[jira] [Commented] (DRILL-4280) Kerberos Authentication

Mon, 31 Oct 2016 13:15:42 -0700 

    [ 
https://issues.apache.org/jira/browse/DRILL-4280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15623249#comment-15623249
 ] 

ASF GitHub Bot commented on DRILL-4280:
---------------------------------------

Github user laurentgo commented on a diff in the pull request:

    https://github.com/apache/drill/pull/578#discussion_r85798863
  
    --- Diff: contrib/native/client/src/clientlib/drillClientImpl.cpp ---
    @@ -1849,4 +2048,150 @@ void ZookeeperImpl:: debugPrint(){
         }
     }
     
    +typedef int (*sasl_callback_proc_t)(void); // see sasl_callback_ft
    +
    +static int SaslAuthenticatorImpl::userNameCallback(void *context, int id, 
const char **result, unsigned *len) {
    +    const std::string* const username = (const std::string* const) context;
    +
    +    if ((SASL_CB_USER == id || SASL_CB_AUTHNAME == id)
    +        && username != NULL) {
    +        *result = username->c_str();
    +//        *len = (unsigned int) username->length();
    +    }
    +    return SASL_OK;
    +}
    +
    +static int SaslAuthenticatorImpl::passwordCallback(sasl_conn_t *conn, void 
*context, int id, sasl_secret_t **psecret) {
    +    const SaslAuthenticatorImpl* const authenticator = (const 
SaslAuthenticatorImpl* const) context;
    +
    +    if (SASL_CB_PASS == id) {
    +        const std::string password = authenticator->m_password;
    +        const size_t length = password.length();
    +        authenticator->m_secret->len = length;
    +        std::memcpy(authenticator->m_secret->data, password.c_str(), 
length);
    +        *psecret = authenticator->m_secret;
    +    }
    +   return SASL_OK;
    +}
    +
    +SaslAuthenticatorImpl::SaslAuthenticatorImpl(const DrillUserProperties* 
const properties) :
    +    m_properties(properties), m_pConnection(NULL), m_secret(NULL), 
m_servicename(NULL), m_servicehost(NULL) {
    +}
    +
    +SaslAuthenticatorImpl::~SaslAuthenticatorImpl() {
    +    if (m_secret) {
    +        free(m_secret);
    +    }
    +    // may be to use negotiated security layers before disposing in the 
future
    +    if (m_pConnection) {
    +        sasl_dispose(&m_pConnection);
    +    }
    +    m_pConnection = NULL;
    +}
    +
    +int SaslAuthenticatorImpl::init(std::vector<std::string> mechanisms,
    +                                std::string &chosenMech,
    +                                const char **out,
    +                                unsigned *outlen) {
    +    // set params
    +    std::string authMechanismToUse = NULL;
    +    for (size_t i = 0; i < m_properties->size(); i++) {
    +        const std::map<std::string, uint32_t>::const_iterator it =
    +                
DrillUserProperties::USER_PROPERTIES.find(m_properties->keyAt(i));
    +        if (it == DrillUserProperties::USER_PROPERTIES.end()) {
    +            continue;
    +        }
    +        if (IS_BITSET((*it).second, USERPROP_FLAGS_USERNAME)) {
    +            DRILL_MT_LOG(DRILL_LOG(LOG_TRACE) << "Setting name" << 
std::endl;)
    +            m_username = m_properties->valueAt(i);
    +            continue;
    +        }
    +        if (IS_BITSET((*it).second, USERPROP_FLAGS_PASSWORD)) {
    +            DRILL_MT_LOG(DRILL_LOG(LOG_TRACE) << "Setting password" << 
std::endl;)
    +            m_password = m_properties->valueAt(i);
    +            m_secret = (sasl_secret_t *) malloc(sizeof(sasl_secret_t) + 
m_password.length());
    +            authMechanismToUse = "plain";
    +            continue;
    +        }
    +        if (IS_BITSET((*it).second, USERPROP_FLAGS_AUTH_MECHANISM)) {
    +            DRILL_MT_LOG(DRILL_LOG(LOG_TRACE) << "Setting service name" << 
std::endl;)
    +            authMechanismToUse = m_properties->valueAt(i);
    +            continue;
    +        }
    +        if (IS_BITSET((*it).second, USERPROP_FLAGS_SERVICE_NAME)) {
    +            DRILL_MT_LOG(DRILL_LOG(LOG_TRACE) << "Setting service name" << 
std::endl;)
    +            m_servicename = m_properties->valueAt(i);
    +            continue;
    +        }
    +        if (IS_BITSET((*it).second, USERPROP_FLAGS_SERVICE_HOST)) {
    +            DRILL_MT_LOG(DRILL_LOG(LOG_TRACE) << "Setting service host" << 
std::endl;)
    +            m_servicehost = m_properties->valueAt(i);
    +        }
    +    }
    +    if (authMechanismToUse == NULL) {
    +        return SASL_NOMECH;
    +    }
    +
    +    bool isSupportedByServer = false;
    +    for (size_t i = 0; i < mechanisms.size(); i++) {
    +        std::string mechanism = mechanisms[i];
    --- End diff --
    
    you can use a const reference


> Kerberos Authentication
> -----------------------
>
>                 Key: DRILL-4280
>                 URL: https://issues.apache.org/jira/browse/DRILL-4280
>             Project: Apache Drill
>          Issue Type: Improvement
>            Reporter: Keys Botzum
>            Assignee: Chunhui Shi
>              Labels: security
>
> Drill should support Kerberos based authentication from clients. This means 
> that both the ODBC and JDBC drivers as well as the web/REST interfaces should 
> support inbound Kerberos. For Web this would most likely be SPNEGO while for 
> ODBC and JDBC this will be more generic Kerberos.
> Since Hive and much of Hadoop supports Kerberos there is a potential for a 
> lot of reuse of ideas if not implementation.
> Note that this is related to but not the same as 
> https://issues.apache.org/jira/browse/DRILL-3584 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to