ZooKeeper
  1. ZooKeeper
  2. ZOOKEEPER-1112

Add support for C client for SASL authentication

    Details

    • Type: New Feature New Feature
    • Status: In Progress
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      Hopefully this would leverage the SASL server-side support provided by ZOOKEEPER-938. It would be similar to the Java SASL client support also provided in ZOOKEEPER-938.

      Java has built-in SASL support, but I'm not sure what C libraries are available for SASL and if so, are they compatible with the Apache license.

      1. zookeeper-c-client-sasl.patch
        28 kB
        Tom Klonikowski
      2. ZOOKEEPER-1112.patch
        42 kB
        Tom Klonikowski
      3. ZOOKEEPER-1112_3.patch
        25 kB
        Tom Klonikowski
      4. ZOOKEEPER-1112_2.patch
        21 kB
        Tom Klonikowski
      5. ZOOKEEPER-1112_2.patch
        21 kB
        Tom Klonikowski
      6. ZOOKEEPER-1112_1.patch
        13 kB
        Tom Klonikowski
      7. ZOOKEEPER-1112_1.patch
        14 kB
        Tom Klonikowski

        Issue Links

          Activity

          Hide
          Eric Yang added a comment -

          Apache Web Server has a module for authenticate sasl using Cyrus SASL library. I think the license should be compatible with written agreement from CMU.

          Show
          Eric Yang added a comment - Apache Web Server has a module for authenticate sasl using Cyrus SASL library. I think the license should be compatible with written agreement from CMU.
          Hide
          Tom Klonikowski added a comment -

          I added SASL authentication to the c client lib that works with libkrb5 on Ubuntu Maverick (requires libkrb5-dev to compile).
          This my first c project, so its obviously far from perfect or complete.

          • lacks multi-platform support
          • only tested with MIT Kerberos
          • servicename hardcoded to "zookeeper" in cli.c
          • what about licensing implications?

          It works for me, so if you'd like to give it a try see https://github.com/kloni/zookeeper/commit/e2409bc441962a35fad1e277f95ded436431045b

          Show
          Tom Klonikowski added a comment - I added SASL authentication to the c client lib that works with libkrb5 on Ubuntu Maverick (requires libkrb5-dev to compile). This my first c project, so its obviously far from perfect or complete. lacks multi-platform support only tested with MIT Kerberos servicename hardcoded to "zookeeper" in cli.c what about licensing implications? It works for me, so if you'd like to give it a try see https://github.com/kloni/zookeeper/commit/e2409bc441962a35fad1e277f95ded436431045b
          Hide
          Eugene Koontz added a comment -

          Hi Tom,

          Thanks for announcing this! Your tag compiles for me and test-cppunit succeeds. I wonder if your next step might be to write a unit test or two to show this functionality, like SaslAuthTest and SaslAuthFailTest:

          https://github.com/apache/zookeeper/blob/trunk/src/java/test/org/apache/zookeeper/test/SaslAuthTest.java
          https://github.com/apache/zookeeper/blob/trunk/src/java/test/org/apache/zookeeper/test/SaslAuthFailTest.java

          but in C instead of Java ?

          Hopefully, as with the Java tests, you could use DIGEST-MD5 rather than GSSAPI for the mechanism to avoid the need for a Kerberos setup.

          -Eugene

          Show
          Eugene Koontz added a comment - Hi Tom, Thanks for announcing this! Your tag compiles for me and test-cppunit succeeds. I wonder if your next step might be to write a unit test or two to show this functionality, like SaslAuthTest and SaslAuthFailTest: https://github.com/apache/zookeeper/blob/trunk/src/java/test/org/apache/zookeeper/test/SaslAuthTest.java https://github.com/apache/zookeeper/blob/trunk/src/java/test/org/apache/zookeeper/test/SaslAuthFailTest.java but in C instead of Java ? Hopefully, as with the Java tests, you could use DIGEST-MD5 rather than GSSAPI for the mechanism to avoid the need for a Kerberos setup. -Eugene
          Hide
          Tom Klonikowski added a comment -

          I changed the code to actually use SASL instead of GSSAPI. It now supports DIGEST-MD5 und GSSAPI (and virtually any mech SASL supports). cli_mt works with GSSAPI, cli_st with DIGEST-MD5 and GSSAPI

          Example: cli_st -u super -h zk-sasl-md5 -m DIGEST-MD5 ubook:2181

          • requires libsasl2 and modules
          • introduces -I/usr/include - breaks portability
          • no tests yet
          • client options have changed - see usage

          Next will be adding tests and providing a patch. It'd be great if someone reviews this and takes care of the portability (compiler flag --with-sasl?).

          Show
          Tom Klonikowski added a comment - I changed the code to actually use SASL instead of GSSAPI. It now supports DIGEST-MD5 und GSSAPI (and virtually any mech SASL supports). cli_mt works with GSSAPI, cli_st with DIGEST-MD5 and GSSAPI Example: cli_st -u super -h zk-sasl-md5 -m DIGEST-MD5 ubook:2181 requires libsasl2 and modules introduces -I/usr/include - breaks portability no tests yet client options have changed - see usage Next will be adding tests and providing a patch. It'd be great if someone reviews this and takes care of the portability (compiler flag --with-sasl?).
          Hide
          Tom Klonikowski added a comment -

          Patch for trunk (unnecessary include flag removed)

          • zookeeper
            • zoo_(a)sasl(*zh, *conn, *data, len, cptr)
          • zk_sasl
            • zoo_sasl_init(*callbacks)
            • zoo_sasl_connect(*zh, *servicename, *host, **conn, **supportedmechs, *mechcount)
            • zoo_(a)sasl_authenticate(*zh, *conn, *mech, *supportedmechs)

          Can somebody help to create test cases for this (i.e. setting up a digest-md5 enabled zookeeper instance)?

          Show
          Tom Klonikowski added a comment - Patch for trunk (unnecessary include flag removed) zookeeper zoo_(a)sasl(*zh, *conn, *data, len, cptr) zk_sasl zoo_sasl_init(*callbacks) zoo_sasl_connect(*zh, *servicename, *host, **conn, **supportedmechs, *mechcount) zoo_(a)sasl_authenticate(*zh, *conn, *mech, *supportedmechs) Can somebody help to create test cases for this (i.e. setting up a digest-md5 enabled zookeeper instance)?
          Hide
          Tom Klonikowski added a comment -

          Nearly there
          This latest patch includes

          • detection of libsasl2
          • configure option --with-sasl (default: on)
          • compiler flag SASL
          • a simple test for DIGEST-MD5 authentication
          Show
          Tom Klonikowski added a comment - Nearly there This latest patch includes detection of libsasl2 configure option --with-sasl (default: on) compiler flag SASL a simple test for DIGEST-MD5 authentication
          Hide
          Eugene Koontz added a comment -

          Hi Tom,
          It's great to see this going on! I would like to help with the tests. May I suggest you make a reviewboard entry for your patch? If you haven't used reviewboard before, you need to create a login and choose "zookeeper-git" for the repository.
          -Eugene

          Show
          Eugene Koontz added a comment - Hi Tom, It's great to see this going on! I would like to help with the tests. May I suggest you make a reviewboard entry for your patch? If you haven't used reviewboard before, you need to create a login and choose "zookeeper-git" for the repository. -Eugene
          Hide
          jiraposter@reviews.apache.org added a comment -

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/2252/
          -----------------------------------------------------------

          (Updated 2011-10-06 19:10:21.800060)

          Review request for zookeeper, Eugene Koontz and Tom Klonikowski.

          Summary
          -------

          It now supports DIGEST-MD5 and GSSAPI (and virtually any mech SASL supports). cli_mt works with GSSAPI, cli_st with DIGEST-MD5 and GSSAPI

          Example: cli_st -u super -h zk-sasl-md5 -m DIGEST-MD5 localhost:2181
          cli_mt -M GSSAPI localhost:2181

          • requires libsasl2 and plugins
          • zookeeper
            o zoo_(a)sasl(*zh, *conn, *data, len, cptr)
          • zk_sasl
            o zoo_sasl_init(*callbacks)
            o zoo_sasl_connect(*zh, *servicename, *host, **conn, **supportedmechs, *mechcount)
            o zoo_(a)sasl_authenticate(*zh, *conn, *mech, *supportedmechs)

          This latest patch includes

          • detection of libsasl2
          • configure option --with-sasl (default: on)
          • compiler flag SASL
          • a simple test for DIGEST-MD5 authentication

          This addresses bug ZOOKEEPER-1112.
          https://issues.apache.org/jira/browse/ZOOKEEPER-1112

          Diffs


          src/c/src/zk_adaptor.h 6aed38f
          src/c/src/zk_sasl.h PRE-CREATION
          src/c/src/zk_sasl.c PRE-CREATION
          src/c/src/cli.c c9fe4dd
          src/c/Makefile.am dbf4080
          src/c/configure.ac 4e1a8d5
          src/c/include/proto.h bce408e
          src/c/include/zookeeper.h 7d1066a
          src/c/src/zookeeper.c 64d7a4d
          src/c/tests/TestClient.cc 2d45cec
          src/c/tests/jaas.digest.server.conf PRE-CREATION
          src/c/tests/zkServer.sh 0af80f8
          src/java/main/org/apache/zookeeper/server/ZooKeeperSaslServer.java 0ca18dc

          Diff: https://reviews.apache.org/r/2252/diff

          Testing
          -------

          Thanks,

          Tom

          Show
          jiraposter@reviews.apache.org added a comment - ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2252/ ----------------------------------------------------------- (Updated 2011-10-06 19:10:21.800060) Review request for zookeeper, Eugene Koontz and Tom Klonikowski. Summary ------- It now supports DIGEST-MD5 and GSSAPI (and virtually any mech SASL supports). cli_mt works with GSSAPI, cli_st with DIGEST-MD5 and GSSAPI Example: cli_st -u super -h zk-sasl-md5 -m DIGEST-MD5 localhost:2181 cli_mt -M GSSAPI localhost:2181 requires libsasl2 and plugins zookeeper o zoo_(a)sasl(*zh, *conn, *data, len, cptr) zk_sasl o zoo_sasl_init(*callbacks) o zoo_sasl_connect(*zh, *servicename, *host, **conn, **supportedmechs, *mechcount) o zoo_(a)sasl_authenticate(*zh, *conn, *mech, *supportedmechs) This latest patch includes detection of libsasl2 configure option --with-sasl (default: on) compiler flag SASL a simple test for DIGEST-MD5 authentication This addresses bug ZOOKEEPER-1112 . https://issues.apache.org/jira/browse/ZOOKEEPER-1112 Diffs src/c/src/zk_adaptor.h 6aed38f src/c/src/zk_sasl.h PRE-CREATION src/c/src/zk_sasl.c PRE-CREATION src/c/src/cli.c c9fe4dd src/c/Makefile.am dbf4080 src/c/configure.ac 4e1a8d5 src/c/include/proto.h bce408e src/c/include/zookeeper.h 7d1066a src/c/src/zookeeper.c 64d7a4d src/c/tests/TestClient.cc 2d45cec src/c/tests/jaas.digest.server.conf PRE-CREATION src/c/tests/zkServer.sh 0af80f8 src/java/main/org/apache/zookeeper/server/ZooKeeperSaslServer.java 0ca18dc Diff: https://reviews.apache.org/r/2252/diff Testing ------- Thanks, Tom
          Hide
          jiraposter@reviews.apache.org added a comment -

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/2252/
          -----------------------------------------------------------

          (Updated 2011-10-06 19:09:56.213145)

          Review request for zookeeper and Eugene Koontz.

          Summary
          -------

          It now supports DIGEST-MD5 and GSSAPI (and virtually any mech SASL supports). cli_mt works with GSSAPI, cli_st with DIGEST-MD5 and GSSAPI

          Example: cli_st -u super -h zk-sasl-md5 -m DIGEST-MD5 localhost:2181
          cli_mt -M GSSAPI localhost:2181

          • requires libsasl2 and plugins
          • zookeeper
            o zoo_(a)sasl(*zh, *conn, *data, len, cptr)
          • zk_sasl
            o zoo_sasl_init(*callbacks)
            o zoo_sasl_connect(*zh, *servicename, *host, **conn, **supportedmechs, *mechcount)
            o zoo_(a)sasl_authenticate(*zh, *conn, *mech, *supportedmechs)

          This latest patch includes

          • detection of libsasl2
          • configure option --with-sasl (default: on)
          • compiler flag SASL
          • a simple test for DIGEST-MD5 authentication

          This addresses bug ZOOKEEPER-1112.
          https://issues.apache.org/jira/browse/ZOOKEEPER-1112

          Diffs


          src/c/src/zk_adaptor.h 6aed38f
          src/c/src/zk_sasl.h PRE-CREATION
          src/c/src/zk_sasl.c PRE-CREATION
          src/c/src/cli.c c9fe4dd
          src/c/Makefile.am dbf4080
          src/c/configure.ac 4e1a8d5
          src/c/include/proto.h bce408e
          src/c/include/zookeeper.h 7d1066a
          src/c/src/zookeeper.c 64d7a4d
          src/c/tests/TestClient.cc 2d45cec
          src/c/tests/jaas.digest.server.conf PRE-CREATION
          src/c/tests/zkServer.sh 0af80f8
          src/java/main/org/apache/zookeeper/server/ZooKeeperSaslServer.java 0ca18dc

          Diff: https://reviews.apache.org/r/2252/diff

          Testing
          -------

          Thanks,

          Tom

          Show
          jiraposter@reviews.apache.org added a comment - ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2252/ ----------------------------------------------------------- (Updated 2011-10-06 19:09:56.213145) Review request for zookeeper and Eugene Koontz. Summary ------- It now supports DIGEST-MD5 and GSSAPI (and virtually any mech SASL supports). cli_mt works with GSSAPI, cli_st with DIGEST-MD5 and GSSAPI Example: cli_st -u super -h zk-sasl-md5 -m DIGEST-MD5 localhost:2181 cli_mt -M GSSAPI localhost:2181 requires libsasl2 and plugins zookeeper o zoo_(a)sasl(*zh, *conn, *data, len, cptr) zk_sasl o zoo_sasl_init(*callbacks) o zoo_sasl_connect(*zh, *servicename, *host, **conn, **supportedmechs, *mechcount) o zoo_(a)sasl_authenticate(*zh, *conn, *mech, *supportedmechs) This latest patch includes detection of libsasl2 configure option --with-sasl (default: on) compiler flag SASL a simple test for DIGEST-MD5 authentication This addresses bug ZOOKEEPER-1112 . https://issues.apache.org/jira/browse/ZOOKEEPER-1112 Diffs src/c/src/zk_adaptor.h 6aed38f src/c/src/zk_sasl.h PRE-CREATION src/c/src/zk_sasl.c PRE-CREATION src/c/src/cli.c c9fe4dd src/c/Makefile.am dbf4080 src/c/configure.ac 4e1a8d5 src/c/include/proto.h bce408e src/c/include/zookeeper.h 7d1066a src/c/src/zookeeper.c 64d7a4d src/c/tests/TestClient.cc 2d45cec src/c/tests/jaas.digest.server.conf PRE-CREATION src/c/tests/zkServer.sh 0af80f8 src/java/main/org/apache/zookeeper/server/ZooKeeperSaslServer.java 0ca18dc Diff: https://reviews.apache.org/r/2252/diff Testing ------- Thanks, Tom
          Hide
          Tom Klonikowski added a comment -

          Hi Eugene,
          looking at the review i feel like it might be a good idea to split this patch into smaller parts to make it easier to review.

          • zooapi extension (proto.h, zk_adaptor.h, zookeeper.c, zookeeper.h)
          • build (Makefile.am, configure.ac)
          • sasl addon (zk_sasl.c, zk_sasl.h)
          • test (TestClient.cc, zkServer.sh, jaas.digest.server.conf)
          • server (ZooKeeperSaslServer.java)
          • cli (cli.c)

          Contents of this patch:

          • ZOOAPI extension for sending sasl requests and receiving responses (zoo_sasl)
          • SASL addon that plugs into this functions (zk_sasl)
          • build with libsasl2 if availabe and requested
          • sasl authentication hacked into cli
          Show
          Tom Klonikowski added a comment - Hi Eugene, looking at the review i feel like it might be a good idea to split this patch into smaller parts to make it easier to review. zooapi extension (proto.h, zk_adaptor.h, zookeeper.c, zookeeper.h) build (Makefile.am, configure.ac) sasl addon (zk_sasl.c, zk_sasl.h) test (TestClient.cc, zkServer.sh, jaas.digest.server.conf) server (ZooKeeperSaslServer.java) cli (cli.c) Contents of this patch: ZOOAPI extension for sending sasl requests and receiving responses (zoo_sasl) SASL addon that plugs into this functions (zk_sasl) build with libsasl2 if availabe and requested sasl authentication hacked into cli
          Hide
          Mahadev konar added a comment -

          Very glad to see this! Will take a look at the patch sometime this week!

          Show
          Mahadev konar added a comment - Very glad to see this! Will take a look at the patch sometime this week!
          Hide
          Tom Klonikowski added a comment -

          Further improvements and splitted patch into (consecutive) work items

          Patch 1:

          • implements sasl operations
          • extended tests/zkServer.sh to start a digest-md5 enabled server
          • simple test that checks the initial digest-md5 response

          No external requirements yet, but you can already let your own sasl implementation/library communicate with a (sasl-enabled) zookeeper via zoo_(a)sasl function.

          Or you can additionally use
          Patch 2:

          • provides a simple api for sasl authentication (zoo_sasl_init, zoo_sasl_connect, zoo_sasl_authenticate)
          • requires libsasl2 (and plugins)
          • autoconf/make configuration
          • test for digest-md5 authentication
          • extended configuration for digest-md5 sasl server required by sasl2

          Patch 3:

          • includes a sasl-enabled cli as additional make artifacts

          When using the test configuration as in src/c/tests/jaas.digest.server.conf you can login via:
          cli_sasl_st -u super -h zk-sasl-md5 -m DIGEST-MD5 hostlist
          and password 'test'.
          If you set up Kerberos 5 on the server side and have a valid ticket its just:
          cli_sasl_st -m GSSAPI hostlist

          This patches deprecate the earlier single patch.

          Show
          Tom Klonikowski added a comment - Further improvements and splitted patch into (consecutive) work items Patch 1: implements sasl operations extended tests/zkServer.sh to start a digest-md5 enabled server simple test that checks the initial digest-md5 response No external requirements yet, but you can already let your own sasl implementation/library communicate with a (sasl-enabled) zookeeper via zoo_(a)sasl function. Or you can additionally use Patch 2: provides a simple api for sasl authentication (zoo_sasl_init, zoo_sasl_connect, zoo_sasl_authenticate) requires libsasl2 (and plugins) autoconf/make configuration test for digest-md5 authentication extended configuration for digest-md5 sasl server required by sasl2 Patch 3: includes a sasl-enabled cli as additional make artifacts When using the test configuration as in src/c/tests/jaas.digest.server.conf you can login via: cli_sasl_st -u super -h zk-sasl-md5 -m DIGEST-MD5 hostlist and password 'test'. If you set up Kerberos 5 on the server side and have a valid ticket its just: cli_sasl_st -m GSSAPI hostlist This patches deprecate the earlier single patch.
          Hide
          jiraposter@reviews.apache.org added a comment -

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/2252/
          -----------------------------------------------------------

          (Updated 2011-10-07 18:58:28.724545)

          Review request for zookeeper, Eugene Koontz, Mahadev Konar, and Tom Klonikowski.

          Changes
          -------

          Replaced with the recent patch (#1 of 3)

          Summary (updated)
          -------

          This first patch implements the zookeeper sasl operations, extends the zkServer.sh test script with the ability to start a sasl enabled server and adds a test that checks the initial DIGEST-MD5 response.

          It introduces no external requirements but provides zoo_sasl/zoo_asasl functions that allow applications (or the addon from patch #2) to communicate with the sasl server backend.

          Patch #2 will add a simple api for sasl authentication, patch #3 includes a sasl enabled command line client.

          This addresses bug ZOOKEEPER-1112.
          https://issues.apache.org/jira/browse/ZOOKEEPER-1112

          Diffs (updated)


          src/c/include/proto.h bce408e
          src/c/include/zookeeper.h 7d1066a
          src/c/src/zk_adaptor.h 6aed38f
          src/c/src/zookeeper.c 64d7a4d
          src/c/tests/TestClient.cc 2d45cec
          src/c/tests/jaas.digest.server.conf e69de29
          src/c/tests/zkServer.sh 0af80f8

          Diff: https://reviews.apache.org/r/2252/diff

          Testing
          -------

          Thanks,

          Tom

          Show
          jiraposter@reviews.apache.org added a comment - ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2252/ ----------------------------------------------------------- (Updated 2011-10-07 18:58:28.724545) Review request for zookeeper, Eugene Koontz, Mahadev Konar, and Tom Klonikowski. Changes ------- Replaced with the recent patch (#1 of 3) Summary (updated) ------- This first patch implements the zookeeper sasl operations, extends the zkServer.sh test script with the ability to start a sasl enabled server and adds a test that checks the initial DIGEST-MD5 response. It introduces no external requirements but provides zoo_sasl/zoo_asasl functions that allow applications (or the addon from patch #2) to communicate with the sasl server backend. Patch #2 will add a simple api for sasl authentication, patch #3 includes a sasl enabled command line client. This addresses bug ZOOKEEPER-1112 . https://issues.apache.org/jira/browse/ZOOKEEPER-1112 Diffs (updated) src/c/include/proto.h bce408e src/c/include/zookeeper.h 7d1066a src/c/src/zk_adaptor.h 6aed38f src/c/src/zookeeper.c 64d7a4d src/c/tests/TestClient.cc 2d45cec src/c/tests/jaas.digest.server.conf e69de29 src/c/tests/zkServer.sh 0af80f8 Diff: https://reviews.apache.org/r/2252/diff Testing ------- Thanks, Tom
          Hide
          jiraposter@reviews.apache.org added a comment -

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/2252/#review2438
          -----------------------------------------------------------

          src/c/include/zookeeper.h
          <https://reviews.apache.org/r/2252/#comment5542>

          I'm gonna replace the callback with two out parameters here.

          • Tom

          On 2011-10-07 18:58:28, Tom Klonikowski wrote:

          -----------------------------------------------------------

          This is an automatically generated e-mail. To reply, visit:

          https://reviews.apache.org/r/2252/

          -----------------------------------------------------------

          (Updated 2011-10-07 18:58:28)

          Review request for zookeeper, Eugene Koontz, Mahadev Konar, and Tom Klonikowski.

          Summary

          -------

          This first patch implements the zookeeper sasl operations, extends the zkServer.sh test script with the ability to start a sasl enabled server and adds a test that checks the initial DIGEST-MD5 response.

          It introduces no external requirements but provides zoo_sasl/zoo_asasl functions that allow applications (or the addon from patch #2) to communicate with the sasl server backend.

          Patch #2 will add a simple api for sasl authentication, patch #3 includes a sasl enabled command line client.

          This addresses bug ZOOKEEPER-1112.

          https://issues.apache.org/jira/browse/ZOOKEEPER-1112

          Diffs

          -----

          src/c/include/proto.h bce408e

          src/c/include/zookeeper.h 7d1066a

          src/c/src/zk_adaptor.h 6aed38f

          src/c/src/zookeeper.c 64d7a4d

          src/c/tests/TestClient.cc 2d45cec

          src/c/tests/jaas.digest.server.conf e69de29

          src/c/tests/zkServer.sh 0af80f8

          Diff: https://reviews.apache.org/r/2252/diff

          Testing

          -------

          Thanks,

          Tom

          Show
          jiraposter@reviews.apache.org added a comment - ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2252/#review2438 ----------------------------------------------------------- src/c/include/zookeeper.h < https://reviews.apache.org/r/2252/#comment5542 > I'm gonna replace the callback with two out parameters here. Tom On 2011-10-07 18:58:28, Tom Klonikowski wrote: ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2252/ ----------------------------------------------------------- (Updated 2011-10-07 18:58:28) Review request for zookeeper, Eugene Koontz, Mahadev Konar, and Tom Klonikowski. Summary ------- This first patch implements the zookeeper sasl operations, extends the zkServer.sh test script with the ability to start a sasl enabled server and adds a test that checks the initial DIGEST-MD5 response. It introduces no external requirements but provides zoo_sasl/zoo_asasl functions that allow applications (or the addon from patch #2) to communicate with the sasl server backend. Patch #2 will add a simple api for sasl authentication, patch #3 includes a sasl enabled command line client. This addresses bug ZOOKEEPER-1112 . https://issues.apache.org/jira/browse/ZOOKEEPER-1112 Diffs ----- src/c/include/proto.h bce408e src/c/include/zookeeper.h 7d1066a src/c/src/zk_adaptor.h 6aed38f src/c/src/zookeeper.c 64d7a4d src/c/tests/TestClient.cc 2d45cec src/c/tests/jaas.digest.server.conf e69de29 src/c/tests/zkServer.sh 0af80f8 Diff: https://reviews.apache.org/r/2252/diff Testing ------- Thanks, Tom
          Hide
          Tom Klonikowski added a comment -

          Updated patches with simpler synchronous sasl function and a little more testing.

          Show
          Tom Klonikowski added a comment - Updated patches with simpler synchronous sasl function and a little more testing.
          Hide
          jiraposter@reviews.apache.org added a comment -

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/2252/
          -----------------------------------------------------------

          (Updated 2011-10-09 16:30:25.396109)

          Review request for zookeeper, Eugene Koontz, Mahadev Konar, and Tom Klonikowski.

          Changes
          -------

          Updated patches with simpler synchronous sasl function and a little more testing

          Summary
          -------

          This first patch implements the zookeeper sasl operations, extends the zkServer.sh test script with the ability to start a sasl enabled server and adds a test that checks the initial DIGEST-MD5 response.

          It introduces no external requirements but provides zoo_sasl/zoo_asasl functions that allow applications (or the addon from patch #2) to communicate with the sasl server backend.

          Patch #2 will add a simple api for sasl authentication, patch #3 includes a sasl enabled command line client.

          This addresses bug ZOOKEEPER-1112.
          https://issues.apache.org/jira/browse/ZOOKEEPER-1112

          Diffs (updated)


          src/c/include/proto.h bce408e
          src/c/include/zookeeper.h 7d1066a
          src/c/src/zk_adaptor.h 6aed38f
          src/c/src/zookeeper.c 64d7a4d
          src/c/tests/TestClient.cc 2d45cec
          src/c/tests/jaas.digest.server.conf e69de29
          src/c/tests/zkServer.sh 0af80f8

          Diff: https://reviews.apache.org/r/2252/diff

          Testing
          -------

          Thanks,

          Tom

          Show
          jiraposter@reviews.apache.org added a comment - ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2252/ ----------------------------------------------------------- (Updated 2011-10-09 16:30:25.396109) Review request for zookeeper, Eugene Koontz, Mahadev Konar, and Tom Klonikowski. Changes ------- Updated patches with simpler synchronous sasl function and a little more testing Summary ------- This first patch implements the zookeeper sasl operations, extends the zkServer.sh test script with the ability to start a sasl enabled server and adds a test that checks the initial DIGEST-MD5 response. It introduces no external requirements but provides zoo_sasl/zoo_asasl functions that allow applications (or the addon from patch #2) to communicate with the sasl server backend. Patch #2 will add a simple api for sasl authentication, patch #3 includes a sasl enabled command line client. This addresses bug ZOOKEEPER-1112 . https://issues.apache.org/jira/browse/ZOOKEEPER-1112 Diffs (updated) src/c/include/proto.h bce408e src/c/include/zookeeper.h 7d1066a src/c/src/zk_adaptor.h 6aed38f src/c/src/zookeeper.c 64d7a4d src/c/tests/TestClient.cc 2d45cec src/c/tests/jaas.digest.server.conf e69de29 src/c/tests/zkServer.sh 0af80f8 Diff: https://reviews.apache.org/r/2252/diff Testing ------- Thanks, Tom
          Hide
          jiraposter@reviews.apache.org added a comment -

          -----------------------------------------------------------
          This is an automatically generated e-mail. To reply, visit:
          https://reviews.apache.org/r/2315/
          -----------------------------------------------------------

          Review request for zookeeper.

          Summary
          -------

          2nd patch

          • provides a simple api for sasl authentication (zoo_sasl_init, zoo_sasl_connect, zoo_sasl_authenticate)
          • requires libsasl2 (and plugins)
          • autoconf/make configuration
          • test for digest-md5 authentication
          • extended configuration for digest-md5 sasl server required by sasl2

          This addresses bug ZOOKEEPER-1112.
          https://issues.apache.org/jira/browse/ZOOKEEPER-1112

          Diffs


          src/c/Makefile.am dbf4080
          src/c/configure.ac 4e1a8d5
          src/c/include/zookeeper_sasl.h e69de29
          src/c/src/zk_sasl.c e69de29
          src/c/tests/TestClient.cc 2d45cec
          src/java/main/org/apache/zookeeper/server/ZooKeeperSaslServer.java 0ca18dc

          Diff: https://reviews.apache.org/r/2315/diff

          Testing
          -------

          Thanks,

          Tom

          Show
          jiraposter@reviews.apache.org added a comment - ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2315/ ----------------------------------------------------------- Review request for zookeeper. Summary ------- 2nd patch provides a simple api for sasl authentication (zoo_sasl_init, zoo_sasl_connect, zoo_sasl_authenticate) requires libsasl2 (and plugins) autoconf/make configuration test for digest-md5 authentication extended configuration for digest-md5 sasl server required by sasl2 This addresses bug ZOOKEEPER-1112 . https://issues.apache.org/jira/browse/ZOOKEEPER-1112 Diffs src/c/Makefile.am dbf4080 src/c/configure.ac 4e1a8d5 src/c/include/zookeeper_sasl.h e69de29 src/c/src/zk_sasl.c e69de29 src/c/tests/TestClient.cc 2d45cec src/java/main/org/apache/zookeeper/server/ZooKeeperSaslServer.java 0ca18dc Diff: https://reviews.apache.org/r/2315/diff Testing ------- Thanks, Tom
          Hide
          Tom Klonikowski added a comment -

          Maybe part #2 (sasl auth implementation via cyrus sasl) and #3 (cli using #2) should be moved to the recipes section (recipes/sasl). What do you think?

          Show
          Tom Klonikowski added a comment - Maybe part #2 (sasl auth implementation via cyrus sasl) and #3 (cli using #2) should be moved to the recipes section (recipes/sasl). What do you think?

            People

            • Assignee:
              Tom Klonikowski
              Reporter:
              Eugene Koontz
            • Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:

                Development