[HDFS-13061] SaslDataTransferClient#checkTrustAndSend should not trust a partially trusted channel - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.1.0
Component/s: None
Labels:
None

Hadoop Flags:

Reviewed

Description

~~HDFS-5910~~ introduces encryption negotiation between client and server based on a customizable TrustedChannelResolver class. The TrustedChannelResolver is invoked on both client and server side. If the resolver indicates that the channel is trusted, then the data transfer will not be encrypted even if dfs.encrypt.data.transfer is set to true.

SaslDataTransferClient#checkTrustAndSend ask the channel resolve whether the client and server address are trusted, respectively. It decides the channel is untrusted only if both client and server are not trusted to enforce encryption. This ticket is opened to change it to not trust (and encrypt) if either client or server address are not trusted.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HDFS-13061.000.patch
26/Jan/18 20:40
5 kB
Ajay Kumar
HDFS-13061.001.patch
29/Jan/18 21:45
8 kB
Ajay Kumar
HDFS-13061.002.patch
29/Jan/18 23:13
8 kB
Ajay Kumar
HDFS-13061.003.patch
30/Jan/18 18:45
8 kB
Ajay Kumar

Activity

People

Assignee:: Ajay Kumar

Reporter:: Xiaoyu Yao

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 24/Jan/18 23:55

Updated:: 31/Jan/18 21:03

Resolved:: 31/Jan/18 18:57