Skip to content

Commit

Permalink
HBASE-24579: Failed SASL authentication does not result in an excepti…
Browse files Browse the repository at this point in the history
…on on client side (apache#1921)

Signed-off-by: Wellington Chevreuil <[email protected]>
Signed-off-by: Viraj Jasani <[email protected]>
  • Loading branch information
BukrosSzabolcs committed Jun 22, 2020
1 parent 24c7a0c commit 86a12d2
Show file tree
Hide file tree
Showing 2 changed files with 41 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,16 @@ public boolean saslConnect(InputStream inS, OutputStream outS) throws IOExceptio
inStream.readFully(saslToken);
}
}

try {
readStatus(inStream);
}
catch (IOException e){
if(e instanceof RemoteException){
LOG.debug("Sasl connection failed: ", e);
throw e;
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("SASL client context established. Negotiated QoP: "
+ saslClient.getNegotiatedProperty(Sasl.QOP));
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -45,10 +45,12 @@
import org.apache.hadoop.hbase.util.Bytes;
import org.apache.hadoop.io.DataInputBuffer;
import org.apache.hadoop.io.DataOutputBuffer;
import org.apache.hadoop.io.WritableUtils;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Rule;
Expand Down Expand Up @@ -308,4 +310,33 @@ private HBaseSaslRpcClient createSaslRpcClientSimple(String principal, String pa
private Token<? extends TokenIdentifier> createTokenMock() {
return mock(Token.class);
}

@Test(expected = IOException.class)
public void testFailedEvaluateResponse() throws IOException {
//prep mockin the SaslClient
SimpleSaslClientAuthenticationProvider mockProvider =
Mockito.mock(SimpleSaslClientAuthenticationProvider.class);
SaslClient mockClient = Mockito.mock(SaslClient.class);
Assert.assertNotNull(mockProvider);
Assert.assertNotNull(mockClient);
Mockito.when(mockProvider.createClient(Mockito.any(), Mockito.any(), Mockito.any(),
Mockito.any(), Mockito.anyBoolean(), Mockito.any())).thenReturn(mockClient);
HBaseSaslRpcClient rpcClient = new HBaseSaslRpcClient(HBaseConfiguration.create(),
mockProvider, createTokenMock(),
Mockito.mock(InetAddress.class), Mockito.mock(SecurityInfo.class), false);

//simulate getting an error from a failed saslServer.evaluateResponse
DataOutputBuffer errorBuffer = new DataOutputBuffer();
errorBuffer.writeInt(SaslStatus.ERROR.state);
WritableUtils.writeString(errorBuffer, IOException.class.getName());
WritableUtils.writeString(errorBuffer, "Invalid Token");

DataInputBuffer in = new DataInputBuffer();
in.reset(errorBuffer.getData(), 0, errorBuffer.getLength());
DataOutputBuffer out = new DataOutputBuffer();

//simulate that authentication exchange has completed quickly after sending the token
Mockito.when(mockClient.isComplete()).thenReturn(true);
rpcClient.saslConnect(in, out);
}
}

0 comments on commit 86a12d2

Please sign in to comment.