[kudu-CR] [security] Negotiate authentication type during RPC setup

Thu, 16 Feb 2017 13:14:36 -0800 

Hello Kudu Jenkins,

I'd like you to reexamine a change.  Please visit

    http://gerrit.cloudera.org:8080/5988

to look at the new patch set (#6).

Change subject: [security] Negotiate authentication type during RPC setup
......................................................................

[security] Negotiate authentication type during RPC setup

This commit introduces the concept of an authentication type to the RPC
negotiation sequence. The current valid authentication types are SASL,
CERTIFICATE, and TOKEN. Early in the negotiation sequence the client and
server decide on an authentication type to use for the connection based
on the mutually supported capabilities. If either side does not support
the new authentication negotiation, the connection automatically falls
back to SASL authentication in order to maintain backwards
compatibility.

This commit also adds TSKs to the master<->tserver heartbeat protocol,
so that tokens may be verified on the server. The client's authn token
has been moved to the messenger to make it more accessible to
negotiation.

negotiation-test has been updated with a general test runner for
different negotiation configurations.  There are so many possible
negotiation configurations that an exhaustive set of tests is not
attempted, but it should be straightforward to add additional tests in
the future.

Change-Id: I8ed9a1a474990dbfe9b71173adffdec95ec02b6c
---
M src/kudu/client/client-internal.cc
M src/kudu/client/client-internal.h
M src/kudu/client/client-test.cc
M src/kudu/master/master.proto
M src/kudu/rpc/CMakeLists.txt
M src/kudu/rpc/client_negotiation.cc
M src/kudu/rpc/client_negotiation.h
M src/kudu/rpc/messenger.cc
M src/kudu/rpc/messenger.h
M src/kudu/rpc/negotiation-test.cc
M src/kudu/rpc/negotiation.cc
M src/kudu/rpc/negotiation.h
M src/kudu/rpc/rpc_header.proto
M src/kudu/rpc/server_negotiation.cc
M src/kudu/rpc/server_negotiation.h
M src/kudu/security/security-test-util.cc
M src/kudu/security/security-test-util.h
M src/kudu/security/tls_context.h
M src/kudu/security/tls_handshake-test.cc
M src/kudu/security/token-test.cc
M src/kudu/security/token_signer.h
M src/kudu/security/token_verifier.cc
M src/kudu/security/token_verifier.h
M src/kudu/server/server_base.h
M src/kudu/tserver/heartbeater.cc
25 files changed, 1,254 insertions(+), 441 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/88/5988/6
-- 
To view, visit http://gerrit.cloudera.org:8080/5988
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I8ed9a1a474990dbfe9b71173adffdec95ec02b6c
Gerrit-PatchSet: 6
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <danburk...@apache.org>
Gerrit-Reviewer: Adar Dembo <a...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <danburk...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Tidy Bot
Gerrit-Reviewer: Todd Lipcon <t...@apache.org>

Reply via email to