You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@kudu.apache.org by "Todd Lipcon (Code Review)" <ge...@cloudera.org> on 2017/03/02 21:11:21 UTC
[kudu-CR](branch-1.3.x) [security] Add per-connection nonce for Kerberos replay resistance
Todd Lipcon has uploaded a new change for review.
http://gerrit.cloudera.org:8080/6229
Change subject: [security] Add per-connection nonce for Kerberos replay resistance
......................................................................
[security] Add per-connection nonce for Kerberos replay resistance
Kerberos is susceptible to replay attacks, which it attempts to mitigate
by using a server-side replay cache. The cache is not 100% effective,
and is extremely slow. This commit introduces an effective and efficient
method of mitigating replay attacks by using a server-generated nonce
which the client must send back to the server, wrapped in SASL integrity
protection. This will allow Kudu to disable the replay cache without
negatively affecting security.
No tests are provided, but the codepath is well covered by existing
Kerberos negotiation tests. I intend to write simulated mitm tests to
check this and the channel binding protections soon.
Change-Id: If0fb433896963be5e81d349ebf3a044a458e6627
Reviewed-on: http://gerrit.cloudera.org:8080/6137
Tested-by: Kudu Jenkins
Reviewed-by: Alexey Serbin <as...@cloudera.com>
Reviewed-by: Todd Lipcon <to...@apache.org>
(cherry picked from commit ef6e5b58b1ac1425202aaa16dd32bb447f60d814)
---
M docs/design-docs/rpc.md
M java/kudu-client/src/main/java/org/apache/kudu/client/Negotiator.java
M src/kudu/rpc/client_negotiation.cc
M src/kudu/rpc/client_negotiation.h
M src/kudu/rpc/negotiation-test.cc
M src/kudu/rpc/rpc_header.proto
M src/kudu/rpc/sasl_common.cc
M src/kudu/rpc/sasl_common.h
M src/kudu/rpc/server_negotiation.cc
M src/kudu/rpc/server_negotiation.h
M src/kudu/security/crypto-test.cc
M src/kudu/security/crypto.cc
M src/kudu/security/crypto.h
13 files changed, 254 insertions(+), 106 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/29/6229/1
--
To view, visit http://gerrit.cloudera.org:8080/6229
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: If0fb433896963be5e81d349ebf3a044a458e6627
Gerrit-PatchSet: 1
Gerrit-Project: kudu
Gerrit-Branch: branch-1.3.x
Gerrit-Owner: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
[kudu-CR](branch-1.3.x) [security] Add per-connection nonce for Kerberos replay resistance
Posted by "Todd Lipcon (Code Review)" <ge...@cloudera.org>.
Todd Lipcon has submitted this change and it was merged.
Change subject: [security] Add per-connection nonce for Kerberos replay resistance
......................................................................
[security] Add per-connection nonce for Kerberos replay resistance
Kerberos is susceptible to replay attacks, which it attempts to mitigate
by using a server-side replay cache. The cache is not 100% effective,
and is extremely slow. This commit introduces an effective and efficient
method of mitigating replay attacks by using a server-generated nonce
which the client must send back to the server, wrapped in SASL integrity
protection. This will allow Kudu to disable the replay cache without
negatively affecting security.
No tests are provided, but the codepath is well covered by existing
Kerberos negotiation tests. I intend to write simulated mitm tests to
check this and the channel binding protections soon.
Change-Id: If0fb433896963be5e81d349ebf3a044a458e6627
Reviewed-on: http://gerrit.cloudera.org:8080/6137
Tested-by: Kudu Jenkins
Reviewed-by: Alexey Serbin <as...@cloudera.com>
Reviewed-by: Todd Lipcon <to...@apache.org>
(cherry picked from commit ef6e5b58b1ac1425202aaa16dd32bb447f60d814)
Reviewed-on: http://gerrit.cloudera.org:8080/6229
---
M docs/design-docs/rpc.md
M java/kudu-client/src/main/java/org/apache/kudu/client/Negotiator.java
M src/kudu/rpc/client_negotiation.cc
M src/kudu/rpc/client_negotiation.h
M src/kudu/rpc/negotiation-test.cc
M src/kudu/rpc/rpc_header.proto
M src/kudu/rpc/sasl_common.cc
M src/kudu/rpc/sasl_common.h
M src/kudu/rpc/server_negotiation.cc
M src/kudu/rpc/server_negotiation.h
M src/kudu/security/crypto-test.cc
M src/kudu/security/crypto.cc
M src/kudu/security/crypto.h
13 files changed, 254 insertions(+), 106 deletions(-)
Approvals:
Todd Lipcon: Looks good to me, approved
Kudu Jenkins: Verified
--
To view, visit http://gerrit.cloudera.org:8080/6229
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: If0fb433896963be5e81d349ebf3a044a458e6627
Gerrit-PatchSet: 2
Gerrit-Project: kudu
Gerrit-Branch: branch-1.3.x
Gerrit-Owner: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
[kudu-CR](branch-1.3.x) [security] Add per-connection nonce for Kerberos replay resistance
Posted by "Todd Lipcon (Code Review)" <ge...@cloudera.org>.
Todd Lipcon has posted comments on this change.
Change subject: [security] Add per-connection nonce for Kerberos replay resistance
......................................................................
Patch Set 1: Code-Review+2
--
To view, visit http://gerrit.cloudera.org:8080/6229
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: If0fb433896963be5e81d349ebf3a044a458e6627
Gerrit-PatchSet: 1
Gerrit-Project: kudu
Gerrit-Branch: branch-1.3.x
Gerrit-Owner: Todd Lipcon <to...@apache.org>
Gerrit-Reviewer: Dan Burkert <da...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Todd Lipcon <to...@apache.org>
Gerrit-HasComments: No