drill-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From laurentgo <...@git.apache.org>
Subject [GitHub] drill pull request #578: DRILL-4280: Kerberos Authentication
Date Tue, 07 Feb 2017 18:19:49 GMT
Github user laurentgo commented on a diff in the pull request:

    https://github.com/apache/drill/pull/578#discussion_r99887378
  
    --- Diff: exec/java-exec/src/main/java/org/apache/drill/exec/rpc/control/ControlClient.java
---
    @@ -89,14 +90,48 @@ public MessageLite getResponseDefaultInstance(int rpcType) throws
RpcException {
       }
     
       @Override
    -  protected Response handle(ControlConnection connection, int rpcType, ByteBuf pBody,
ByteBuf dBody) throws RpcException {
    -    return handler.handle(connection, rpcType, pBody, dBody);
    +  protected void handle(ControlConnection connection, int rpcType, ByteBuf pBody, ByteBuf
dBody,
    +                        ResponseSender sender) throws RpcException {
    +    connection.getCurrentHandler().handle(connection, rpcType, pBody, dBody, sender);
       }
     
       @Override
       protected void validateHandshake(BitControlHandshake handshake) throws RpcException
{
         if (handshake.getRpcVersion() != ControlRpcConfig.RPC_VERSION) {
    -      throw new RpcException(String.format("Invalid rpc version.  Expected %d, actual
%d.", handshake.getRpcVersion(), ControlRpcConfig.RPC_VERSION));
    +      throw new RpcException(String.format("Invalid rpc version.  Expected %d, actual
%d.",
    +          handshake.getRpcVersion(), ControlRpcConfig.RPC_VERSION));
    +    }
    +
    +    if (handshake.getAuthenticationMechanismsCount() != 0) { // remote requires authentication
    +      if (config.getAuthProvider() == null) {
    +        throw new RpcException(String.format("Drillbit (%s) requires auth, but auth is
not configured.",
    +            remoteEndpoint.getAddress()));
    +      }
    +      if (!handshake.getAuthenticationMechanismsList().contains(config.getAuthMechanismToUse()))
{
    +        throw new RpcException(String.format("Drillbit (%s) does not support %s", remoteEndpoint.getAddress(),
    +            config.getAuthMechanismToUse()));
    +      }
    +
    +      final SaslClient saslClient;
    +      try {
    +        saslClient = config.getAuthProvider()
    +            .getAuthenticatorFactory(config.getAuthMechanismToUse())
    +            .createSaslClient(UserGroupInformation.getLoginUser(),
    +                config.getSaslClientProperties(remoteEndpoint));
    +      } catch (final SaslException e) {
    +        throw new RpcException("Failed to create SaslClient.", e);
    +      } catch (final IOException e) {
    +        throw new RpcException("Unexpected failure trying to login.", e);
    +      }
    +      if (saslClient == null) {
    --- End diff --
    
    is it even possible? I'm assuming that createSaslClient would throw in case of error...


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message