You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@drill.apache.org by ar...@apache.org on 2018/03/04 17:13:51 UTC
[11/12] drill git commit: DRILL-6189: Security: passwords logging and
file permisions
DRILL-6189: Security: passwords logging and file permisions
1. Overrided serialization methods for instances with passwords
2. Changed file permissions for configuration files
closes #1139
Project: http://git-wip-us.apache.org/repos/asf/drill/repo
Commit: http://git-wip-us.apache.org/repos/asf/drill/commit/863ff0bc
Tree: http://git-wip-us.apache.org/repos/asf/drill/tree/863ff0bc
Diff: http://git-wip-us.apache.org/repos/asf/drill/diff/863ff0bc
Branch: refs/heads/master
Commit: 863ff0bcff1ee01df292277194e0fee25dbe3460
Parents: f2ac874
Author: Vladimir Tkach <vo...@gmail.com>
Authored: Wed Feb 28 19:13:51 2018 +0200
Committer: Arina Ielchiieva <ar...@gmail.com>
Committed: Sun Mar 4 17:45:40 2018 +0200
----------------------------------------------------------------------
.../exec/store/jdbc/JdbcStorageConfig.java | 2 +
distribution/src/assemble/bin.xml | 12 ++++--
distribution/src/resources/distrib-env.sh | 0
distribution/src/resources/drill-env.sh | 0
.../planner/sql/handlers/DefaultSqlHandler.java | 8 +++-
.../apache/drill/exec/rpc/user/UserServer.java | 40 +++++++++++++++++++-
.../common/config/LogicalPlanPersistence.java | 2 +
7 files changed, 57 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/drill/blob/863ff0bc/contrib/storage-jdbc/src/main/java/org/apache/drill/exec/store/jdbc/JdbcStorageConfig.java
----------------------------------------------------------------------
diff --git a/contrib/storage-jdbc/src/main/java/org/apache/drill/exec/store/jdbc/JdbcStorageConfig.java b/contrib/storage-jdbc/src/main/java/org/apache/drill/exec/store/jdbc/JdbcStorageConfig.java
index 5a921d4..15eb675 100755
--- a/contrib/storage-jdbc/src/main/java/org/apache/drill/exec/store/jdbc/JdbcStorageConfig.java
+++ b/contrib/storage-jdbc/src/main/java/org/apache/drill/exec/store/jdbc/JdbcStorageConfig.java
@@ -17,6 +17,7 @@
*/
package org.apache.drill.exec.store.jdbc;
+import com.fasterxml.jackson.annotation.JsonFilter;
import org.apache.drill.common.logical.StoragePluginConfig;
import com.fasterxml.jackson.annotation.JsonCreator;
@@ -24,6 +25,7 @@ import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonTypeName;
@JsonTypeName(JdbcStorageConfig.NAME)
+@JsonFilter("passwordFilter")
public class JdbcStorageConfig extends StoragePluginConfig {
public static final String NAME = "jdbc";
http://git-wip-us.apache.org/repos/asf/drill/blob/863ff0bc/distribution/src/assemble/bin.xml
----------------------------------------------------------------------
diff --git a/distribution/src/assemble/bin.xml b/distribution/src/assemble/bin.xml
index 7ca1140..82c4d90 100644
--- a/distribution/src/assemble/bin.xml
+++ b/distribution/src/assemble/bin.xml
@@ -356,10 +356,12 @@
<file>
<source>src/resources/drill-override.conf</source>
<outputDirectory>conf</outputDirectory>
+ <fileMode>0640</fileMode>
</file>
<file>
<source>src/resources/logback.xml</source>
<outputDirectory>conf</outputDirectory>
+ <fileMode>0640</fileMode>
</file>
<file>
<source>src/resources/yarn-client-log.xml</source>
@@ -373,12 +375,12 @@
</file>
<file>
<source>src/resources/drill-env.sh</source>
- <fileMode>0755</fileMode>
+ <fileMode>0750</fileMode>
<outputDirectory>conf</outputDirectory>
</file>
<file>
<source>src/resources/distrib-env.sh</source>
- <fileMode>0755</fileMode>
+ <fileMode>0750</fileMode>
<outputDirectory>conf</outputDirectory>
</file>
<file>
@@ -388,21 +390,23 @@
</file>
<file>
<source>src/resources/drill-setup.sh</source>
- <fileMode>0755</fileMode>
+ <fileMode>0750</fileMode>
<outputDirectory>conf</outputDirectory>
</file>
<file>
<source>src/resources/distrib-setup.sh</source>
- <fileMode>0755</fileMode>
+ <fileMode>0750</fileMode>
<outputDirectory>conf</outputDirectory>
</file>
<file>
<source>src/resources/drill-override-example.conf</source>
<outputDirectory>conf</outputDirectory>
+ <fileMode>0640</fileMode>
</file>
<file>
<source>src/resources/core-site-example.xml</source>
<outputDirectory>conf</outputDirectory>
+ <fileMode>0640</fileMode>
</file>
<file>
<source>src/resources/saffron.properties</source>
http://git-wip-us.apache.org/repos/asf/drill/blob/863ff0bc/distribution/src/resources/distrib-env.sh
----------------------------------------------------------------------
diff --git a/distribution/src/resources/distrib-env.sh b/distribution/src/resources/distrib-env.sh
old mode 100644
new mode 100755
http://git-wip-us.apache.org/repos/asf/drill/blob/863ff0bc/distribution/src/resources/drill-env.sh
----------------------------------------------------------------------
diff --git a/distribution/src/resources/drill-env.sh b/distribution/src/resources/drill-env.sh
old mode 100644
new mode 100755
http://git-wip-us.apache.org/repos/asf/drill/blob/863ff0bc/exec/java-exec/src/main/java/org/apache/drill/exec/planner/sql/handlers/DefaultSqlHandler.java
----------------------------------------------------------------------
diff --git a/exec/java-exec/src/main/java/org/apache/drill/exec/planner/sql/handlers/DefaultSqlHandler.java b/exec/java-exec/src/main/java/org/apache/drill/exec/planner/sql/handlers/DefaultSqlHandler.java
index 9b75fb7..58fac66 100644
--- a/exec/java-exec/src/main/java/org/apache/drill/exec/planner/sql/handlers/DefaultSqlHandler.java
+++ b/exec/java-exec/src/main/java/org/apache/drill/exec/planner/sql/handlers/DefaultSqlHandler.java
@@ -23,7 +23,11 @@ import java.util.Collection;
import java.util.List;
import java.util.concurrent.TimeUnit;
+import com.fasterxml.jackson.databind.ser.PropertyFilter;
+import com.fasterxml.jackson.databind.ser.impl.SimpleBeanPropertyFilter;
+import com.fasterxml.jackson.databind.ser.impl.SimpleFilterProvider;
import com.google.common.collect.ImmutableList;
+import com.google.common.collect.Sets;
import org.apache.calcite.plan.RelOptCostImpl;
import org.apache.calcite.plan.RelOptLattice;
import org.apache.calcite.plan.RelOptMaterialization;
@@ -158,7 +162,9 @@ public class DefaultSqlHandler extends AbstractSqlHandler {
protected void log(final String name, final PhysicalPlan plan, final Logger logger) throws JsonProcessingException {
if (logger.isDebugEnabled()) {
- String planText = plan.unparse(context.getLpPersistence().getMapper().writer());
+ PropertyFilter filter = new SimpleBeanPropertyFilter.SerializeExceptFilter(Sets.newHashSet("password"));
+ String planText = plan.unparse(context.getLpPersistence().getMapper()
+ .writer(new SimpleFilterProvider().addFilter("passwordFilter", filter)));
logger.debug(name + " : \n" + planText);
}
}
http://git-wip-us.apache.org/repos/asf/drill/blob/863ff0bc/exec/java-exec/src/main/java/org/apache/drill/exec/rpc/user/UserServer.java
----------------------------------------------------------------------
diff --git a/exec/java-exec/src/main/java/org/apache/drill/exec/rpc/user/UserServer.java b/exec/java-exec/src/main/java/org/apache/drill/exec/rpc/user/UserServer.java
index 58d9df0..df73b9e 100644
--- a/exec/java-exec/src/main/java/org/apache/drill/exec/rpc/user/UserServer.java
+++ b/exec/java-exec/src/main/java/org/apache/drill/exec/rpc/user/UserServer.java
@@ -19,6 +19,7 @@ package org.apache.drill.exec.rpc.user;
import java.io.IOException;
import java.net.SocketAddress;
+import java.util.List;
import java.util.Map.Entry;
import java.util.Set;
import java.util.UUID;
@@ -92,6 +93,40 @@ public class UserServer extends BasicServer<RpcType, BitToUserConnection> {
userConnectionMap = new ConcurrentHashMap<>();
}
+ /**
+ * Serialize {@link org.apache.drill.exec.proto.UserProtos.BitToUserHandshake} instance without password
+ * @param inbound handshake instance for serialization
+ * @return String of serialized object
+ */
+ private String serializeUserToBitHandshakeWithoutPassword(UserToBitHandshake inbound) {
+ StringBuilder sb = new StringBuilder();
+ sb.append("rpc_version: ");
+ sb.append(inbound.getRpcVersion());
+ sb.append("\ncredentials:\n\t");
+ sb.append(inbound.getCredentials());
+ sb.append("properties:");
+ List<Property> props = inbound.getProperties().getPropertiesList();
+ for (Property p: props) {
+ if (!p.getKey().equalsIgnoreCase("password")) {
+ sb.append("\n\tproperty:\n\t\t");
+ sb.append("key: \"");
+ sb.append(p.getKey());
+ sb.append("\"\n\t\tvalue: \"");
+ sb.append(p.getValue());
+ sb.append("\"");
+ }
+ }
+ sb.append("\nsupport_complex_types: ");
+ sb.append(inbound.getSupportComplexTypes());
+ sb.append("\nsupport_timeout: ");
+ sb.append(inbound.getSupportTimeout());
+ sb.append("sasl_support: ");
+ sb.append(inbound.getSaslSupport());
+ sb.append("\nclient_infos:\n\t");
+ sb.append(inbound.getClientInfos().toString().replace("\n", "\n\t"));
+ return sb.toString();
+ }
+
public UserServer(BootStrapContext context, BufferAllocator allocator, EventLoopGroup eventLoopGroup,
UserWorker worker) throws DrillbitStartupException {
super(UserRpcConfig.getMapping(context.getConfig(), context.getExecutor()),
@@ -320,8 +355,9 @@ public class UserServer extends BasicServer<RpcType, BitToUserConnection> {
@Override
public BitToUserHandshake getHandshakeResponse(UserToBitHandshake inbound) throws Exception {
- logger.trace("Handling handshake from user to bit. {}", inbound);
-
+ if (logger.isTraceEnabled()) {
+ logger.trace("Handling handshake from user to bit. {}", serializeUserToBitHandshakeWithoutPassword(inbound));
+ }
// if timeout is unsupported or is set to false, disable timeout.
if (!inbound.hasSupportTimeout() || !inbound.getSupportTimeout()) {
connection.disableReadTimeout();
http://git-wip-us.apache.org/repos/asf/drill/blob/863ff0bc/logical/src/main/java/org/apache/drill/common/config/LogicalPlanPersistence.java
----------------------------------------------------------------------
diff --git a/logical/src/main/java/org/apache/drill/common/config/LogicalPlanPersistence.java b/logical/src/main/java/org/apache/drill/common/config/LogicalPlanPersistence.java
index cd7a8d0..ccc4c5a 100644
--- a/logical/src/main/java/org/apache/drill/common/config/LogicalPlanPersistence.java
+++ b/logical/src/main/java/org/apache/drill/common/config/LogicalPlanPersistence.java
@@ -19,6 +19,7 @@ package org.apache.drill.common.config;
import java.util.Set;
+import com.fasterxml.jackson.databind.ser.impl.SimpleFilterProvider;
import org.apache.drill.common.expression.LogicalExpression;
import org.apache.drill.common.expression.SchemaPath;
import org.apache.drill.common.logical.FormatPluginConfigBase;
@@ -52,6 +53,7 @@ public class LogicalPlanPersistence {
mapper.configure(Feature.ALLOW_UNQUOTED_FIELD_NAMES, true);
mapper.configure(JsonGenerator.Feature.QUOTE_FIELD_NAMES, true);
mapper.configure(Feature.ALLOW_COMMENTS, true);
+ mapper.setFilterProvider(new SimpleFilterProvider().setFailOnUnknownId(false));
registerSubtypes(LogicalOperatorBase.getSubTypes(scanResult));
registerSubtypes(StoragePluginConfigBase.getSubTypes(scanResult));
registerSubtypes(FormatPluginConfigBase.getSubTypes(scanResult));