[
https://issues.apache.org/jira/browse/DRILL-4335?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15957902#comment-15957902
]
ASF GitHub Bot commented on DRILL-4335:
---------------------------------------
Github user sudheeshkatkam commented on a diff in the pull request:
https://github.com/apache/drill/pull/773#discussion_r109742969
--- Diff:
exec/java-exec/src/main/java/org/apache/drill/exec/rpc/BitConnectionConfig.java
---
@@ -46,16 +47,40 @@ protected BitConnectionConfig(BufferAllocator
allocator, BootStrapContext contex
super(allocator, context);
final DrillConfig config = context.getConfig();
+ final AuthenticatorProvider authProvider = getAuthProvider();
+
if (config.getBoolean(ExecConstants.BIT_AUTHENTICATION_ENABLED)) {
this.authMechanismToUse =
config.getString(ExecConstants.BIT_AUTHENTICATION_MECHANISM);
try {
- getAuthProvider().getAuthenticatorFactory(authMechanismToUse);
+ authProvider.getAuthenticatorFactory(authMechanismToUse);
} catch (final SaslException e) {
throw new DrillbitStartupException(String.format(
"'%s' mechanism not found for bit-to-bit authentication.
Please check authentication configuration.",
authMechanismToUse));
}
- logger.info("Configured bit-to-bit connections to require
authentication using: {}", authMechanismToUse);
+
+ // Update encryption related configurations
+
encryptionContext.setEncryption(config.getBoolean(ExecConstants.BIT_SASL_ENCRYPTION_ENABLED));
+
+ int maxEncodeSize =
config.getInt(ExecConstants.BIT_SASL_ENCRYPTION_ENCODESIZE);
+
+ if(maxEncodeSize > RpcConstants.MAX_WRAP_SIZE) {
+ logger.warn("Setting bit.sasl.encryption.encodesize to maximum
allowed value of 16MB");
+ maxEncodeSize = RpcConstants.MAX_WRAP_SIZE;
+ }
+ encryptionContext.setWrappedChunkSize(maxEncodeSize);
--- End diff --
I have difficulty in understanding what these sizes mean. I could at least
classify them as related, but how are they related? Better names maybe?
+ "maxEncodeSize", "ENCODESIZE", "WrappedChunkSize", "MAX_WRAP_SIZE"
+ "RawSendSize", "RawWrapSendSize", "MaxRawWrapSendSize",
"WRAP_RAW_SEND_SIZE"
Sometimes "max" is not necessarily a maximum e.g. `maxEncodeSize`, and
`setRawWrapSendSize` sets MaxRawWrapSendSize.
I noticed only "ENCODESIZE" is configurable through drill-override.conf.
Are the others not configurable, at connection time, for example?
> Apache Drill should support network encryption
> ----------------------------------------------
>
> Key: DRILL-4335
> URL: https://issues.apache.org/jira/browse/DRILL-4335
> Project: Apache Drill
> Issue Type: New Feature
> Reporter: Keys Botzum
> Assignee: Sorabh Hamirwasia
> Labels: security
> Attachments: ApacheDrillEncryptionUsingSASLDesign.pdf
>
>
> This is clearly related to Drill-291 but wanted to make explicit that this
> needs to include network level encryption and not just authentication. This
> is particularly important for the client connection to Drill which will often
> be sending passwords in the clear until there is encryption.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
