Todd Lipcon has posted comments on this change. Change subject: [security] Add per-connection nonce for Kerberos replay resistance ......................................................................
Patch Set 3: (6 comments) http://gerrit.cloudera.org:8080/#/c/6137/3//COMMIT_MSG Commit Message: PS3, Line 11: and is extremely slow in older versions of the library. I think it's extremely slow in all versions of the library (the "avoid fsync" thing is a project plan but I dont think it's implemented yet?) http://gerrit.cloudera.org:8080/#/c/6137/3/docs/design-docs/rpc.md File docs/design-docs/rpc.md: PS3, Line 543: against Kerberos replay attacks. think it's worth adding here something like "Kerberos's built-in replay attack mitigation is extremely slow, so this allows much faster connection negotiation" or something to that effect http://gerrit.cloudera.org:8080/#/c/6137/3/src/kudu/rpc/rpc_header.proto File src/kudu/rpc/rpc_header.proto: PS3, Line 57: negotatition nit: typo PS3, Line 60: nonce rename this field to "wrapped_nonce" or "nonce_reply" or something? it seems odd to name this 'nonce' because it's not actually the nonce anymore http://gerrit.cloudera.org:8080/#/c/6137/3/src/kudu/rpc/server_negotiation.cc File src/kudu/rpc/server_negotiation.cc: PS3, Line 719: nonce_ = string(kNonceSize, '\0'); : RETURN_NOT_OK(security::GenerateNonce(*nonce_)); : : // Sanity check the nonce. : DCHECK_EQ(kNonceSize, nonce_->size()); : DCHECK_NE(*nonce_, "\0\0\0\0\0\0\0\0"); : this smells a little goofy to me. why do you have to pre-initialize nonce_? also seems a little strange to defensively check that GenerateNonce does what it's sposed to do http://gerrit.cloudera.org:8080/#/c/6137/3/src/kudu/security/crypto.h File src/kudu/security/crypto.h: PS3, Line 88: // Generates a nonce, and writes it to the provided slice. : Status GenerateNonce(Slice slice); Pretty strange signature. Why not just a string* and maybe an 'int length' -- To view, visit http://gerrit.cloudera.org:8080/6137 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: If0fb433896963be5e81d349ebf3a044a458e6627 Gerrit-PatchSet: 3 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Dan Burkert <danburk...@apache.org> Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Todd Lipcon <t...@apache.org> Gerrit-HasComments: Yes
