ZOOKEEPER-1185. Send AuthFailed event to client if SASL authentication fails. (Eugene Kuntz via mahadev)

git-svn-id: https://svn.apache.org/repos/asf/zookeeper/trunk@1176159 13f79535-47bb-0310-9956-ffa450edef68

CHANGES.txt

@@ -370,6 +370,9 @@ BUGFIXES:
   ZOOKEEPER-1189. For an invalid snapshot file(less than 10bytes size) RandomAccessFile 
   stream is leaking. (Rakesh R via mahadev)
 
+  ZOOKEEPER-1185. Send AuthFailed event to client if SASL authentication fails.
+  (Eugene Kuntz via mahadev)
+
 IMPROVEMENTS:
   ZOOKEEPER-724. Improve junit test integration - log harness information 
   (phunt via mahadev)

src/java/main/org/apache/zookeeper/ClientCnxn.java

@@ -558,6 +558,12 @@ public class ClientCnxn {
                       SetSASLResponse rsp = (SetSASLResponse) p.response;
                       // TODO : check rc (== 0, etc) as with other packet types.
                       cb.processResult(rc,null,p.ctx,rsp.getToken(),null);
+                      ClientCnxn clientCnxn = (ClientCnxn)p.ctx;
+                      if ((clientCnxn == null) || (clientCnxn.zooKeeperSaslClient == null) ||
+                              (clientCnxn.zooKeeperSaslClient.getSaslState() == ZooKeeperSaslClient.SaslState.FAILED)) {
+                          queueEvent(new WatchedEvent(EventType.None,
+                                  KeeperState.AuthFailed, null));
+                      }
                   } else if (p.response instanceof GetDataResponse) {
                       DataCallback cb = (DataCallback) p.cb;
                       GetDataResponse rsp = (GetDataResponse) p.response;
@@ -945,6 +951,9 @@ public class ClientCnxn {
                       + "configuration file: '" + System.getProperty("java.security.auth.login.config")
                       + "'. Will continue connection to Zookeeper server without SASL authentication, if Zookeeper "
                       + "server allows it.");
+                    eventThread.queueEvent(new WatchedEvent(
+                            Watcher.Event.EventType.None,
+                            KeeperState.AuthFailed, null));
                 }
             }
             clientCnxnSocket.connect(addr);
@@ -979,6 +988,9 @@ public class ClientCnxn {
                             catch (SaslException e) {
                                 LOG.error("SASL authentication with Zookeeper Quorum member failed: " + e);
                                 state = States.AUTH_FAILED;
+                                eventThread.queueEvent(new WatchedEvent(
+                                        Watcher.Event.EventType.None,
+                                        KeeperState.AuthFailed,null));
                             }
                             if (zooKeeperSaslClient.readyToSendSaslAuthEvent()) {
                                 eventThread.queueEvent(new WatchedEvent(

src/java/main/org/apache/zookeeper/client/ZooKeeperSaslClient.java

@@ -59,12 +59,16 @@ public class ZooKeeperSaslClient {
     private byte[] saslToken = new byte[0];
     private ClientCnxn cnxn;
 
-    private enum SaslState {
-        INITIAL,INTERMEDIATE,COMPLETE
+    public enum SaslState {
+        INITIAL,INTERMEDIATE,COMPLETE,FAILED
     }
 
     private SaslState saslState = SaslState.INITIAL;
 
+    public SaslState getSaslState() {
+        return saslState;
+    }
+
     public ZooKeeperSaslClient(ClientCnxn cnxn, String serverPrincipal) throws LoginException {
         this.cnxn = cnxn;
         this.saslClient = createSaslClient(serverPrincipal);
@@ -176,8 +180,8 @@ public class ZooKeeperSaslClient {
                     queueSaslPacket(saslToken);
                 }
             } catch (SaslException e) {
-                // TODO sendThread should set state to AUTH_FAILED; but currently only sendThread modifies state.
                 LOG.error("SASL authentication failed.");
+                saslState = SaslState.FAILED;
             }
         }
     }
@@ -265,6 +269,9 @@ public class ZooKeeperSaslClient {
     }
 
     public void initialize() throws SaslException {
+        if (saslClient == null) {
+            throw new SaslException("saslClient failed to initialize properly: it's null.");
+        }
         if (saslState == SaslState.INITIAL) {
             if (saslClient.hasInitialResponse()) {
                 queueSaslPacket();

src/java/test/org/apache/zookeeper/test/SaslAuthFailTest.java

@@ -102,6 +102,7 @@ public class SaslAuthFailTest extends ClientBase {
     public void testBadSaslAuthNotifiesWatch() throws Exception {
         ZooKeeper zk = createClient();
         Thread.sleep(1000);
+        Assert.assertEquals(authFailed.get(),1);
         zk.close();
     }
 

src/java/test/org/apache/zookeeper/test/SaslAuthTest.java

@@ -102,14 +102,6 @@ public class SaslAuthTest extends ClientBase {
         }
     }
 
-    @Test
-    public void testBadSaslAuthNotifiesWatch() throws Exception {
-        ZooKeeper zk = createClient();
-        Thread.sleep(1000);
-        zk.close();
-    }
-
-    
     @Test
     public void testAuth() throws Exception {
         ZooKeeper zk = createClient();