drill-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From laurentgo <...@git.apache.org>
Subject [GitHub] drill pull request #578: DRILL-4280: Kerberos Authentication
Date Mon, 31 Oct 2016 20:14:45 GMT
Github user laurentgo commented on a diff in the pull request:

    https://github.com/apache/drill/pull/578#discussion_r85798339
  
    --- Diff: contrib/native/client/src/clientlib/drillClientImpl.cpp ---
    @@ -1849,4 +2048,150 @@ void ZookeeperImpl:: debugPrint(){
         }
     }
     
    +typedef int (*sasl_callback_proc_t)(void); // see sasl_callback_ft
    +
    +static int SaslAuthenticatorImpl::userNameCallback(void *context, int id, const char
**result, unsigned *len) {
    +    const std::string* const username = (const std::string* const) context;
    +
    +    if ((SASL_CB_USER == id || SASL_CB_AUTHNAME == id)
    +        && username != NULL) {
    +        *result = username->c_str();
    +//        *len = (unsigned int) username->length();
    +    }
    +    return SASL_OK;
    +}
    +
    +static int SaslAuthenticatorImpl::passwordCallback(sasl_conn_t *conn, void *context,
int id, sasl_secret_t **psecret) {
    +    const SaslAuthenticatorImpl* const authenticator = (const SaslAuthenticatorImpl*
const) context;
    +
    +    if (SASL_CB_PASS == id) {
    +        const std::string password = authenticator->m_password;
    +        const size_t length = password.length();
    +        authenticator->m_secret->len = length;
    +        std::memcpy(authenticator->m_secret->data, password.c_str(), length);
    +        *psecret = authenticator->m_secret;
    +    }
    +   return SASL_OK;
    +}
    +
    +SaslAuthenticatorImpl::SaslAuthenticatorImpl(const DrillUserProperties* const properties)
:
    +    m_properties(properties), m_pConnection(NULL), m_secret(NULL), m_servicename(NULL),
m_servicehost(NULL) {
    +}
    +
    +SaslAuthenticatorImpl::~SaslAuthenticatorImpl() {
    +    if (m_secret) {
    +        free(m_secret);
    +    }
    +    // may be to use negotiated security layers before disposing in the future
    +    if (m_pConnection) {
    +        sasl_dispose(&m_pConnection);
    +    }
    +    m_pConnection = NULL;
    +}
    +
    +int SaslAuthenticatorImpl::init(std::vector<std::string> mechanisms,
    +                                std::string &chosenMech,
    +                                const char **out,
    +                                unsigned *outlen) {
    +    // set params
    +    std::string authMechanismToUse = NULL;
    +    for (size_t i = 0; i < m_properties->size(); i++) {
    +        const std::map<std::string, uint32_t>::const_iterator it =
    +                DrillUserProperties::USER_PROPERTIES.find(m_properties->keyAt(i));
    +        if (it == DrillUserProperties::USER_PROPERTIES.end()) {
    +            continue;
    +        }
    +        if (IS_BITSET((*it).second, USERPROP_FLAGS_USERNAME)) {
    +            DRILL_MT_LOG(DRILL_LOG(LOG_TRACE) << "Setting name" << std::endl;)
    +            m_username = m_properties->valueAt(i);
    +            continue;
    +        }
    +        if (IS_BITSET((*it).second, USERPROP_FLAGS_PASSWORD)) {
    +            DRILL_MT_LOG(DRILL_LOG(LOG_TRACE) << "Setting password" << std::endl;)
    +            m_password = m_properties->valueAt(i);
    +            m_secret = (sasl_secret_t *) malloc(sizeof(sasl_secret_t) + m_password.length());
    +            authMechanismToUse = "plain";
    +            continue;
    +        }
    +        if (IS_BITSET((*it).second, USERPROP_FLAGS_AUTH_MECHANISM)) {
    +            DRILL_MT_LOG(DRILL_LOG(LOG_TRACE) << "Setting service name" <<
std::endl;)
    +            authMechanismToUse = m_properties->valueAt(i);
    +            continue;
    +        }
    +        if (IS_BITSET((*it).second, USERPROP_FLAGS_SERVICE_NAME)) {
    +            DRILL_MT_LOG(DRILL_LOG(LOG_TRACE) << "Setting service name" <<
std::endl;)
    +            m_servicename = m_properties->valueAt(i);
    +            continue;
    +        }
    +        if (IS_BITSET((*it).second, USERPROP_FLAGS_SERVICE_HOST)) {
    +            DRILL_MT_LOG(DRILL_LOG(LOG_TRACE) << "Setting service host" <<
std::endl;)
    +            m_servicehost = m_properties->valueAt(i);
    +        }
    +    }
    +    if (authMechanismToUse == NULL) {
    +        return SASL_NOMECH;
    +    }
    +
    +    bool isSupportedByServer = false;
    +    for (size_t i = 0; i < mechanisms.size(); i++) {
    +        std::string mechanism = mechanisms[i];
    +        if (authMechanismToUse.compare(mechanism) == 0) {
    +            isSupportedByServer = true;
    +        }
    +    }
    +    if (!isSupportedByServer) {
    +        return SASL_NOMECH;
    +    }
    +    boost::algorithm::to_lower(authMechanismToUse);
    +    chosenMech = authMechanismToUse;
    +    std::string sasMechanismToUse = NULL;
    +    if (authMechanismToUse.compare("plain") == 0) {
    +        sasMechanismToUse = "plain";
    +    } else if (authMechanismToUse.compare("kerberos") == 0) {
    +        sasMechanismToUse = "gssapi";
    +    } else {
    +        return SASL_NOMECH;
    +    }
    +
    +    // create
    +    const sasl_callback_t callbacks[] = {
    +        {
    +            SASL_CB_USER, (sasl_callback_proc_t) &userNameCallback, (void *) &m_username
    --- End diff --
    
    maybe you can use the same callback function for all of them


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message