drill-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DRILL-4280) Kerberos Authentication
Date Mon, 31 Oct 2016 20:15:00 GMT

    [ https://issues.apache.org/jira/browse/DRILL-4280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15623246#comment-15623246
] 

ASF GitHub Bot commented on DRILL-4280:
---------------------------------------

Github user laurentgo commented on a diff in the pull request:

    https://github.com/apache/drill/pull/578#discussion_r85798619
  
    --- Diff: contrib/native/client/src/clientlib/drillClientImpl.cpp ---
    @@ -1849,4 +2048,150 @@ void ZookeeperImpl:: debugPrint(){
         }
     }
     
    +typedef int (*sasl_callback_proc_t)(void); // see sasl_callback_ft
    +
    +static int SaslAuthenticatorImpl::userNameCallback(void *context, int id, const char
**result, unsigned *len) {
    +    const std::string* const username = (const std::string* const) context;
    +
    +    if ((SASL_CB_USER == id || SASL_CB_AUTHNAME == id)
    +        && username != NULL) {
    +        *result = username->c_str();
    +//        *len = (unsigned int) username->length();
    +    }
    +    return SASL_OK;
    +}
    +
    +static int SaslAuthenticatorImpl::passwordCallback(sasl_conn_t *conn, void *context,
int id, sasl_secret_t **psecret) {
    +    const SaslAuthenticatorImpl* const authenticator = (const SaslAuthenticatorImpl*
const) context;
    +
    +    if (SASL_CB_PASS == id) {
    +        const std::string password = authenticator->m_password;
    +        const size_t length = password.length();
    +        authenticator->m_secret->len = length;
    +        std::memcpy(authenticator->m_secret->data, password.c_str(), length);
    +        *psecret = authenticator->m_secret;
    +    }
    +   return SASL_OK;
    +}
    +
    +SaslAuthenticatorImpl::SaslAuthenticatorImpl(const DrillUserProperties* const properties)
:
    +    m_properties(properties), m_pConnection(NULL), m_secret(NULL), m_servicename(NULL),
m_servicehost(NULL) {
    +}
    +
    +SaslAuthenticatorImpl::~SaslAuthenticatorImpl() {
    +    if (m_secret) {
    +        free(m_secret);
    +    }
    +    // may be to use negotiated security layers before disposing in the future
    +    if (m_pConnection) {
    +        sasl_dispose(&m_pConnection);
    +    }
    +    m_pConnection = NULL;
    +}
    +
    +int SaslAuthenticatorImpl::init(std::vector<std::string> mechanisms,
    --- End diff --
    
    use a const ref for mechanism


> Kerberos Authentication
> -----------------------
>
>                 Key: DRILL-4280
>                 URL: https://issues.apache.org/jira/browse/DRILL-4280
>             Project: Apache Drill
>          Issue Type: Improvement
>            Reporter: Keys Botzum
>            Assignee: Chunhui Shi
>              Labels: security
>
> Drill should support Kerberos based authentication from clients. This means that both
the ODBC and JDBC drivers as well as the web/REST interfaces should support inbound Kerberos.
For Web this would most likely be SPNEGO while for ODBC and JDBC this will be more generic
Kerberos.
> Since Hive and much of Hadoop supports Kerberos there is a potential for a lot of reuse
of ideas if not implementation.
> Note that this is related to but not the same as https://issues.apache.org/jira/browse/DRILL-3584




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message