drill-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DRILL-4280) Kerberos Authentication
Date Fri, 03 Feb 2017 02:13:52 GMT

    [ https://issues.apache.org/jira/browse/DRILL-4280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15850926#comment-15850926
] 

ASF GitHub Bot commented on DRILL-4280:
---------------------------------------

Github user sohami commented on a diff in the pull request:

    https://github.com/apache/drill/pull/578#discussion_r99260686
  
    --- Diff: exec/java-exec/src/main/java/org/apache/drill/exec/rpc/security/plain/PlainServer.java
---
    @@ -0,0 +1,175 @@
    +/**
    + * Licensed to the Apache Software Foundation (ASF) under one
    + * or more contributor license agreements.  See the NOTICE file
    + * distributed with this work for additional information
    + * regarding copyright ownership.  The ASF licenses this file
    + * to you under the Apache License, Version 2.0 (the
    + * "License"); you may not use this file except in compliance
    + * with the License.  You may obtain a copy of the License at
    + *
    + *    http://www.apache.org/licenses/LICENSE-2.0
    + *
    + * Unless required by applicable law or agreed to in writing, software
    + * distributed under the License is distributed on an "AS IS" BASIS,
    + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    + * See the License for the specific language governing permissions and
    + * limitations under the License.
    + */
    +package org.apache.drill.exec.rpc.security.plain;
    +
    +import javax.security.auth.callback.Callback;
    +import javax.security.auth.callback.CallbackHandler;
    +import javax.security.auth.callback.NameCallback;
    +import javax.security.auth.callback.PasswordCallback;
    +import javax.security.auth.callback.UnsupportedCallbackException;
    +import javax.security.sasl.AuthorizeCallback;
    +import javax.security.sasl.Sasl;
    +import javax.security.sasl.SaslException;
    +import javax.security.sasl.SaslServer;
    +import javax.security.sasl.SaslServerFactory;
    +import java.io.IOException;
    +import java.nio.charset.StandardCharsets;
    +import java.security.Provider;
    +import java.util.Map;
    +
    +/**
    + * Plain SaslServer implementation. See https://tools.ietf.org/html/rfc4616
    + */
    +public class PlainServer implements SaslServer {
    +//  private static final org.slf4j.Logger logger = org.slf4j.LoggerFactory.getLogger(PlainServer.class);
    +
    +  private static final String UTF_8_NULL = "\u0000";
    +
    +  public static final String MECHANISM_NAME = "PLAIN";
    +
    +  public static class PlainServerFactory implements SaslServerFactory {
    +
    +    @Override
    +    public SaslServer createSaslServer(final String mechanism, final String protocol,
final String serverName,
    +                                       final Map<String, ?> props, final CallbackHandler
cbh)
    +        throws SaslException {
    +      return MECHANISM_NAME.equals(mechanism)
    +          ? props == null
    +            ? new PlainServer(cbh)
    +            : ("true".equals(props.get(Sasl.POLICY_NOPLAINTEXT)) ? null : new PlainServer(cbh))
    +          : null;
    +    }
    +
    +    @Override
    +    public String[] getMechanismNames(final Map<String, ?> props) {
    +      return props == null || "false".equals(props.get(Sasl.POLICY_NOPLAINTEXT))
    --- End diff --
    
    we should change this check as well like above to be consistent. Since right now if `props`
is not null  and POLICY_NOPLAINTEXT property is absent then we will return empty string.


> Kerberos Authentication
> -----------------------
>
>                 Key: DRILL-4280
>                 URL: https://issues.apache.org/jira/browse/DRILL-4280
>             Project: Apache Drill
>          Issue Type: Improvement
>            Reporter: Keys Botzum
>            Assignee: Sudheesh Katkam
>              Labels: security
>
> Drill should support Kerberos based authentication from clients. This means that both
the ODBC and JDBC drivers as well as the web/REST interfaces should support inbound Kerberos.
For Web this would most likely be SPNEGO while for ODBC and JDBC this will be more generic
Kerberos.
> Since Hive and much of Hadoop supports Kerberos there is a potential for a lot of reuse
of ideas if not implementation.
> Note that this is related to but not the same as https://issues.apache.org/jira/browse/DRILL-3584




--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message