drill-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DRILL-4280) Kerberos Authentication
Date Tue, 07 Feb 2017 18:20:42 GMT

    [ https://issues.apache.org/jira/browse/DRILL-4280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15856472#comment-15856472
] 

ASF GitHub Bot commented on DRILL-4280:
---------------------------------------

Github user laurentgo commented on a diff in the pull request:

    https://github.com/apache/drill/pull/578#discussion_r99875648
  
    --- Diff: contrib/native/client/src/clientlib/drillClientImpl.cpp ---
    @@ -407,37 +422,155 @@ connectionStatus_t DrillClientImpl::validateHandshake(DrillUserProperties*
prope
         if(ret!=CONN_SUCCESS){
             return ret;
         }
    -    if(this->m_handshakeStatus != exec::user::SUCCESS){
    -        switch(this->m_handshakeStatus){
    -            case exec::user::RPC_VERSION_MISMATCH:
    -                DRILL_MT_LOG(DRILL_LOG(LOG_TRACE) << "Invalid rpc version.  Expected
"
    -                    << DRILL_RPC_VERSION << ", actual "<< m_handshakeVersion
<< "." << std::endl;)
    -                return handleConnError(CONN_BAD_RPC_VER,
    -                        getMessage(ERR_CONN_BAD_RPC_VER, DRILL_RPC_VERSION,
    -                            m_handshakeVersion,
    -                            this->m_handshakeErrorId.c_str(),
    -                            this->m_handshakeErrorMsg.c_str()));
    -            case exec::user::AUTH_FAILED:
    -                DRILL_MT_LOG(DRILL_LOG(LOG_TRACE) << "Authentication failed." <<
std::endl;)
    -                return handleConnError(CONN_AUTH_FAILED,
    -                        getMessage(ERR_CONN_AUTHFAIL,
    -                            this->m_handshakeErrorId.c_str(),
    -                            this->m_handshakeErrorMsg.c_str()));
    -            case exec::user::UNKNOWN_FAILURE:
    -                DRILL_MT_LOG(DRILL_LOG(LOG_TRACE) << "Unknown error during handshake."
<< std::endl;)
    -                return handleConnError(CONN_HANDSHAKE_FAILED,
    -                        getMessage(ERR_CONN_UNKNOWN_ERR,
    -                            this->m_handshakeErrorId.c_str(),
    -                            this->m_handshakeErrorMsg.c_str()));
    -            default:
    -                break;
    +
    +    switch(this->m_handshakeStatus) {
    +        case exec::user::SUCCESS:
    +            // reset io_service after handshake is validated before running queries
    +            m_io_service.reset();
    +            return CONN_SUCCESS;
    +        case exec::user::RPC_VERSION_MISMATCH:
    +            DRILL_MT_LOG(DRILL_LOG(LOG_TRACE) << "Invalid rpc version.  Expected
"
    +                << DRILL_RPC_VERSION << ", actual "<< m_handshakeVersion
<< "." << std::endl;)
    +            return handleConnError(CONN_BAD_RPC_VER, getMessage(ERR_CONN_BAD_RPC_VER,
DRILL_RPC_VERSION,
    +                                                                m_handshakeVersion,
    +                                                                this->m_handshakeErrorId.c_str(),
    +                                                                this->m_handshakeErrorMsg.c_str()));
    +        case exec::user::AUTH_FAILED:
    +            DRILL_MT_LOG(DRILL_LOG(LOG_TRACE) << "Authentication failed." <<
std::endl;)
    +            return handleConnError(CONN_AUTH_FAILED, getMessage(ERR_CONN_AUTHFAIL,
    +                                                                this->m_handshakeErrorId.c_str(),
    +                                                                this->m_handshakeErrorMsg.c_str()));
    +        case exec::user::UNKNOWN_FAILURE:
    +            DRILL_MT_LOG(DRILL_LOG(LOG_TRACE) << "Unknown error during handshake."
<< std::endl;)
    +            return handleConnError(CONN_HANDSHAKE_FAILED, getMessage(ERR_CONN_UNKNOWN_ERR,
    +                                                                     this->m_handshakeErrorId.c_str(),
    +                                                                     this->m_handshakeErrorMsg.c_str()));
    +        case exec::user::AUTH_REQUIRED:
    +            DRILL_MT_LOG(DRILL_LOG(LOG_TRACE) << "Server requires SASL authentication."
<< std::endl;)
    +            return authenticate(properties);
    +        default:
    +            DRILL_MT_LOG(DRILL_LOG(LOG_TRACE) << "Unknown return status." <<
std::endl;)
    +            return handleConnError(CONN_HANDSHAKE_FAILED, getMessage(ERR_CONN_UNKNOWN_ERR,
    +                                                                     this->m_handshakeErrorId.c_str(),
    +                                                                     this->m_handshakeErrorMsg.c_str()));
    +    }
    +}
    +
    +connectionStatus_t DrillClientImpl::authenticate(const DrillUserProperties* userProperties)
{
    +    try {
    +        m_saslAuthenticator = new SaslAuthenticatorImpl(userProperties);
    +    } catch (std::runtime_error& e) {
    --- End diff --
    
    exceptions in C++ are tricky, I'm not against personally, but I wonder if this is needed
(especially since here, it's because static initialization failed...)


> Kerberos Authentication
> -----------------------
>
>                 Key: DRILL-4280
>                 URL: https://issues.apache.org/jira/browse/DRILL-4280
>             Project: Apache Drill
>          Issue Type: Improvement
>            Reporter: Keys Botzum
>            Assignee: Sudheesh Katkam
>              Labels: security
>
> Drill should support Kerberos based authentication from clients. This means that both
the ODBC and JDBC drivers as well as the web/REST interfaces should support inbound Kerberos.
For Web this would most likely be SPNEGO while for ODBC and JDBC this will be more generic
Kerberos.
> Since Hive and much of Hadoop supports Kerberos there is a potential for a lot of reuse
of ideas if not implementation.
> Note that this is related to but not the same as https://issues.apache.org/jira/browse/DRILL-3584




--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message