[GitHub] drill pull request #578: DRILL-4280: Kerberos Authentication

Mon, 31 Oct 2016 13:15:01 -0700 

Github user laurentgo commented on a diff in the pull request:

    https://github.com/apache/drill/pull/578#discussion_r85797062
  
    --- Diff: contrib/native/client/src/clientlib/drillClientImpl.cpp ---
    @@ -427,6 +511,121 @@ connectionStatus_t 
DrillClientImpl::validateHandshake(DrillUserProperties* prope
                             getMessage(ERR_CONN_AUTHFAIL,
                                 this->m_handshakeErrorId.c_str(),
                                 this->m_handshakeErrorMsg.c_str()));
    +            case exec::user::AUTH_REQUIRED: {
    +                DRILL_MT_LOG(DRILL_LOG(LOG_TRACE) << "Server requires SASL 
authentication." << std::endl;)
    +                SaslAuthenticatorImpl saslAuthenticator(properties);
    +                int saslResult = 0;
    +                std::string chosenMech;
    +                const char *out;
    +                unsigned outlen;
    +                saslResult = saslAuthenticator.init(m_mechanisms, 
chosenMech, &out, &outlen);
    +                if (saslResult != SASL_OK) {
    +                    DRILL_MT_LOG(DRILL_LOG(LOG_TRACE) << "Authenticator 
init failed. Code: " << saslResult << std::endl;)
    +                    return handleConnError(CONN_AUTH_FAILED, "User 
authentication init failed.");
    +                }
    +                if (NULL == out) {
    +                    out = 
(&::google::protobuf::internal::kEmptyString)->c_str();
    +                }
    +                // send initial response
    +                {
    +                    exec::user::SaslMessage response;
    +                    response.set_data(out, outlen);
    +                    response.set_mechanism(chosenMech[0]);
    +                    
response.set_status(exec::user::SaslStatus::SASL_START);
    +                    {
    +                        boost::lock_guard<boost::mutex> 
lock(this->m_dcMutex);
    +                        int32_t coordId = this->getNextCoordinationId();
    +
    +                        OutBoundRpcMessage out_msg(exec::rpc::REQUEST, 
exec::user::SASL_MESSAGE, coordId, &response);
    +                        sendSync(out_msg);
    +                        DRILL_MT_LOG(DRILL_LOG(LOG_TRACE) << "Sent SASL 
init response, id: " << coordId
    +                                                          << " result: " 
<< saslResult << std::endl;)
    +                    }
    +                }
    +
    +                bool done = false;
    +                while (saslResult == SASL_OK || saslResult == 
SASL_CONTINUE) {
    +                    if (done) {
    +                        break;
    +                    }
    +                    // receive challenge
    +                    InBoundRpcMessage inboundMessage;
    +                    readMessage(inboundMessage);
    +                    if (m_pError) {
    +                        DRILL_MT_LOG(DRILL_LOG(LOG_TRACE) << "Something 
failed." << std::endl;)
    +                        return CONN_AUTH_FAILED;
    +                    }
    +                    exec::user::SaslMessage challenge;
    +                    
challenge.ParseFromArray(inboundMessage.m_pbody.data(), 
inboundMessage.m_pbody.size());
    --- End diff --
    
    you should check the return value for parsing errors


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Reply via email to