[
https://issues.apache.org/jira/browse/DRILL-4335?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15970782#comment-15970782
]
ASF GitHub Bot commented on DRILL-4335:
---------------------------------------
Github user sohami commented on a diff in the pull request:
https://github.com/apache/drill/pull/773#discussion_r111646237
--- Diff:
exec/java-exec/src/main/java/org/apache/drill/exec/rpc/BitConnectionConfig.java
---
@@ -46,16 +47,40 @@ protected BitConnectionConfig(BufferAllocator
allocator, BootStrapContext contex
super(allocator, context);
final DrillConfig config = context.getConfig();
+ final AuthenticatorProvider authProvider = getAuthProvider();
+
if (config.getBoolean(ExecConstants.BIT_AUTHENTICATION_ENABLED)) {
this.authMechanismToUse =
config.getString(ExecConstants.BIT_AUTHENTICATION_MECHANISM);
try {
- getAuthProvider().getAuthenticatorFactory(authMechanismToUse);
+ authProvider.getAuthenticatorFactory(authMechanismToUse);
} catch (final SaslException e) {
throw new DrillbitStartupException(String.format(
"'%s' mechanism not found for bit-to-bit authentication.
Please check authentication configuration.",
authMechanismToUse));
}
- logger.info("Configured bit-to-bit connections to require
authentication using: {}", authMechanismToUse);
+
+ // Update encryption related configurations
+
encryptionContext.setEncryption(config.getBoolean(ExecConstants.BIT_SASL_ENCRYPTION_ENABLED));
+
+ int maxEncodeSize =
config.getInt(ExecConstants.BIT_SASL_ENCRYPTION_ENCODESIZE);
+
+ if(maxEncodeSize > RpcConstants.MAX_WRAP_SIZE) {
+ logger.warn("Setting bit.sasl.encryption.encodesize to maximum
allowed value of 16MB");
+ maxEncodeSize = RpcConstants.MAX_WRAP_SIZE;
+ }
+ encryptionContext.setWrappedChunkSize(maxEncodeSize);
--- End diff --
Sorry about the confusion. I have renamed the variables, hope that helps.
maxEncodeSize -- maxWrappedSize. This configurable parameter defines the
maximum size of wrapped buffer that wrap call can produce. It's negotiated as
part of SASL handshake and has maximum limit of 16MB
rawSendSize -- wrapSizeLimit. This parameter (non-configurable) is the
maximum plain buffer size which we can pass to wrap function so that wrapped
buffer size doesn't exceed maxWrappedSize. This is obtained after SASL
negotiation is completed.
> Apache Drill should support network encryption
> ----------------------------------------------
>
> Key: DRILL-4335
> URL: https://issues.apache.org/jira/browse/DRILL-4335
> Project: Apache Drill
> Issue Type: New Feature
> Reporter: Keys Botzum
> Assignee: Sorabh Hamirwasia
> Labels: security
> Attachments: ApacheDrillEncryptionUsingSASLDesign.pdf
>
>
> This is clearly related to Drill-291 but wanted to make explicit that this
> needs to include network level encryption and not just authentication. This
> is particularly important for the client connection to Drill which will often
> be sending passwords in the clear until there is encryption.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
