Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id C94E0200C4D for ; Wed, 5 Apr 2017 22:18:45 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id C7D64160B76; Wed, 5 Apr 2017 20:18:45 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 18872160B94 for ; Wed, 5 Apr 2017 22:18:44 +0200 (CEST) Received: (qmail 51275 invoked by uid 500); 5 Apr 2017 20:18:44 -0000 Mailing-List: contact issues-help@hbase.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list issues@hbase.apache.org Received: (qmail 51264 invoked by uid 99); 5 Apr 2017 20:18:44 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 Apr 2017 20:18:44 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id B77971813A4 for ; Wed, 5 Apr 2017 20:18:43 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -100.002 X-Spam-Level: X-Spam-Status: No, score=-100.002 tagged_above=-999 required=6.31 tests=[RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id zJHePYAE848z for ; Wed, 5 Apr 2017 20:18:42 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 6A9165FAE7 for ; Wed, 5 Apr 2017 20:18:42 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id E6800E06FE for ; Wed, 5 Apr 2017 20:18:41 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 9D182263C5 for ; Wed, 5 Apr 2017 20:18:41 +0000 (UTC) Date: Wed, 5 Apr 2017 20:18:41 +0000 (UTC) From: "Ted Yu (JIRA)" To: issues@hbase.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (HBASE-17860) Implement secure native client connection MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Wed, 05 Apr 2017 20:18:46 -0000 [ https://issues.apache.org/jira/browse/HBASE-17860?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ted Yu updated HBASE-17860: --------------------------- Description: So far, the native client communicates with insecure cluster. This JIRA is to add secure connection support for native client using Cyrus library. The work is based on earlier implementation and is redone via wangle and folly frameworks. Thanks to [~devaraj] who started the initiative. Here is high level description of the design: * SaslHandler is declared as: {code} class SaslHandler : public wangle::HandlerAdapter>{ {code} It would be inserted between EventBaseHandler and LengthFieldBasedFrameDecoder in the pipeline (via RpcPipelineFactory::newPipeline()) * SaslHandler would intercept writes to server by buffering the IOBuf's and start the handshake process (via sasl_client_XX calls provided by Cyrus) * after handshake is complete, SaslHandler would send the buffered IOBuf's to server and act as pass-thru from then on was: So far, the native client communicates with insecure cluster. This JIRA is to add secure connection support for native client using Cyrus library. The work is based on earlier implementation and is redone via wangle and folly frameworks. Thanks to [~devaraj] who started the initiative. Here is high level description of the design: * SaslHandler is declared as: {code} class SaslHandler : public wangle::HandlerAdapter>{ {code} It would be inserted between EventBaseHandler and LengthFieldBasedFrameDecoder in the pipeline (via ConnectionFactory::Connect()) * SaslHandler would intercept writes to server by buffering the IOBuf's and start the handshake process (via sasl_client_XX calls provided by Cyrus) * after handshake is complete, SaslHandler would send the buffered IOBuf's to server and act as pass-thru from then on > Implement secure native client connection > ----------------------------------------- > > Key: HBASE-17860 > URL: https://issues.apache.org/jira/browse/HBASE-17860 > Project: HBase > Issue Type: Sub-task > Reporter: Ted Yu > Assignee: Ted Yu > Priority: Critical > Attachments: 17860.v2.txt, 17860.v3.txt, 17860.v4.txt > > > So far, the native client communicates with insecure cluster. > This JIRA is to add secure connection support for native client using Cyrus library. > The work is based on earlier implementation and is redone via wangle and folly frameworks. > Thanks to [~devaraj] who started the initiative. > Here is high level description of the design: > * SaslHandler is declared as: > {code} > class SaslHandler > : public wangle::HandlerAdapter>{ > {code} > It would be inserted between EventBaseHandler and LengthFieldBasedFrameDecoder in the pipeline (via RpcPipelineFactory::newPipeline()) > * SaslHandler would intercept writes to server by buffering the IOBuf's and start the handshake process (via sasl_client_XX calls provided by Cyrus) > * after handshake is complete, SaslHandler would send the buffered IOBuf's to server and act as pass-thru from then on -- This message was sent by Atlassian JIRA (v6.3.15#6346)