[ https://issues.apache.org/jira/browse/DRILL-4335?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15970784#comment-15970784 ]
ASF GitHub Bot commented on DRILL-4335: --------------------------------------- Github user sohami commented on a diff in the pull request: https://github.com/apache/drill/pull/773#discussion_r111646590 --- Diff: exec/java-exec/src/main/java/org/apache/drill/exec/rpc/security/AuthenticationOutcomeListener.java --- @@ -243,4 +247,43 @@ public SaslMessage process(SaslChallengeContext context) throws Exception { } } } + + private static void handleSuccess(SaslChallengeContext context) throws SaslException { + final ClientConnection connection = context.connection; + final SaslClient saslClient = connection.getSaslClient(); + + if (connection.isEncrypted()) { + try { + // Check if connection was marked for being secure then verify for negotiated QOP value for + // correctness. + final String negotiatedQOP = saslClient.getNegotiatedProperty(Sasl.QOP).toString(); + assert (negotiatedQOP.equals(SaslProperties.QualityOfProtection.PRIVACY.getSaslQop())); + + // Update the rawWrapChunkSize with the negotiated buffer size since we cannot call encode with more than + // negotiated size of buffer. + final int negotiatedRawSendSize = Integer.parseInt(saslClient + .getNegotiatedProperty(SaslProperties.WRAP_RAW_SEND_SIZE) --- End diff -- thanks for catching this... not sure why I didn't spotted it earlier. That's why I declared a new constant in SaslProperties. Changed to use Sasl.RAW_SEND_SIZE > Apache Drill should support network encryption > ---------------------------------------------- > > Key: DRILL-4335 > URL: https://issues.apache.org/jira/browse/DRILL-4335 > Project: Apache Drill > Issue Type: New Feature > Reporter: Keys Botzum > Assignee: Sorabh Hamirwasia > Labels: security > Attachments: ApacheDrillEncryptionUsingSASLDesign.pdf > > > This is clearly related to Drill-291 but wanted to make explicit that this > needs to include network level encryption and not just authentication. This > is particularly important for the client connection to Drill which will often > be sending passwords in the clear until there is encryption. -- This message was sent by Atlassian JIRA (v6.3.15#6346)