[
https://issues.apache.org/jira/browse/DRILL-4280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15460179#comment-15460179
]
ASF GitHub Bot commented on DRILL-4280:
---------------------------------------
Github user gparai commented on a diff in the pull request:
https://github.com/apache/drill/pull/578#discussion_r77429753
--- Diff:
exec/java-exec/src/main/java/org/apache/drill/exec/rpc/user/UserServer.java ---
@@ -308,33 +312,57 @@ public BitToUserHandshake
getHandshakeResponse(UserToBitHandshake inbound) throw
connection.setHandshake(inbound);
try {
+ // TODO(SUDHEESH): MUST FIX THIS VERSION CHECK FIRST BEFORE THE
CHECK BELOW
if (inbound.getRpcVersion() != UserRpcConfig.RPC_VERSION) {
final String errMsg = String.format("Invalid rpc version.
Expected %d, actual %d.",
UserRpcConfig.RPC_VERSION, inbound.getRpcVersion());
return handleFailure(respBuilder,
HandshakeStatus.RPC_VERSION_MISMATCH, errMsg, null);
}
- if (authenticator != null) {
- try {
- String password = "";
- final UserProperties props = inbound.getProperties();
- for (int i = 0; i < props.getPropertiesCount(); i++) {
- Property prop = props.getProperties(i);
- if (UserSession.PASSWORD.equalsIgnoreCase(prop.getKey())) {
- password = prop.getValue();
- break;
+ connection.setHandshake(inbound);
+
+ if (authFactory != null) {
+ if (inbound.getRpcVersion() <= 5) { // for backward
compatibility <= 1.8
+ final String userName =
inbound.getCredentials().getUserName();
+ if (logger.isTraceEnabled()) {
+ logger.trace("User {} on connection {} is using an older
client (Drill version <= 1.8).",
+ userName, connection.getRemoteAddress());
+ }
+ try {
+ String password = "";
+ final UserProperties props = inbound.getProperties();
+ for (int i = 0; i < props.getPropertiesCount(); i++) {
+ Property prop = props.getProperties(i);
+ if
(UserSession.PASSWORD.equalsIgnoreCase(prop.getKey())) {
+ password = prop.getValue();
+ break;
+ }
+ }
+ final PlainMechanism plainMechanism =
authFactory.getPlainMechanism();
+ if (plainMechanism == null) {
+ throw new UserAuthenticationException("The server no
longer supports username/password" +
+ " based authentication. Please talk to your system
administrator.");
}
+ plainMechanism.getAuthenticator().authenticate(userName,
password);
+ connection.changeHandlerTo(handler);
+ connection.finalizeSession(userName);
+ respBuilder.setStatus(HandshakeStatus.SUCCESS);
--- End diff --
Would it be useful to add log the successful mechanism (where we have
`respBuilder.setStatus(HandshakeStatus.SUCCESS);`)?
> Kerberos Authentication
> -----------------------
>
> Key: DRILL-4280
> URL: https://issues.apache.org/jira/browse/DRILL-4280
> Project: Apache Drill
> Issue Type: Improvement
> Reporter: Keys Botzum
> Assignee: Sudheesh Katkam
> Labels: security
>
> Drill should support Kerberos based authentication from clients. This means
> that both the ODBC and JDBC drivers as well as the web/REST interfaces should
> support inbound Kerberos. For Web this would most likely be SPNEGO while for
> ODBC and JDBC this will be more generic Kerberos.
> Since Hive and much of Hadoop supports Kerberos there is a potential for a
> lot of reuse of ideas if not implementation.
> Note that this is related to but not the same as
> https://issues.apache.org/jira/browse/DRILL-3584
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
