[
https://issues.apache.org/jira/browse/HDFS-8775?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14662123#comment-14662123
]
Bob Hansen commented on HDFS-8775:
----------------------------------
The lack of comments makes it very hard to verify that the code is doing what
it should. All I can say is "the code kinda does what it looks like it is
trying to do." Especially in the digest handshake protocol, a definition of
the correct behavior would go a long way to being able to confirm that the
behavior is correct.
Things you might want to look into:
sasl_authenticator.h:
* What is the TEST_mock_cnonce for? Do we have a mechanism to strip it out of
release code? Can we #ifdef it out?
sasl_digest.h:
* Why is kMaxBufferSize 64k? Does that relate to some other constant (in which
case, can we import the symbol?) or is it just "64k should be enough for
anybody"?
* GenerateCNonce(): is RAND_pseudo good enough for security in this case, or
should we be using (transitively) /dev/random?
* ParseFirstChallenge(): This will silently accept many malformed requests like
+ foo
+ foo,bar,baz
+ ~~~=~~~
* ParseFirstChallenge(): requires a "nonce" field in the message, but doesn't
use it
* GetMD5Digest(): we should check the return values of the OpenSSL calls
> SASL support for data transfer protocol in libhdfspp
> ----------------------------------------------------
>
> Key: HDFS-8775
> URL: https://issues.apache.org/jira/browse/HDFS-8775
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: hdfs-client
> Reporter: Haohui Mai
> Assignee: Haohui Mai
> Attachments: HDFS-8775.000.patch
>
>
> This jira proposes to implement basic SASL support for the data transfer
> protocol which allows libhdfspp to talk to secure clusters.
> Support for encryption is deferred to subsequent jiras.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
