[GitHub] drill pull request #578: DRILL-4280: Kerberos Authentication

Tue, 07 Feb 2017 14:57:58 -0800 

Github user sudheeshkatkam commented on a diff in the pull request:

    https://github.com/apache/drill/pull/578#discussion_r99952254
  
    --- Diff: 
exec/java-exec/src/main/java/org/apache/drill/exec/rpc/control/ControlClient.java
 ---
    @@ -89,14 +90,48 @@ public MessageLite getResponseDefaultInstance(int 
rpcType) throws RpcException {
       }
     
       @Override
    -  protected Response handle(ControlConnection connection, int rpcType, 
ByteBuf pBody, ByteBuf dBody) throws RpcException {
    -    return handler.handle(connection, rpcType, pBody, dBody);
    +  protected void handle(ControlConnection connection, int rpcType, ByteBuf 
pBody, ByteBuf dBody,
    +                        ResponseSender sender) throws RpcException {
    +    connection.getCurrentHandler().handle(connection, rpcType, pBody, 
dBody, sender);
       }
     
       @Override
       protected void validateHandshake(BitControlHandshake handshake) throws 
RpcException {
         if (handshake.getRpcVersion() != ControlRpcConfig.RPC_VERSION) {
    -      throw new RpcException(String.format("Invalid rpc version.  Expected 
%d, actual %d.", handshake.getRpcVersion(), ControlRpcConfig.RPC_VERSION));
    +      throw new RpcException(String.format("Invalid rpc version.  Expected 
%d, actual %d.",
    +          handshake.getRpcVersion(), ControlRpcConfig.RPC_VERSION));
    +    }
    +
    +    if (handshake.getAuthenticationMechanismsCount() != 0) { // remote 
requires authentication
    +      if (config.getAuthProvider() == null) {
    +        throw new RpcException(String.format("Drillbit (%s) requires auth, 
but auth is not configured.",
    +            remoteEndpoint.getAddress()));
    +      }
    +      if 
(!handshake.getAuthenticationMechanismsList().contains(config.getAuthMechanismToUse()))
 {
    +        throw new RpcException(String.format("Drillbit (%s) does not 
support %s", remoteEndpoint.getAddress(),
    +            config.getAuthMechanismToUse()));
    +      }
    +
    +      final SaslClient saslClient;
    +      try {
    +        saslClient = config.getAuthProvider()
    +            .getAuthenticatorFactory(config.getAuthMechanismToUse())
    +            .createSaslClient(UserGroupInformation.getLoginUser(),
    +                config.getSaslClientProperties(remoteEndpoint));
    +      } catch (final SaslException e) {
    +        throw new RpcException("Failed to create SaslClient.", e);
    +      } catch (final IOException e) {
    +        throw new RpcException("Unexpected failure trying to login.", e);
    +      }
    +      if (saslClient == null) {
    --- End diff --
    
    Yes, per the [SaslClientFactory 
API](https://docs.oracle.com/javase/7/docs/api/javax/security/sasl/SaslClientFactory.html#createSaslClient(java.lang.String[],%20java.lang.String,%20java.lang.String,%20java.lang.String,%20java.util.Map,%20javax.security.auth.callback.CallbackHandler)).


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---

Reply via email to