ZOOKEEPER-3331: Automatically add IP authorization for Netty connections

Author: Brian Nixon <nixon@fb.com>

Reviewers: eolivelli@apache.org, fangmin@apache.org

Closes #867 from enixon/netty-ip-auth

zookeeper-server/src/main/java/org/apache/zookeeper/server/NettyServerCnxn.java

@@ -22,6 +22,7 @@ import java.io.BufferedWriter;
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.io.Writer;
+import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.nio.ByteBuffer;
 import java.nio.channels.SelectionKey;
@@ -40,6 +41,7 @@ import io.netty.util.concurrent.Future;
 import io.netty.util.concurrent.GenericFutureListener;
 import org.apache.jute.BinaryInputArchive;
 import org.apache.jute.Record;
+import org.apache.zookeeper.data.Id;
 import org.apache.zookeeper.data.Stat;
 import org.apache.zookeeper.WatchedEvent;
 import org.apache.zookeeper.proto.ReplyHeader;
@@ -74,6 +76,8 @@ public class NettyServerCnxn extends ServerCnxn {
         if (this.factory.login != null) {
             this.zooKeeperSaslServer = new ZooKeeperSaslServer(factory.login);
         }
+        InetAddress addr = ((InetSocketAddress) channel.remoteAddress()).getAddress();
+        addAuthInfo(new Id("ip", addr.getHostAddress()));
     }
 
     @Override

zookeeper-server/src/test/java/org/apache/zookeeper/test/ACLTest.java

@@ -25,6 +25,7 @@ import java.util.ArrayList;
 import java.util.List;
 import java.util.concurrent.CountDownLatch;
 
+import org.apache.zookeeper.server.ServerCnxn;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.apache.zookeeper.CreateMode;
@@ -61,6 +62,42 @@ public class ACLTest extends ZKTestCase implements Watcher {
         Assert.assertFalse("testing netmask too low", prov.isValid("10.0.0.1/-1"));
     }
 
+    @Test
+    public void testNettyIpAuthDefault() throws Exception {
+        String HOSTPORT = "127.0.0.1:" + PortAssignment.unique();
+        System.setProperty(ServerCnxnFactory.ZOOKEEPER_SERVER_CNXN_FACTORY,
+                "org.apache.zookeeper.server.NettyServerCnxnFactory");
+        ClientBase.setupTestEnv();
+        File tmpDir = ClientBase.createTmpDir();
+        ZooKeeperServer zks = new ZooKeeperServer(tmpDir, tmpDir, 3000);
+        SyncRequestProcessor.setSnapCount(1000);
+        final int PORT = Integer.parseInt(HOSTPORT.split(":")[1]);
+        ServerCnxnFactory f = ServerCnxnFactory.createFactory(PORT, -1);
+        f.startup(zks);
+        try {
+            LOG.info("starting up the zookeeper server .. waiting");
+            Assert.assertTrue("waiting for server being up",
+                    ClientBase.waitForServerUp(HOSTPORT, CONNECTION_TIMEOUT));
+            ClientBase.createZKClient(HOSTPORT);
+            for (ServerCnxn cnxn : f.getConnections()) {
+                boolean foundID = false;
+                for (Id id : cnxn.getAuthInfo()) {
+                    if (id.getScheme().equals("ip")) {
+                        foundID = true;
+                        break;
+                    }
+                }
+                Assert.assertTrue(foundID);
+            }
+        } finally {
+            f.shutdown();
+            zks.shutdown();
+            Assert.assertTrue("waiting for server down",
+                    ClientBase.waitForServerDown(HOSTPORT, CONNECTION_TIMEOUT));
+            System.clearProperty(ServerCnxnFactory.ZOOKEEPER_SERVER_CNXN_FACTORY);
+        }
+    }
+
     @Test
     public void testDisconnectedAddAuth() throws Exception {
         File tmpDir = ClientBase.createTmpDir();