Skip to content

Commit

Permalink
HBASE-24579: Failed SASL authentication does not result in an excepti…
Browse files Browse the repository at this point in the history
…on on client side (#1921)

Signed-off-by: Wellington Chevreuil <[email protected]>
Signed-off-by: Viraj Jasani <[email protected]>
(cherry picked from commit bd79c40)
  • Loading branch information
BukrosSzabolcs authored and wchevreuil committed Jun 19, 2020
1 parent 8ce1f25 commit a52e537
Show file tree
Hide file tree
Showing 2 changed files with 41 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,16 @@ public boolean saslConnect(InputStream inS, OutputStream outS) throws IOExceptio
inStream.readFully(saslToken);
}
}

try {
readStatus(inStream);
}
catch (IOException e){
if(e instanceof RemoteException){
LOG.debug("Sasl connection failed: ", e);
throw e;
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("SASL client context established. Negotiated QoP: "
+ saslClient.getNegotiatedProperty(Sasl.QOP));
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -52,10 +52,12 @@
import org.apache.hadoop.hbase.util.Bytes;
import org.apache.hadoop.io.DataInputBuffer;
import org.apache.hadoop.io.DataOutputBuffer;
import org.apache.hadoop.io.WritableUtils;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Rule;
Expand Down Expand Up @@ -318,4 +320,33 @@ private HBaseSaslRpcClient createSaslRpcClientSimple(String principal, String pa
private Token<? extends TokenIdentifier> createTokenMock() {
return mock(Token.class);
}

@Test(expected = IOException.class)
public void testFailedEvaluateResponse() throws IOException {
//prep mockin the SaslClient
SimpleSaslClientAuthenticationProvider mockProvider =
Mockito.mock(SimpleSaslClientAuthenticationProvider.class);
SaslClient mockClient = Mockito.mock(SaslClient.class);
Assert.assertNotNull(mockProvider);
Assert.assertNotNull(mockClient);
Mockito.when(mockProvider.createClient(Mockito.any(), Mockito.any(), Mockito.any(),
Mockito.any(), Mockito.anyBoolean(), Mockito.any())).thenReturn(mockClient);
HBaseSaslRpcClient rpcClient = new HBaseSaslRpcClient(HBaseConfiguration.create(),
mockProvider, createTokenMock(),
Mockito.mock(InetAddress.class), Mockito.mock(SecurityInfo.class), false);

//simulate getting an error from a failed saslServer.evaluateResponse
DataOutputBuffer errorBuffer = new DataOutputBuffer();
errorBuffer.writeInt(SaslStatus.ERROR.state);
WritableUtils.writeString(errorBuffer, IOException.class.getName());
WritableUtils.writeString(errorBuffer, "Invalid Token");

DataInputBuffer in = new DataInputBuffer();
in.reset(errorBuffer.getData(), 0, errorBuffer.getLength());
DataOutputBuffer out = new DataOutputBuffer();

//simulate that authentication exchange has completed quickly after sending the token
Mockito.when(mockClient.isComplete()).thenReturn(true);
rpcClient.saslConnect(in, out);
}
}

0 comments on commit a52e537

Please sign in to comment.