch ZOOKEEPER-1437.patch 22/Jun/12 00:24 > Client side: java, Curator 1.1.15, zookeeper 3.4.3 with patch > ZOOKEEPER-1437.patch 22/Jun/12 00:24 > Environment configured to use Sasl authentication. > While the authenticatiion is successful, everything works fine. > In case of authentication failue, it seems that the zk server catch the > SaslException and close the socket without sending any additional > notification to the client, so despite the client has an implementation to > handle Sasl authentication failure, it is never used… > > Details: > = > > > zk server log: > {noformat} > 2012-08-10 11:00:46,730 [myid:] - INFO > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxnFactory@213] - > Accepted socket connection from /127.0.0.1:50208 > 2012-08-10 11:00:46,731 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@780] - Session > establishment request from client /127.0.0.1:50208 client's lastZxid is 0x0 > 2012-08-10 11:00:46,731 [myid:] - INFO > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@838] - Client > attempting to establish new session at /127.0.0.1:50208 > 2012-08-10 11:00:46,733 [myid:] - DEBUG > [SyncThread:0:FinalRequestProcessor@88] - Processing request:: > sessionid:0x1390fd2ee630004 type:createSession cxid:0x0 zxid:0x26b > txntype:-10 reqpath:n/a > 2012-08-10 11:00:46,733 [myid:] - DEBUG > [SyncThread:0:FinalRequestProcessor@160] - sessionid:0x1390fd2ee630004 > type:createSession cxid:0x0 zxid:0x26b txntype:-10 reqpath:n/a > 2012-08-10 11:00:46,734 [myid:] - INFO [SyncThread:0:ZooKeeperServer@604] - > Established session 0x1390fd2ee630004 with negotiated timeout 4 for > client /127.0.0.1:50208 > 2012-08-10 11:00:46,736 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@919] - Responding > to client SASL token. > 2012-08-10 11:00:46,736 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@923] - Size of > client SASL token: 0 > 2012-08-10 11:00:46,736 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@954] - Size of > server SASL response: 101 > 2012-08-10 11:00:46,740 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@919] - Responding > to client SASL token. > 2012-08-10 11:00:46,741 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@923] - Size of > client SASL token: 272 > 2012-08-10 11:00:46,741 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:SaslServerCallbackHandler@106] - > client supplied realm:
[jira] [Commented] (ZOOKEEPER-1534) Zookeeper server do not send Sal authentication failure notification to the client
[ https://issues.apache.org/jira/browse/ZOOKEEPER-1534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16341308#comment-16341308 ] Sean Gibbons commented on ZOOKEEPER-1534: - This is an issue affecting my use of Zookeeper. In my use case if a client supplies wrong credentials we only receive ConectionLoss events without receiving an AuthFailed event. This can lead to confusion in production environments where network outages can occur, often we have to request that Environments view the passwords on each server to ensure that they are all correct since we receive the same event (ConnectionLoss) for incorrect SASL credentials and when the network is down. I have a patch for this I am preparing but may need some advice on how to format a standardized AuthFailed SetSASLResponse. > Zookeeper server do not send Sal authentication failure notification to the > client > -- > > Key: ZOOKEEPER-1534 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1534 > Project: ZooKeeper > Issue Type: Bug > Components: server >Affects Versions: 3.4.3 > Environment: Windows 7. Zookeeper 3.4.3 Curator 1.1.15 Java 1.6 >Reporter: Tally Tsabary >Priority: Major > > Server side: zookeeper 3.4.3 with patch ZOOKEEPER-1437.patch 22/Jun/12 00:24 > Client side: java, Curator 1.1.15, zookeeper 3.4.3 with patch > ZOOKEEPER-1437.patch 22/Jun/12 00:24 > Environment configured to use Sasl authentication. > While the authenticatiion is successful, everything works fine. > In case of authentication failue, it seems that the zk server catch the > SaslException and close the socket without sending any additional > notification to the client, so despite the client has an implementation to > handle Sasl authentication failure, it is never used… > > Details: > = > > > zk server log: > {noformat} > 2012-08-10 11:00:46,730 [myid:] - INFO > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxnFactory@213] - > Accepted socket connection from /127.0.0.1:50208 > 2012-08-10 11:00:46,731 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@780] - Session > establishment request from client /127.0.0.1:50208 client's lastZxid is 0x0 > 2012-08-10 11:00:46,731 [myid:] - INFO > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@838] - Client > attempting to establish new session at /127.0.0.1:50208 > 2012-08-10 11:00:46,733 [myid:] - DEBUG > [SyncThread:0:FinalRequestProcessor@88] - Processing request:: > sessionid:0x1390fd2ee630004 type:createSession cxid:0x0 zxid:0x26b > txntype:-10 reqpath:n/a > 2012-08-10 11:00:46,733 [myid:] - DEBUG > [SyncThread:0:FinalRequestProcessor@160] - sessionid:0x1390fd2ee630004 > type:createSession cxid:0x0 zxid:0x26b txntype:-10 reqpath:n/a > 2012-08-10 11:00:46,734 [myid:] - INFO [SyncThread:0:ZooKeeperServer@604] - > Established session 0x1390fd2ee630004 with negotiated timeout 4 for > client /127.0.0.1:50208 > 2012-08-10 11:00:46,736 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@919] - Responding > to client SASL token. > 2012-08-10 11:00:46,736 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@923] - Size of > client SASL token: 0 > 2012-08-10 11:00:46,736 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@954] - Size of > server SASL response: 101 > 2012-08-10 11:00:46,740 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@919] - Responding > to client SASL token. > 2012-08-10 11:00:46,741 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@923] - Size of > client SASL token: 272 > 2012-08-10 11:00:46,741 [myid:] - DEBUG > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:SaslServerCallbackHandler@106] - > client supplied realm: zk-sasl-md5 > 2012-08-10 11:00:46,741 [myid:] - WARN > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@939] - Client > failed to SASL authenticate: javax.security.sasl.SaslException: DIGEST-MD5: > digest response format violation. Mismatched response. > 2012-08-10 11:00:46,742 [myid:] - WARN > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@945] - Closing > client connection due to SASL authentication failure. > 2012-08-10 11:00:46,742 [myid:] - INFO > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxn@1000] - Closed > socket connection for client /127.0.0.1:50208 which had sessionid > 0x1390fd2ee630004 > 2012-08-10 11:00:46,743 [myid:] - ERROR > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxn@180] - Unexpected > Exception: > java.nio.channels.CancelledKeyException >at > sun.nio.ch.SelectionKeyImpl.ensureValid(SelectionKeyImpl.java:55) >at >