[
https://issues.apache.org/jira/browse/DRILL-4280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15856481#comment-15856481
]
ASF GitHub Bot commented on DRILL-4280:
---------------------------------------
Github user laurentgo commented on a diff in the pull request:
https://github.com/apache/drill/pull/578#discussion_r99887378
--- Diff:
exec/java-exec/src/main/java/org/apache/drill/exec/rpc/control/ControlClient.java
---
@@ -89,14 +90,48 @@ public MessageLite getResponseDefaultInstance(int
rpcType) throws RpcException {
}
@Override
- protected Response handle(ControlConnection connection, int rpcType,
ByteBuf pBody, ByteBuf dBody) throws RpcException {
- return handler.handle(connection, rpcType, pBody, dBody);
+ protected void handle(ControlConnection connection, int rpcType, ByteBuf
pBody, ByteBuf dBody,
+ ResponseSender sender) throws RpcException {
+ connection.getCurrentHandler().handle(connection, rpcType, pBody,
dBody, sender);
}
@Override
protected void validateHandshake(BitControlHandshake handshake) throws
RpcException {
if (handshake.getRpcVersion() != ControlRpcConfig.RPC_VERSION) {
- throw new RpcException(String.format("Invalid rpc version. Expected
%d, actual %d.", handshake.getRpcVersion(), ControlRpcConfig.RPC_VERSION));
+ throw new RpcException(String.format("Invalid rpc version. Expected
%d, actual %d.",
+ handshake.getRpcVersion(), ControlRpcConfig.RPC_VERSION));
+ }
+
+ if (handshake.getAuthenticationMechanismsCount() != 0) { // remote
requires authentication
+ if (config.getAuthProvider() == null) {
+ throw new RpcException(String.format("Drillbit (%s) requires auth,
but auth is not configured.",
+ remoteEndpoint.getAddress()));
+ }
+ if
(!handshake.getAuthenticationMechanismsList().contains(config.getAuthMechanismToUse()))
{
+ throw new RpcException(String.format("Drillbit (%s) does not
support %s", remoteEndpoint.getAddress(),
+ config.getAuthMechanismToUse()));
+ }
+
+ final SaslClient saslClient;
+ try {
+ saslClient = config.getAuthProvider()
+ .getAuthenticatorFactory(config.getAuthMechanismToUse())
+ .createSaslClient(UserGroupInformation.getLoginUser(),
+ config.getSaslClientProperties(remoteEndpoint));
+ } catch (final SaslException e) {
+ throw new RpcException("Failed to create SaslClient.", e);
+ } catch (final IOException e) {
+ throw new RpcException("Unexpected failure trying to login.", e);
+ }
+ if (saslClient == null) {
--- End diff --
is it even possible? I'm assuming that createSaslClient would throw in case
of error...
> Kerberos Authentication
> -----------------------
>
> Key: DRILL-4280
> URL: https://issues.apache.org/jira/browse/DRILL-4280
> Project: Apache Drill
> Issue Type: Improvement
> Reporter: Keys Botzum
> Assignee: Sudheesh Katkam
> Labels: security
>
> Drill should support Kerberos based authentication from clients. This means
> that both the ODBC and JDBC drivers as well as the web/REST interfaces should
> support inbound Kerberos. For Web this would most likely be SPNEGO while for
> ODBC and JDBC this will be more generic Kerberos.
> Since Hive and much of Hadoop supports Kerberos there is a potential for a
> lot of reuse of ideas if not implementation.
> Note that this is related to but not the same as
> https://issues.apache.org/jira/browse/DRILL-3584
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
