You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by al...@apache.org on 2014/05/30 20:26:12 UTC
[1/3] git commit: Use LOCAL_ONE for non-superuser auth queries
Repository: cassandra
Updated Branches:
refs/heads/cassandra-2.1 8436ee616 -> 9141f7ba7
Use LOCAL_ONE for non-superuser auth queries
patch by Aleksey Yeschenko; reviewed by Jason Brown for CASSANDRA-7328
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/d48a1871
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/d48a1871
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/d48a1871
Branch: refs/heads/cassandra-2.1
Commit: d48a1871d8cd79c3330b355e153567828b0bfbeb
Parents: 2f497ed
Author: Aleksey Yeschenko <al...@apache.org>
Authored: Fri May 30 21:12:33 2014 +0300
Committer: Aleksey Yeschenko <al...@apache.org>
Committed: Fri May 30 21:12:33 2014 +0300
----------------------------------------------------------------------
CHANGES.txt | 1 +
src/java/org/apache/cassandra/auth/Auth.java | 2 +-
src/java/org/apache/cassandra/auth/CassandraAuthorizer.java | 2 +-
src/java/org/apache/cassandra/auth/PasswordAuthenticator.java | 2 +-
4 files changed, 4 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/d48a1871/CHANGES.txt
----------------------------------------------------------------------
diff --git a/CHANGES.txt b/CHANGES.txt
index ef5f72a..e45cc72 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,5 @@
1.2.17
+ * Use LOCAL_ONE for non-superuser auth queries (CASSANDRA-7328)
* Set keepalive on MessagingService connections (CASSANDRA-7170)
* Add Cloudstack snitch (CASSANDRA-7147)
* Update system.peers correctly when relocating tokens (CASSANDRA-7126)
http://git-wip-us.apache.org/repos/asf/cassandra/blob/d48a1871/src/java/org/apache/cassandra/auth/Auth.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/auth/Auth.java b/src/java/org/apache/cassandra/auth/Auth.java
index e09514e..9cee12a 100644
--- a/src/java/org/apache/cassandra/auth/Auth.java
+++ b/src/java/org/apache/cassandra/auth/Auth.java
@@ -167,7 +167,7 @@ public class Auth
if (username.equals(DEFAULT_SUPERUSER_NAME))
return ConsistencyLevel.QUORUM;
else
- return ConsistencyLevel.ONE;
+ return ConsistencyLevel.LOCAL_ONE;
}
private static void setupAuthKeyspace()
http://git-wip-us.apache.org/repos/asf/cassandra/blob/d48a1871/src/java/org/apache/cassandra/auth/CassandraAuthorizer.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/auth/CassandraAuthorizer.java b/src/java/org/apache/cassandra/auth/CassandraAuthorizer.java
index 396be71..0c94f57 100644
--- a/src/java/org/apache/cassandra/auth/CassandraAuthorizer.java
+++ b/src/java/org/apache/cassandra/auth/CassandraAuthorizer.java
@@ -71,7 +71,7 @@ public class CassandraAuthorizer implements IAuthorizer
UntypedResultSet result;
try
{
- ResultMessage.Rows rows = authorizeStatement.execute(ConsistencyLevel.ONE,
+ ResultMessage.Rows rows = authorizeStatement.execute(ConsistencyLevel.LOCAL_ONE,
new QueryState(new ClientState(true)),
Lists.newArrayList(ByteBufferUtil.bytes(user.getName()),
ByteBufferUtil.bytes(resource.getName())));
http://git-wip-us.apache.org/repos/asf/cassandra/blob/d48a1871/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java b/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java
index 2c2e227..9adbe4e 100644
--- a/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java
+++ b/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java
@@ -262,6 +262,6 @@ public class PasswordAuthenticator implements IAuthenticator
if (username.equals(DEFAULT_USER_NAME))
return ConsistencyLevel.QUORUM;
else
- return ConsistencyLevel.ONE;
+ return ConsistencyLevel.LOCAL_ONE;
}
}
[3/3] git commit: Merge branch 'cassandra-2.0' into cassandra-2.1
Posted by al...@apache.org.
Merge branch 'cassandra-2.0' into cassandra-2.1
Conflicts:
CHANGES.txt
src/java/org/apache/cassandra/auth/CassandraAuthorizer.java
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/9141f7ba
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/9141f7ba
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/9141f7ba
Branch: refs/heads/cassandra-2.1
Commit: 9141f7ba737c46fe65279b84a09a8adfdae8a0dc
Parents: 8436ee6 8480fa7
Author: Aleksey Yeschenko <al...@apache.org>
Authored: Fri May 30 21:24:24 2014 +0300
Committer: Aleksey Yeschenko <al...@apache.org>
Committed: Fri May 30 21:24:24 2014 +0300
----------------------------------------------------------------------
CHANGES.txt | 5 +++++
src/java/org/apache/cassandra/auth/Auth.java | 2 +-
src/java/org/apache/cassandra/auth/CassandraAuthorizer.java | 2 +-
src/java/org/apache/cassandra/auth/PasswordAuthenticator.java | 2 +-
4 files changed, 8 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/9141f7ba/CHANGES.txt
----------------------------------------------------------------------
diff --cc CHANGES.txt
index 139c41c,14b43e5..5293580
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@@ -1,44 -1,20 +1,49 @@@
-2.0.9
- * Add conditional CREATE/DROP USER support (CASSANDRA-7264)
- * Swap local and global default read repair chances (CASSANDRA-7320)
- * Add missing iso8601 patterns for date strings (CASSANDRA-6973)
- * Support selecting multiple rows in a partition using IN (CASSANDRA-6875)
- * cqlsh: always emphasize the partition key in DESC output (CASSANDRA-7274)
- * Copy compaction options to make sure they are reloaded (CASSANDRA-7290)
- * Add option to do more aggressive tombstone compactions (CASSANDRA-6563)
- * Don't try to compact already-compacting files in HHOM (CASSANDRA-7288)
- * Add authentication support to shuffle (CASSANDRA-6484)
- * Cqlsh counts non-empty lines for "Blank lines" warning (CASSANDRA-7325)
++2.1.0
+ Merged from 1.2:
- * Fix availability validation for LOCAL_ONE CL (CASSANDRA-7319)
- * Use LOCAL_ONE for non-superuser auth queries (CASSANDRA-7328)
++* Use LOCAL_ONE for non-superuser auth queries (CASSANDRA-7328)
+
+
-2.0.8
+2.1.0-rc1
+ * Revert flush directory (CASSANDRA-6357)
+ * More efficient executor service for fast operations (CASSANDRA-4718)
+ * Move less common tools into a new cassandra-tools package (CASSANDRA-7160)
+ * Support more concurrent requests in native protocol (CASSANDRA-7231)
+ * Add tab-completion to debian nodetool packaging (CASSANDRA-6421)
+ * Change concurrent_compactors defaults (CASSANDRA-7139)
+ * Add PowerShell Windows launch scripts (CASSANDRA-7001)
+ * Make commitlog archive+restore more robust (CASSANDRA-6974)
+ * Fix marking commitlogsegments clean (CASSANDRA-6959)
+ * Add snapshot "manifest" describing files included (CASSANDRA-6326)
+ * Parallel streaming for sstableloader (CASSANDRA-3668)
+ * Fix bugs in supercolumns handling (CASSANDRA-7138)
+ * Fix ClassClassException on composite dense tables (CASSANDRA-7112)
+ * Cleanup and optimize collation and slice iterators (CASSANDRA-7107)
+ * Upgrade NBHM lib (CASSANDRA-7128)
+ * Optimize netty server (CASSANDRA-6861)
+ * Fix repair hang when given CF does not exist (CASSANDRA-7189)
+ * Allow c* to be shutdown in an embedded mode (CASSANDRA-5635)
+ * Add server side batching to native transport (CASSANDRA-5663)
+ * Make batchlog replay asynchronous (CASSANDRA-6134)
+ * remove unused classes (CASSANDRA-7197)
+ * Limit user types to the keyspace they are defined in (CASSANDRA-6643)
+ * Add validate method to CollectionType (CASSANDRA-7208)
+ * New serialization format for UDT values (CASSANDRA-7209, CASSANDRA-7261)
+ * Fix nodetool netstats (CASSANDRA-7270)
+ * Fix potential ClassCastException in HintedHandoffManager (CASSANDRA-7284)
+ * Use prepared statements internally (CASSANDRA-6975)
+ * Fix broken paging state with prepared statement (CASSANDRA-7120)
+ * Fix IllegalArgumentException in CqlStorage (CASSANDRA-7287)
+ * Allow nulls/non-existant fields in UDT (CASSANDRA-7206)
+ * Backport Thrift MultiSliceRequest (CASSANDRA-7027)
+ * Handle overlapping MultiSlices (CASSANDRA-7279)
+ * Fix DataOutputTest on Windows (CASSANDRA-7265)
+ * Embedded sets in user defined data-types are not updating (CASSANDRA-7267)
+ * Add tuple type to CQL/native protocol (CASSANDRA-7248)
+ * Fix CqlPagingRecordReader on tables with few rows (CASSANDRA-7322)
+Merged from 2.0:
+ * Copy compaction options to make sure they are reloaded (CASSANDRA-7290)
+ * Add option to do more aggressive tombstone compactions (CASSANDRA-6563)
+ * Don't try to compact already-compacting files in HHOM (CASSANDRA-7288)
* Always reallocate buffers in HSHA (CASSANDRA-6285)
* (Hadoop) support authentication in CqlRecordReader (CASSANDRA-7221)
* (Hadoop) Close java driver Cluster in CQLRR.close (CASSANDRA-7228)
http://git-wip-us.apache.org/repos/asf/cassandra/blob/9141f7ba/src/java/org/apache/cassandra/auth/Auth.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/9141f7ba/src/java/org/apache/cassandra/auth/CassandraAuthorizer.java
----------------------------------------------------------------------
diff --cc src/java/org/apache/cassandra/auth/CassandraAuthorizer.java
index b37dee2,61ad9a4..9b22e22
--- a/src/java/org/apache/cassandra/auth/CassandraAuthorizer.java
+++ b/src/java/org/apache/cassandra/auth/CassandraAuthorizer.java
@@@ -71,10 -73,10 +71,10 @@@ public class CassandraAuthorizer implem
try
{
ResultMessage.Rows rows = authorizeStatement.execute(QueryState.forInternalCalls(),
- QueryOptions.forInternalCalls(ConsistencyLevel.ONE,
- new QueryOptions(ConsistencyLevel.LOCAL_ONE,
- Lists.newArrayList(ByteBufferUtil.bytes(user.getName()),
- ByteBufferUtil.bytes(resource.getName()))));
- result = new UntypedResultSet(rows.result);
++ QueryOptions.forInternalCalls(ConsistencyLevel.LOCAL_ONE,
+ Lists.newArrayList(ByteBufferUtil.bytes(user.getName()),
+ ByteBufferUtil.bytes(resource.getName()))));
+ result = UntypedResultSet.create(rows.result);
}
catch (RequestValidationException e)
{
http://git-wip-us.apache.org/repos/asf/cassandra/blob/9141f7ba/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java
----------------------------------------------------------------------
[2/3] git commit: Merge branch 'cassandra-1.2' into cassandra-2.0
Posted by al...@apache.org.
Merge branch 'cassandra-1.2' into cassandra-2.0
Conflicts:
CHANGES.txt
src/java/org/apache/cassandra/auth/CassandraAuthorizer.java
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/8480fa7b
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/8480fa7b
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/8480fa7b
Branch: refs/heads/cassandra-2.1
Commit: 8480fa7be1bbf54c526d76aeee7ecb07c417db6d
Parents: e2c74d5 d48a187
Author: Aleksey Yeschenko <al...@apache.org>
Authored: Fri May 30 21:16:42 2014 +0300
Committer: Aleksey Yeschenko <al...@apache.org>
Committed: Fri May 30 21:16:42 2014 +0300
----------------------------------------------------------------------
CHANGES.txt | 1 +
src/java/org/apache/cassandra/auth/Auth.java | 2 +-
src/java/org/apache/cassandra/auth/CassandraAuthorizer.java | 2 +-
src/java/org/apache/cassandra/auth/PasswordAuthenticator.java | 2 +-
4 files changed, 4 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/8480fa7b/CHANGES.txt
----------------------------------------------------------------------
diff --cc CHANGES.txt
index c3145eb,e45cc72..14b43e5
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@@ -1,57 -1,6 +1,58 @@@
-1.2.17
+2.0.9
+ * Add conditional CREATE/DROP USER support (CASSANDRA-7264)
+ * Swap local and global default read repair chances (CASSANDRA-7320)
+ * Add missing iso8601 patterns for date strings (CASSANDRA-6973)
+ * Support selecting multiple rows in a partition using IN (CASSANDRA-6875)
+ * cqlsh: always emphasize the partition key in DESC output (CASSANDRA-7274)
+ * Copy compaction options to make sure they are reloaded (CASSANDRA-7290)
+ * Add option to do more aggressive tombstone compactions (CASSANDRA-6563)
+ * Don't try to compact already-compacting files in HHOM (CASSANDRA-7288)
+ * Add authentication support to shuffle (CASSANDRA-6484)
+ * Cqlsh counts non-empty lines for "Blank lines" warning (CASSANDRA-7325)
+Merged from 1.2:
+ * Fix availability validation for LOCAL_ONE CL (CASSANDRA-7319)
+ * Use LOCAL_ONE for non-superuser auth queries (CASSANDRA-7328)
- * Set keepalive on MessagingService connections (CASSANDRA-7170)
+
+
+2.0.8
+ * Always reallocate buffers in HSHA (CASSANDRA-6285)
+ * (Hadoop) support authentication in CqlRecordReader (CASSANDRA-7221)
+ * (Hadoop) Close java driver Cluster in CQLRR.close (CASSANDRA-7228)
+ * Fix potential SlabAllocator yield-starvation (CASSANDRA-7133)
+ * Warn when 'USING TIMESTAMP' is used on a CAS BATCH (CASSANDRA-7067)
+ * Starting threads in OutboundTcpConnectionPool constructor causes race conditions (CASSANDRA-7177)
+ * return all cpu values from BackgroundActivityMonitor.readAndCompute (CASSANDRA-7183)
+ * fix c* launch issues on Russian os's due to output of linux 'free' cmd (CASSANDRA-6162)
+ * Fix disabling autocompaction (CASSANDRA-7187)
+ * Fix potential NumberFormatException when deserializing IntegerType (CASSANDRA-7088)
+ * cqlsh can't tab-complete disabling compaction (CASSANDRA-7185)
+ * cqlsh: Accept and execute CQL statement(s) from command-line parameter (CASSANDRA-7172)
+ * Fix IllegalStateException in CqlPagingRecordReader (CASSANDRA-7198)
+ * Fix the InvertedIndex trigger example (CASSANDRA-7211)
+ * Correctly delete scheduled range xfers (CASSANDRA-7143)
+ * Make batchlog replica selection rack-aware (CASSANDRA-6551)
+ * Allow overriding cassandra-rackdc.properties file (CASSANDRA-7072)
+ * Set JMX RMI port to 7199 (CASSANDRA-7087)
+ * Use LOCAL_QUORUM for data reads at LOCAL_SERIAL (CASSANDRA-6939)
+ * Log a warning for large batches (CASSANDRA-6487)
+ * Queries on compact tables can return more rows that requested (CASSANDRA-7052)
+ * USING TIMESTAMP for batches does not work (CASSANDRA-7053)
+ * Fix performance regression from CASSANDRA-5614 (CASSANDRA-6949)
+ * Merge groupable mutations in TriggerExecutor#execute() (CASSANDRA-7047)
+ * Fix CFMetaData#getColumnDefinitionFromColumnName() (CASSANDRA-7074)
+ * Plug holes in resource release when wiring up StreamSession (CASSANDRA-7073)
+ * Re-add parameter columns to tracing session (CASSANDRA-6942)
+ * Fix writetime/ttl functions for static columns (CASSANDRA-7081)
+ * Suggest CTRL-C or semicolon after three blank lines in cqlsh (CASSANDRA-7142)
+ * Add --resolve-ip option to 'nodetool ring' (CASSANDRA-7210)
+ * Fix duplicated error messages on directory creation error at startup (CASSANDRA-5818)
+ * reduce garbage on codec flag deserialization (CASSANDRA-7244)
+ * Proper null handle for IF with map element access (CASSANDRA-7155)
+ * Improve compaction visibility (CASSANDRA-7242)
+ * Fix 2ndary index queries with DESC clustering order (CASSANDRA-6950)
+ * Invalid key cache entries on DROP (CASSANDRA-6525)
+ * Fix flapping RecoveryManagerTest (CASSANDRA-7084)
+Merged from 1.2:
* Add Cloudstack snitch (CASSANDRA-7147)
* Update system.peers correctly when relocating tokens (CASSANDRA-7126)
* Add Google Compute Engine snitch (CASSANDRA-7132)
http://git-wip-us.apache.org/repos/asf/cassandra/blob/8480fa7b/src/java/org/apache/cassandra/auth/Auth.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/8480fa7b/src/java/org/apache/cassandra/auth/CassandraAuthorizer.java
----------------------------------------------------------------------
diff --cc src/java/org/apache/cassandra/auth/CassandraAuthorizer.java
index deecfdb,0c94f57..61ad9a4
--- a/src/java/org/apache/cassandra/auth/CassandraAuthorizer.java
+++ b/src/java/org/apache/cassandra/auth/CassandraAuthorizer.java
@@@ -72,10 -71,10 +72,10 @@@ public class CassandraAuthorizer implem
UntypedResultSet result;
try
{
- ResultMessage.Rows rows = authorizeStatement.execute(ConsistencyLevel.LOCAL_ONE,
- new QueryState(new ClientState(true)),
- Lists.newArrayList(ByteBufferUtil.bytes(user.getName()),
- ByteBufferUtil.bytes(resource.getName())));
+ ResultMessage.Rows rows = authorizeStatement.execute(QueryState.forInternalCalls(),
- new QueryOptions(ConsistencyLevel.ONE,
++ new QueryOptions(ConsistencyLevel.LOCAL_ONE,
+ Lists.newArrayList(ByteBufferUtil.bytes(user.getName()),
+ ByteBufferUtil.bytes(resource.getName()))));
result = new UntypedResultSet(rows.result);
}
catch (RequestValidationException e)
http://git-wip-us.apache.org/repos/asf/cassandra/blob/8480fa7b/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java
----------------------------------------------------------------------
diff --cc src/java/org/apache/cassandra/auth/PasswordAuthenticator.java
index 3d9ba98,9adbe4e..7ed9817
--- a/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java
+++ b/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java
@@@ -271,76 -262,6 +271,76 @@@ public class PasswordAuthenticator impl
if (username.equals(DEFAULT_USER_NAME))
return ConsistencyLevel.QUORUM;
else
- return ConsistencyLevel.ONE;
+ return ConsistencyLevel.LOCAL_ONE;
}
+
+ private class PlainTextSaslAuthenticator implements ISaslAwareAuthenticator.SaslAuthenticator
+ {
+ private static final byte NUL = 0;
+
+ private boolean complete = false;
+ private Map<String, String> credentials;
+
+ @Override
+ public byte[] evaluateResponse(byte[] clientResponse) throws AuthenticationException
+ {
+ credentials = decodeCredentials(clientResponse);
+ complete = true;
+ return null;
+ }
+
+ @Override
+ public boolean isComplete()
+ {
+ return complete;
+ }
+
+ @Override
+ public AuthenticatedUser getAuthenticatedUser() throws AuthenticationException
+ {
+ return authenticate(credentials);
+ }
+
+ /**
+ * SASL PLAIN mechanism specifies that credentials are encoded in a
+ * sequence of UTF-8 bytes, delimited by 0 (US-ASCII NUL).
+ * The form is : {code}authzId<NUL>authnId<NUL>password<NUL>{code}
+ * authzId is optional, and in fact we don't care about it here as we'll
+ * set the authzId to match the authnId (that is, there is no concept of
+ * a user being authorized to act on behalf of another).
+ *
+ * @param bytes encoded credentials string sent by the client
+ * @return map containing the username/password pairs in the form an IAuthenticator
+ * would expect
+ * @throws javax.security.sasl.SaslException
+ */
+ private Map<String, String> decodeCredentials(byte[] bytes) throws AuthenticationException
+ {
+ logger.debug("Decoding credentials from client token");
+ byte[] user = null;
+ byte[] pass = null;
+ int end = bytes.length;
+ for (int i = bytes.length - 1 ; i >= 0; i--)
+ {
+ if (bytes[i] == NUL)
+ {
+ if (pass == null)
+ pass = Arrays.copyOfRange(bytes, i + 1, end);
+ else if (user == null)
+ user = Arrays.copyOfRange(bytes, i + 1, end);
+ end = i;
+ }
+ }
+
+ if (user == null)
+ throw new AuthenticationException("Authentication ID must not be null");
+ if (pass == null)
+ throw new AuthenticationException("Password must not be null");
+
+ Map<String, String> credentials = new HashMap<String, String>();
+ credentials.put(IAuthenticator.USERNAME_KEY, new String(user, StandardCharsets.UTF_8));
+ credentials.put(IAuthenticator.PASSWORD_KEY, new String(pass, StandardCharsets.UTF_8));
+ return credentials;
+ }
+ }
}