[jira] [Commented] (DRILL-4280) Kerberos Authentication

Mon, 31 Oct 2016 13:16:16 -0700 

    [ 
https://issues.apache.org/jira/browse/DRILL-4280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15623256#comment-15623256
 ] 

ASF GitHub Bot commented on DRILL-4280:
---------------------------------------

Github user laurentgo commented on a diff in the pull request:

    https://github.com/apache/drill/pull/578#discussion_r85806353
  
    --- Diff: 
exec/java-exec/src/main/java/org/apache/drill/exec/rpc/security/plain/PlainServer.java
 ---
    @@ -0,0 +1,175 @@
    +/**
    + * Licensed to the Apache Software Foundation (ASF) under one
    + * or more contributor license agreements.  See the NOTICE file
    + * distributed with this work for additional information
    + * regarding copyright ownership.  The ASF licenses this file
    + * to you under the Apache License, Version 2.0 (the
    + * "License"); you may not use this file except in compliance
    + * with the License.  You may obtain a copy of the License at
    + *
    + *    http://www.apache.org/licenses/LICENSE-2.0
    + *
    + * Unless required by applicable law or agreed to in writing, software
    + * distributed under the License is distributed on an "AS IS" BASIS,
    + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    + * See the License for the specific language governing permissions and
    + * limitations under the License.
    + */
    +package org.apache.drill.exec.rpc.security.plain;
    +
    +import javax.security.auth.callback.Callback;
    +import javax.security.auth.callback.CallbackHandler;
    +import javax.security.auth.callback.NameCallback;
    +import javax.security.auth.callback.PasswordCallback;
    +import javax.security.auth.callback.UnsupportedCallbackException;
    +import javax.security.sasl.AuthorizeCallback;
    +import javax.security.sasl.Sasl;
    +import javax.security.sasl.SaslException;
    +import javax.security.sasl.SaslServer;
    +import javax.security.sasl.SaslServerFactory;
    +import java.io.IOException;
    +import java.security.Provider;
    +import java.util.Map;
    +
    +/**
    + * Plain SaslServer implementation. See https://tools.ietf.org/html/rfc4616
    + */
    +public class PlainServer implements SaslServer {
    +  private static final org.slf4j.Logger logger = 
org.slf4j.LoggerFactory.getLogger(PlainServer.class);
    +
    +  public static class PlainServerFactory implements SaslServerFactory {
    +
    +    @Override
    +    public SaslServer createSaslServer(final String mechanism, final 
String protocol, final String serverName,
    +                                       final Map<String, ?> props, final 
CallbackHandler cbh)
    +        throws SaslException {
    +      return "PLAIN".equals(mechanism) ?
    +          props == null || 
"false".equals(props.get(Sasl.POLICY_NOPLAINTEXT)) ?
    +              new PlainServer(cbh) :
    +              null :
    +          null;
    +    }
    +
    +    @Override
    +    public String[] getMechanismNames(final Map<String, ?> props) {
    +      return props == null || 
"false".equals(props.get(Sasl.POLICY_NOPLAINTEXT)) ?
    +          new String[]{"PLAIN"} :
    +          new String[0];
    +    }
    +  }
    +
    +  @SuppressWarnings("serial")
    +  public static class PlainServerProvider extends Provider {
    +
    +    public PlainServerProvider() {
    +      super("PlainServer", 1.0, "PLAIN SASL Server Provider");
    +      put("SaslServerFactory.PLAIN", PlainServerFactory.class.getName());
    +    }
    +  }
    +
    +  private CallbackHandler cbh;
    +  private boolean completed = false;
    +  private String authorizationID;
    +
    +  PlainServer(final CallbackHandler cbh) throws SaslException {
    +    if (cbh == null) {
    +      throw new SaslException("PLAIN: A callback handler must be 
specified");
    +    }
    +    this.cbh = cbh;
    +  }
    +
    +  @Override
    +  public String getMechanismName() {
    +    return "PLAIN";
    +  }
    +
    +  @Override
    +  public byte[] evaluateResponse(byte[] response) throws SaslException {
    +    if (completed) {
    +      throw new IllegalStateException("PLAIN authentication already 
completed");
    +    }
    +
    +    if (response == null) {
    +      throw new SaslException("Received null response");
    +    }
    +
    +    final String payload;
    +    try {
    +      payload = new String(response, "UTF-8");
    +    } catch (final Exception e) {
    --- End diff --
    
    use `new String(response, java.nio.charset.StandardChaset.UTF_8)`: the 
behaviour of that call is well-defined (and doesn't throw exception)


> Kerberos Authentication
> -----------------------
>
>                 Key: DRILL-4280
>                 URL: https://issues.apache.org/jira/browse/DRILL-4280
>             Project: Apache Drill
>          Issue Type: Improvement
>            Reporter: Keys Botzum
>            Assignee: Chunhui Shi
>              Labels: security
>
> Drill should support Kerberos based authentication from clients. This means 
> that both the ODBC and JDBC drivers as well as the web/REST interfaces should 
> support inbound Kerberos. For Web this would most likely be SPNEGO while for 
> ODBC and JDBC this will be more generic Kerberos.
> Since Hive and much of Hadoop supports Kerberos there is a potential for a 
> lot of reuse of ideas if not implementation.
> Note that this is related to but not the same as 
> https://issues.apache.org/jira/browse/DRILL-3584 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to