[GitHub] drill pull request #773: DRILL-4335: Apache Drill should support network enc...

Mon, 17 Apr 2017 00:43:26 -0700 

Github user sohami commented on a diff in the pull request:

    https://github.com/apache/drill/pull/773#discussion_r111713955
  
    --- Diff: 
exec/java-exec/src/main/java/org/apache/drill/exec/rpc/user/UserConnectionConfig.java
 ---
    @@ -34,32 +39,81 @@
     
       private final UserServerRequestHandler handler;
     
    +  // Total number of external DrillClient connection's on this server.
    +  private static final Counter secureUserConnections = 
DrillMetrics.getRegistry()
    +    .counter("drill.user.encrypted.connections");
    +
    +  private static final Counter insecureUserConnections = 
DrillMetrics.getRegistry()
    +    .counter("drill.user.unencrypted.connections");
    +
       UserConnectionConfig(BufferAllocator allocator, BootStrapContext 
context, UserServerRequestHandler handler)
    -      throws DrillbitStartupException {
    +    throws DrillbitStartupException {
         super(allocator, context);
         this.handler = handler;
     
    -    if 
(context.getConfig().getBoolean(ExecConstants.USER_AUTHENTICATION_ENABLED)) {
    -      if (getAuthProvider().getAllFactoryNames().isEmpty()) {
    +    final DrillConfig config = context.getConfig();
    +    final AuthenticatorProvider authProvider = getAuthProvider();
    +
    +    if (config.getBoolean(ExecConstants.USER_AUTHENTICATION_ENABLED)) {
    +      if (authProvider.getAllFactoryNames().isEmpty()) {
             throw new DrillbitStartupException("Authentication enabled, but no 
mechanisms found. Please check " +
    -            "authentication configuration.");
    +          "authentication configuration.");
           }
           authEnabled = true;
    -      logger.info("Configured all user connections to require 
authentication using: {}",
    -          getAuthProvider().getAllFactoryNames());
    +
    +      // Update encryption related parameters.
    +      
encryptionContext.setEncryption(config.getBoolean(ExecConstants.USER_SASL_ENCRYPTION_ENABLED));
    +
    +      int maxEncodeSize = 
config.getInt(ExecConstants.USER_SASL_ENCRYPTION_ENCODESIZE);
    +
    +      if(maxEncodeSize > RpcConstants.MAX_WRAP_SIZE) {
    +        logger.warn("Setting user.sasl.encryption.encodesize to maximum 
allowed value of 16MB");
    +        maxEncodeSize = RpcConstants.MAX_WRAP_SIZE;
    +      }
    +      encryptionContext.setWrappedChunkSize(maxEncodeSize);
    +
    +      if (encryptionContext.isEncryptionEnabled() && 
authProvider.isOnlyPlainConfigured()) {
    --- End diff --
    
    Yes see other comments.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Reply via email to