drill-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sohami <...@git.apache.org>
Subject [GitHub] drill pull request #578: DRILL-4280: Kerberos Authentication
Date Fri, 06 Jan 2017 01:33:34 GMT
Github user sohami commented on a diff in the pull request:

    https://github.com/apache/drill/pull/578#discussion_r94867052
  
    --- Diff: exec/java-exec/src/test/java/org/apache/drill/exec/rpc/user/security/TestKerberosSaslAuthentication.java
---
    @@ -0,0 +1,239 @@
    +/**
    + * Licensed to the Apache Software Foundation (ASF) under one
    + * or more contributor license agreements.  See the NOTICE file
    + * distributed with this work for additional information
    + * regarding copyright ownership.  The ASF licenses this file
    + * to you under the Apache License, Version 2.0 (the
    + * "License"); you may not use this file except in compliance
    + * with the License.  You may obtain a copy of the License at
    + *
    + *    http://www.apache.org/licenses/LICENSE-2.0
    + *
    + * Unless required by applicable law or agreed to in writing, software
    + * distributed under the License is distributed on an "AS IS" BASIS,
    + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    + * See the License for the specific language governing permissions and
    + * limitations under the License.
    + */
    +package org.apache.drill.exec.rpc.user.security;
    +
    +import com.google.common.collect.Lists;
    +import com.typesafe.config.ConfigValueFactory;
    +import org.apache.drill.BaseTestQuery;
    +import org.apache.drill.common.config.ConnectionParameters;
    +import org.apache.drill.common.config.DrillConfig;
    +import org.apache.drill.exec.ExecConstants;
    +import org.apache.drill.exec.rpc.user.security.testing.UserAuthenticatorTestImpl;
    +import org.apache.drill.exec.security.impl.LoginManagerImpl;
    +import org.apache.hadoop.security.authentication.util.KerberosName;
    +import org.apache.hadoop.security.authentication.util.KerberosUtil;
    +import org.apache.kerby.kerberos.kerb.KrbException;
    +import org.apache.kerby.kerberos.kerb.client.JaasKrbUtil;
    +import org.apache.kerby.kerberos.kerb.server.SimpleKdcServer;
    +import org.junit.AfterClass;
    +import org.junit.BeforeClass;
    +import org.junit.Ignore;
    +import org.junit.Test;
    +import sun.security.krb5.Config;
    +
    +import javax.security.auth.Subject;
    +import java.io.File;
    +import java.io.IOException;
    +import java.lang.reflect.Field;
    +import java.net.ServerSocket;
    +import java.nio.file.Files;
    +import java.security.PrivilegedExceptionAction;
    +import java.util.Properties;
    +
    +@Ignore("Expects users to exist. Set SERVER_SHORT_NAME to current user name to run the
tests.")
    +public class TestKerberosSaslAuthentication extends BaseTestQuery {
    +  private static final org.slf4j.Logger logger =
    +      org.slf4j.LoggerFactory.getLogger(TestKerberosSaslAuthentication.class);
    +
    +  private static File workspace;
    +
    +  private static File kdcDir;
    +  private static SimpleKdcServer kdc;
    +  private static int kdcPort;
    +
    +  private static final String HOSTNAME = "localhost";
    +  private static final String REALM = "EXAMPLE.COM";
    +
    +  private static final String CLIENT_SHORT_NAME = "client";
    +  private static final String CLIENT_PRINCIPAL = CLIENT_SHORT_NAME + "@" + REALM;
    +  private static final String SERVER_SHORT_NAME = "server";
    +  private static final String SERVER_PRINCIPAL = SERVER_SHORT_NAME + "/" + HOSTNAME +
"@" + REALM;
    +
    +  private static File keytabDir;
    +  private static File clientKeytab;
    +  private static File serverKeytab;
    +
    +  private static boolean kdcStarted;
    +
    +  @BeforeClass
    +  public static void setupKdc() throws Exception {
    +    kdc = new SimpleKdcServer();
    +    workspace = new File(getTempDir("kerberos_target"));
    +
    +    kdcDir = new File(workspace, TestKerberosSaslAuthentication.class.getSimpleName());
    +    kdcDir.mkdirs();
    +    kdc.setWorkDir(kdcDir);
    +
    +    kdc.setKdcHost(HOSTNAME);
    +    kdcPort = getFreePort();
    +    kdc.setAllowTcp(true);
    +    kdc.setAllowUdp(false);
    +    kdc.setKdcTcpPort(kdcPort);
    +
    +    logger.debug("Starting KDC server at {}:{}", HOSTNAME, kdcPort);
    +
    +    kdc.init();
    +    kdc.start();
    +    kdcStarted = true;
    +
    +
    +    keytabDir = new File(workspace, TestKerberosSaslAuthentication.class.getSimpleName()
    +        + "_keytabs");
    +    keytabDir.mkdirs();
    +    setupUsers(keytabDir);
    +
    +    // Kerby sets "java.security.krb5.conf" for us!
    +    System.clearProperty("java.security.auth.login.config");
    +    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
    +    // Uncomment the following lines for debugging.
    +    // System.setProperty("sun.security.spnego.debug", "true");
    +    // System.setProperty("sun.security.krb5.debug", "true");
    +
    +    // Create a new DrillConfig which has user authentication enabled and authenticator
set to
    +    // UserAuthenticatorTestImpl.
    +    final DrillConfig newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties())
    +        .withValue(ExecConstants.USER_AUTHENTICATION_ENABLED,
    +            ConfigValueFactory.fromAnyRef(true))
    +        .withValue(ExecConstants.USER_AUTHENTICATOR_IMPL,
    +            ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE))
    +        .withValue(LoginManagerImpl.SERVICE_PRINCIPAL,
    +            ConfigValueFactory.fromAnyRef(SERVER_PRINCIPAL))
    +        .withValue(LoginManagerImpl.SERVICE_KEYTAB_LOCATION,
    +            ConfigValueFactory.fromAnyRef(serverKeytab.toString()))
    +        .withValue(ExecConstants.AUTHENTICATION_MECHANISMS,
    +            ConfigValueFactory.fromIterable(Lists.newArrayList("plain", "kerberos"))),
    +        false);
    +
    +    final Properties connectionProps = new Properties();
    +    connectionProps.setProperty(ConnectionParameters.USER, "anonymous");
    +    connectionProps.setProperty(ConnectionParameters.PASSWORD, "anything works!");
    +
    +    // ADD A NOTE EXPLAINING THIS MAGIC
    --- End diff --
    
    Forget the add note ?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message