[
https://issues.apache.org/jira/browse/DRILL-4280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15623260#comment-15623260
]
ASF GitHub Bot commented on DRILL-4280:
---------------------------------------
Github user laurentgo commented on a diff in the pull request:
https://github.com/apache/drill/pull/578#discussion_r85802018
--- Diff: contrib/native/client/src/clientlib/drillClientImpl.cpp ---
@@ -1849,4 +2048,150 @@ void ZookeeperImpl:: debugPrint(){
}
}
+typedef int (*sasl_callback_proc_t)(void); // see sasl_callback_ft
+
+static int SaslAuthenticatorImpl::userNameCallback(void *context, int id,
const char **result, unsigned *len) {
+ const std::string* const username = (const std::string* const) context;
+
+ if ((SASL_CB_USER == id || SASL_CB_AUTHNAME == id)
+ && username != NULL) {
+ *result = username->c_str();
+// *len = (unsigned int) username->length();
+ }
+ return SASL_OK;
+}
+
+static int SaslAuthenticatorImpl::passwordCallback(sasl_conn_t *conn, void
*context, int id, sasl_secret_t **psecret) {
+ const SaslAuthenticatorImpl* const authenticator = (const
SaslAuthenticatorImpl* const) context;
+
+ if (SASL_CB_PASS == id) {
+ const std::string password = authenticator->m_password;
+ const size_t length = password.length();
+ authenticator->m_secret->len = length;
+ std::memcpy(authenticator->m_secret->data, password.c_str(),
length);
+ *psecret = authenticator->m_secret;
+ }
+ return SASL_OK;
+}
+
+SaslAuthenticatorImpl::SaslAuthenticatorImpl(const DrillUserProperties*
const properties) :
+ m_properties(properties), m_pConnection(NULL), m_secret(NULL),
m_servicename(NULL), m_servicehost(NULL) {
+}
+
+SaslAuthenticatorImpl::~SaslAuthenticatorImpl() {
+ if (m_secret) {
+ free(m_secret);
+ }
+ // may be to use negotiated security layers before disposing in the
future
+ if (m_pConnection) {
--- End diff --
you can guard if you store the sasl connection into a smart pointer (where
you specify sasl_dispose as the destructor)
> Kerberos Authentication
> -----------------------
>
> Key: DRILL-4280
> URL: https://issues.apache.org/jira/browse/DRILL-4280
> Project: Apache Drill
> Issue Type: Improvement
> Reporter: Keys Botzum
> Assignee: Chunhui Shi
> Labels: security
>
> Drill should support Kerberos based authentication from clients. This means
> that both the ODBC and JDBC drivers as well as the web/REST interfaces should
> support inbound Kerberos. For Web this would most likely be SPNEGO while for
> ODBC and JDBC this will be more generic Kerberos.
> Since Hive and much of Hadoop supports Kerberos there is a potential for a
> lot of reuse of ideas if not implementation.
> Note that this is related to but not the same as
> https://issues.apache.org/jira/browse/DRILL-3584
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
