|
Impala
Impalaistheopensource,nativeanalyticdatabaseforApacheHadoop.
|
|
Impala
Impalaistheopensource,nativeanalyticdatabaseforApacheHadoop.
|
#include "rpc/authentication.h"#include <stdio.h>#include <signal.h>#include <boost/algorithm/string.hpp>#include <boost/thread/thread.hpp>#include <boost/scoped_ptr.hpp>#include <boost/random/mersenne_twister.hpp>#include <boost/random/uniform_int.hpp>#include <boost/filesystem.hpp>#include <gutil/strings/substitute.h>#include <string>#include <vector>#include <thrift/Thrift.h>#include <transport/TSasl.h>#include <transport/TSaslServerTransport.h>#include <glog/logging.h>#include <gflags/gflags.h>#include <ldap.h>#include "rpc/auth-provider.h"#include "transport/TSaslClientTransport.h"#include "util/debug-util.h"#include "util/error-util.h"#include "util/network-util.h"#include "util/os-util.h"#include "util/promise.h"#include "util/thread.h"#include "util/time.h"#include <sys/types.h>#include <sys/stat.h>#include <unistd.h>#include "common/names.h"Go to the source code of this file.
Namespaces | |
| impala | |
| This file contains type definitions that are used throughout the code base. | |
Functions | |
| DECLARE_string (keytab_file) | |
| DECLARE_string (principal) | |
| DECLARE_string (be_principal) | |
| DECLARE_string (krb5_conf) | |
| DECLARE_string (krb5_debug_file) | |
| DEFINE_int32 (kerberos_reinit_interval, 60,"Interval, in minutes, between kerberos ticket renewals. Each renewal will request ""a ticket with a lifetime that is at least 2x the renewal interval.") | |
| DEFINE_string (sasl_path,"/usr/lib/sasl2:/usr/lib64/sasl2:/usr/local/lib/sasl2:""/usr/lib/x86_64-linux-gnu/sasl2","Colon separated list of paths to look for SASL ""security library plugins.") | |
| DEFINE_bool (enable_ldap_auth, false,"If true, use LDAP authentication for client connections") | |
| DEFINE_string (ldap_uri,"","The URI of the LDAP server to authenticate users against") | |
| DEFINE_bool (ldap_tls, false,"If true, use the secure TLS protocol to connect to the LDAP"" server") | |
| DEFINE_string (ldap_ca_certificate,"","The full path to the certificate file used to"" authenticate the LDAP server's certificate for SSL / TLS connections.") | |
| DEFINE_bool (ldap_passwords_in_clear_ok, false,"If set, will allow LDAP passwords ""to be sent in the clear (without TLS/SSL) over the network. This option should not ""be used in production environments") | |
| DEFINE_bool (ldap_allow_anonymous_binds, false,"(Advanced) If true, LDAP authentication ""with a blank password (an 'anonymous bind') is allowed by Impala.") | |
| DEFINE_bool (ldap_manual_config, false,"Obsolete; Ignored") | |
| DEFINE_string (ldap_domain,"","If set, Impala will try to bind to LDAP with a name of ""the form <userid>@<ldap_domain>") | |
| DEFINE_string (ldap_baseDN,"","If set, Impala will try to bind to LDAP with a name of ""the form uid=<userid>,<ldap_baseDN>") | |
| DEFINE_string (ldap_bind_pattern,"","If set, Impala will try to bind to LDAP with a name"" of <ldap_bind_pattern>, but where the string #UID is replaced by the user ID. Use"" to control the bind name precisely; do not set --ldap_domain or --ldap_baseDN with"" this option") | |
| static int | impala::SaslLogCallback (void *context, int level, const char *message) |
| int | impala::SaslLdapCheckPass (sasl_conn_t *conn, void *context, const char *user, const char *pass, unsigned passlen, struct propctx *propctx) |
| static int | impala::SaslGetOption (void *context, const char *plugin_name, const char *option, const char **result, unsigned *len) |
| static void | impala::ImpalaAuxpropLookup (void *glob_context, sasl_server_params_t *sparams, unsigned int flags, const char *user, unsigned ulen) |
| int | impala::ImpalaAuxpropInit (const sasl_utils_t *utils, int max_version, int *out_version, sasl_auxprop_plug_t **plug, const char *plugname) |
| static int | impala::SaslVerifyFile (void *context, const char *file, sasl_verify_type_t type) |
| static int | impala::SaslAuthorizeInternal (sasl_conn_t *conn, void *context, const char *requested_user, unsigned rlen, const char *auth_identity, unsigned alen, const char *def_realm, unsigned urlen, struct propctx *propctx) |
| static int | impala::SaslAuthorizeExternal (sasl_conn_t *conn, void *context, const char *requested_user, unsigned rlen, const char *auth_identity, unsigned alen, const char *def_realm, unsigned urlen, struct propctx *propctx) |
| static int | impala::SaslGetPath (void *context, const char **path) |
| Status | impala::InitAuth (const string &appname) |
| Status | impala::CheckReplayCacheDirPermissions () |
| static Status | impala::EnvAppend (const string &attr, const string &thing, const string &thingval) |
Variables | |
| static sasl_callback_t | impala::GENERAL_CALLBACKS [5] |
| static vector< sasl_callback_t > | impala::KERB_INT_CALLBACKS |
| static vector< sasl_callback_t > | impala::KERB_EXT_CALLBACKS |
| static vector< sasl_callback_t > | impala::LDAP_EXT_CALLBACKS |
| static const string | impala::HOSTNAME_PATTERN = "_HOST" |
| static const string | impala::KERBEROS_MECHANISM = "GSSAPI" |
| static const string | impala::PLAIN_MECHANISM = "PLAIN" |
| static const string | impala::LDAP_URI_PREFIX = "ldap://" |
| static const string | impala::LDAPS_URI_PREFIX = "ldaps://" |
| static const string | impala::IMPALA_AUXPROP_PLUGIN = "impala-auxprop" |
| static sasl_auxprop_plug_t | impala::impala_auxprop_plugin |
| DECLARE_string | ( | keytab_file | ) |
| DECLARE_string | ( | principal | ) |
| DECLARE_string | ( | be_principal | ) |
| DECLARE_string | ( | krb5_conf | ) |
| DECLARE_string | ( | krb5_debug_file | ) |
| DEFINE_bool | ( | enable_ldap_auth | , |
| false | , | ||
| "If | true, | ||
| use LDAP authentication for client connections" | |||
| ) |
| DEFINE_bool | ( | ldap_tls | , |
| false | , | ||
| "If | true, | ||
| use the secure TLS protocol to connect to the LDAP""server" | |||
| ) |
| DEFINE_bool | ( | ldap_passwords_in_clear_ok | , |
| false | , | ||
| "If | set, | ||
| will allow LDAP passwords""to be sent in the clear(without TLS/SSL) over the network.This option should not""be used in production environments" | |||
| ) |
| DEFINE_bool | ( | ldap_allow_anonymous_binds | , |
| false | , | ||
| "(Advanced) If | true, | ||
| LDAP authentication""with a blank password(an 'anonymous bind') is allowed by Impala." | |||
| ) |
| DEFINE_bool | ( | ldap_manual_config | , |
| false | , | ||
| "Obsolete; Ignored" | |||
| ) |
| DEFINE_int32 | ( | kerberos_reinit_interval | , |
| 60 | , | ||
| " | Interval, | ||
| in | minutes, | ||
| between kerberos ticket renewals.Each renewal will request""a ticket with a lifetime that is at least 2x the renewal interval." | |||
| ) |
| DEFINE_string | ( | sasl_path | , |
| "/usr/lib/sasl2:/usr/lib64/sasl2:/usr/local/lib/sasl2:""/usr/lib/x86_64-linux-gnu/sasl2" | , | ||
| "Colon separated list of paths to look for SASL ""security library plugins." | |||
| ) |
| DEFINE_string | ( | ldap_uri | , |
| "" | , | ||
| "The URI of the LDAP server to authenticate users against" | |||
| ) |
| DEFINE_string | ( | ldap_ca_certificate | , |
| "" | , | ||
| "The full path to the certificate file used to"" authenticate the LDAP server's certificate for SSL / TLS connections." | |||
| ) |
| DEFINE_string | ( | ldap_domain | , |
| "" | , | ||
| "If | set, | ||
| Impala will try to bind to LDAP with a name of""the form< userid > @< ldap_domain >" | |||
| ) |
| DEFINE_string | ( | ldap_baseDN | , |
| "" | , | ||
| "If | set, | ||
| Impala will try to bind to LDAP with a name of""the form | uid = <userid>, |
||
| < ldap_baseDN >" | |||
| ) |
| DEFINE_string | ( | ldap_bind_pattern | , |
| "" | , | ||
| "If | set, | ||
| Impala will try to bind to LDAP with a name""of< ldap_bind_pattern > | , | ||
| but where the string#UID is replaced by the user ID.Use""to control the bind name precisely;do not set--ldap_domain or--ldap_baseDN with""this option" | |||
| ) |
1.8.6