Do not use RestrictedServerCnxnFactory

Do not use it for self-hosted, feature cannot be supported
with ZooKeeper 3.5 (but secure communications can be setup with
ZooKeeper 3.5, which is supported from that version on)

2 files changed, 0 insertions, 92 deletions

diff --git a/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/RestrictedServerCnxnFactory.java b/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/RestrictedServerCnxnFactory.java
deleted file mode 100644
index dab9ddb243b..00000000000
--- a/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/RestrictedServerCnxnFactory.java
+++ /dev/null
@@ -1,90 +0,0 @@
-// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.vespa.zookeeper;
-
-import com.google.common.collect.ImmutableSet;
-import com.yahoo.net.HostName;
-import com.yahoo.text.StringUtilities;
-import org.apache.zookeeper.server.NIOServerCnxn;
-import org.apache.zookeeper.server.NIOServerCnxnFactory;
-
-import java.io.IOException;
-import java.net.InetSocketAddress;
-import java.nio.channels.SelectionKey;
-import java.nio.channels.SocketChannel;
-import java.util.HashSet;
-import java.util.Set;
-import java.util.logging.Logger;
-
-/**
- * This class is created by zookeeper by reflection, see the ZooKeeperServer constructor. It will only work
- * when using ZooKeeper 3.4
- * 
- * @author bratseth
- */
-@SuppressWarnings("unused")
-public class RestrictedServerCnxnFactory extends NIOServerCnxnFactory {
-
-    private static final Logger log = Logger.getLogger(RestrictedServerCnxnFactory.class.getName());
-    
-    public RestrictedServerCnxnFactory() throws IOException {
-        super();
-    }
-    
-    @Override
-    protected NIOServerCnxn createConnection(SocketChannel socket, SelectionKey selection) throws IOException {
-        NIOServerCnxn ret = super.createConnection(socket, selection);
-        validateRemoteOrClose(socket);
-        return ret;
-    }
-
-    private void validateRemoteOrClose(SocketChannel socket) {
-        try {
-            String remoteHost = ((InetSocketAddress)socket.getRemoteAddress()).getHostName();
-
-            if (isLocalHost(remoteHost)) return; // always allow localhost
-
-            ImmutableSet<String> allowedZooKeeperClients = findAllowedZooKeeperClients();
-
-            if (allowedZooKeeperClients.isEmpty()) return; // inactive: allow all
-            if (allowedZooKeeperClients.contains(remoteHost)) return; // allowed
-
-            // Not allowed: Reject connection
-            String errorMessage = "Rejecting connection to ZooKeeper from " + remoteHost +
-                                  ": This cluster only allow connection from hosts in: " + allowedZooKeeperClients;
-            log.info(errorMessage);
-            socket.shutdownInput();
-            socket.shutdownOutput();
-        } catch (Exception e) {
-            log.warning("Unexpected exception: "+e);
-        }
-    }
-
-    /** Returns the allowed client host names. If the list is empty any host is allowed. */
-    private ImmutableSet<String> findAllowedZooKeeperClients() {
-        // Environment has precedence. Note that 
-        // - if this is set to "", client restriction is disabled
-        // - this environment variable is a public API - do not change
-        String environmentAllowedZooKeeperClients = System.getenv("vespa_zkfacade__restrict");
-        if (environmentAllowedZooKeeperClients != null) 
-            return ImmutableSet.copyOf(toHostnameSet(environmentAllowedZooKeeperClients));
-        else
-            return ImmutableSet.of();
-    }
-
-    private Set<String> toHostnameSet(String hostnamesString) {
-        Set<String> hostnames = new HashSet<>();
-        for (String hostname : StringUtilities.split(hostnamesString)) {
-            if ( ! hostname.trim().isEmpty())
-                hostnames.add(hostname.trim());
-        }
-        return hostnames;
-    }
-
-    private boolean isLocalHost(String remoteHost) {
-        if (remoteHost.equals("localhost")) return true;
-        if (remoteHost.equals("localhost.localdomain")) return true;
-        if (remoteHost.equals(HostName.getLocalhost())) return true;
-        return false;
-    }
-    
-}
diff --git a/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/ZooKeeperServer.java b/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/ZooKeeperServer.java
index 5b78bc48a2d..8342dfb16df 100644
--- a/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/ZooKeeperServer.java
+++ b/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/ZooKeeperServer.java
@@ -31,8 +31,6 @@ public class ZooKeeperServer extends AbstractComponent implements Runnable {
         this.zookeeperServerConfig = zookeeperServerConfig;
         System.setProperty("zookeeper.jmx.log4j.disable", "true");
         System.setProperty(ZOOKEEPER_JUTE_MAX_BUFFER, "" + zookeeperServerConfig.juteMaxBuffer());
-        if (zookeeperServerConfig.useRestrictedServerCnxnFactory())
-            System.setProperty("zookeeper.serverCnxnFactory", "com.yahoo.vespa.zookeeper.RestrictedServerCnxnFactory");
 
         writeConfigToDisk(zookeeperServerConfig);
         zkServerThread = new Thread(this, "zookeeper server");