From d456d07d6c21a0286536c876548ed1de61a869fc Mon Sep 17 00:00:00 2001 From: Tsz-Wo Nicholas Sze Date: Mon, 22 Jul 2024 19:17:06 +0800 Subject: [PATCH 1/4] HDFS-17575. SaslDataTransferClient should use SaslParticipant to create messages. --- .../sasl/SaslDataTransferClient.java | 9 +++++---- .../datatransfer/sasl/SaslParticipant.java | 16 ++++++++++++++-- .../datatransfer/sasl/TestSaslDataTransfer.java | 2 +- 3 files changed, 20 insertions(+), 7 deletions(-) diff --git a/hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferClient.java b/hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferClient.java index 043439130d5dc..dd1da77af1efd 100644 --- a/hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferClient.java +++ b/hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferClient.java @@ -519,25 +519,25 @@ private IOStreamPair doSaslHandshake(InetAddress addr, // In which case there will be no encrypted secret sent from NN. BlockTokenIdentifier blockTokenIdentifier = accessToken.decodeIdentifier(); + final byte[] first = sasl.createFirstMessage(); if (blockTokenIdentifier != null) { byte[] handshakeSecret = accessToken.decodeIdentifier().getHandshakeMsg(); if (handshakeSecret == null || handshakeSecret.length == 0) { LOG.debug("Handshake secret is null, " + "sending without handshake secret."); - sendSaslMessage(out, new byte[0]); + sendSaslMessage(out, first); } else { LOG.debug("Sending handshake secret."); BlockTokenIdentifier identifier = new BlockTokenIdentifier(); identifier.readFields(new DataInputStream( new ByteArrayInputStream(accessToken.getIdentifier()))); String bpid = identifier.getBlockPoolId(); - sendSaslMessageHandshakeSecret(out, new byte[0], - handshakeSecret, bpid); + sendSaslMessageHandshakeSecret(out, first, handshakeSecret, bpid); } } else { LOG.debug("Block token id is null, sending without handshake secret."); - sendSaslMessage(out, new byte[0]); + sendSaslMessage(out, first); } // step 1 @@ -565,6 +565,7 @@ private IOStreamPair doSaslHandshake(InetAddress addr, cipherOptions.add(option); } } + LOG.debug("{}: cipherOptions={}", sasl, cipherOptions); sendSaslMessageAndNegotiationCipherOptions(out, localResponse, cipherOptions); diff --git a/hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslParticipant.java b/hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslParticipant.java index e32f76a8ebd7d..7abd5bd126db8 100644 --- a/hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslParticipant.java +++ b/hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslParticipant.java @@ -20,6 +20,7 @@ import java.io.DataInputStream; import java.io.DataOutputStream; import java.util.Map; +import java.util.Objects; import javax.security.auth.callback.CallbackHandler; import javax.security.sasl.Sasl; import javax.security.sasl.SaslClient; @@ -52,6 +53,7 @@ class SaslParticipant { private static final String SERVER_NAME = "0"; private static final String PROTOCOL = "hdfs"; private static final String[] MECHANISM_ARRAY = {SaslConstants.SASL_MECHANISM}; + private static final byte[] EMPTY_BYTE_ARRAY = {}; // One of these will always be null. private final SaslServer saslServer; @@ -110,7 +112,7 @@ public static SaslParticipant createClientSaslParticipant(String userName, * @param saslServer to wrap */ private SaslParticipant(SaslServer saslServer) { - this.saslServer = saslServer; + this.saslServer = Objects.requireNonNull(saslServer, "saslServer == null"); this.saslClient = null; } @@ -121,7 +123,12 @@ private SaslParticipant(SaslServer saslServer) { */ private SaslParticipant(SaslClient saslClient) { this.saslServer = null; - this.saslClient = saslClient; + this.saslClient = Objects.requireNonNull(saslClient, "saslClient == null"); + } + + byte[] createFirstMessage() throws SaslException { + return MECHANISM_ARRAY[0].equals(SaslConstants.SASL_MECHANISM_DEFAULT) ? EMPTY_BYTE_ARRAY + : evaluateChallengeOrResponse(EMPTY_BYTE_ARRAY); } /** @@ -228,4 +235,9 @@ public IOStreamPair createStreamPair(DataOutputStream out, new SaslOutputStream(out, saslServer)); } } + + @Override + public String toString() { + return "Sasl" + (saslServer != null? "Server" : "Client"); + } } diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/TestSaslDataTransfer.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/TestSaslDataTransfer.java index 85e43f65c37b2..cbb3c07962dc7 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/TestSaslDataTransfer.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/TestSaslDataTransfer.java @@ -77,7 +77,7 @@ public class TestSaslDataTransfer extends SaslDataTransferTestCase { public ExpectedException exception = ExpectedException.none(); @Rule - public Timeout timeout = new Timeout(60000); + public Timeout timeout = new Timeout(300_000); @After public void shutdown() { From 918c7c5a5fe21d9c13b29845e4abc28e9114c656 Mon Sep 17 00:00:00 2001 From: Tsz-Wo Nicholas Sze Date: Thu, 25 Jul 2024 01:14:28 +0800 Subject: [PATCH 2/4] tigger test From d4b9e99d90a7a3acc6edf1e51aadb571f48e1523 Mon Sep 17 00:00:00 2001 From: Tsz-Wo Nicholas Sze Date: Fri, 26 Jul 2024 13:05:56 +0900 Subject: [PATCH 3/4] tigger test again From 484b34ecac7519056f0b3e64cd3ec7c4f04051c3 Mon Sep 17 00:00:00 2001 From: Tsz-Wo Nicholas Sze Date: Mon, 29 Jul 2024 10:44:14 -0700 Subject: [PATCH 4/4] Empty commit