Hello Todd Lipcon, Alexey Serbin,
I'd like you to do a code review. Please visit
http://gerrit.cloudera.org:8080/5484
to review the following change.
Change subject: WIP: rpc: Initiate TLS connection upgrade following SASL
negotiation
......................................................................
WIP: rpc: Initiate TLS connection upgrade following SASL negotiation
This commit changes the RPC system to automatically upgrade a plaintext
connection to use TLS following the SASL negotiation step, if both sides
support TLS. Support for TLS is determined using a new 'TLS' RPC feature
flag. This flag is set by both the server and client if each has been
configured with TLS (currently that means having the
rpc_ssl_server_certificate, rpc_ssl_private_key, and
rpc_ssl_certificate_authority flags set, but will likely change in the
future, especially on the client-side).
Using a feature flag for determining TLS support is (in my opinion) a
good fit, but unfortunately the implementation is a little bit messy
because these flags are communicated during SASL negotiation, so it is
necessary to add some TLS-specific code to the SASL negotiation handling
classes.
Further work remaining to be done before TLS encrypted connections can
be considered secure:
* The server needs a flag which forces connections to use TLS. Without
such a configuration Kudu is vulnerable to downgrade attacks.
* Channel binding between the TLS channel and the SASL channel needs to
be established. Currently we aren't using any kind of auth-conf or
auth-int SASL channel, so that will necessarily need to come first.
WIP: I think the code is fine here, but I want to solicit feedback on
the general direction of establishing TLS following SASL negotiation,
and the RPC feature flag mechanism. Also, I'm considering adding a
commit to go before this one the renames SSL classes to use TLS instead,
since we are not supporting SSL.
Change-Id: If44a71186eb2cdeebaf46cc372596f3ee6b47ac0
---
M src/kudu/rpc/connection.cc
M src/kudu/rpc/connection.h
M src/kudu/rpc/negotiation.cc
M src/kudu/rpc/reactor.cc
M src/kudu/rpc/rpc_header.proto
M src/kudu/rpc/sasl_client.cc
M src/kudu/rpc/sasl_client.h
M src/kudu/rpc/sasl_helper.h
M src/kudu/rpc/sasl_server.cc
M src/kudu/rpc/sasl_server.h
10 files changed, 66 insertions(+), 25 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/84/5484/1
--
To view, visit http://gerrit.cloudera.org:8080/5484
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: If44a71186eb2cdeebaf46cc372596f3ee6b47ac0
Gerrit-PatchSet: 1
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <[email protected]>
Gerrit-Reviewer: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Todd Lipcon <[email protected]>
