You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by sa...@apache.org on 2015/11/03 18:32:36 UTC
[1/3] cassandra git commit: Pass client address to authenticator when
attempting SASL auth
Repository: cassandra
Updated Branches:
refs/heads/cassandra-3.0 87f5e2e39 -> 8a8427d73
refs/heads/trunk f505e8bdf -> 724ba07a7
Pass client address to authenticator when attempting SASL auth
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/8a8427d7
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/8a8427d7
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/8a8427d7
Branch: refs/heads/cassandra-3.0
Commit: 8a8427d73044646488d3700d2b967f0dfa3c7148
Parents: 87f5e2e
Author: Sam Tunnicliffe <sa...@beobal.com>
Authored: Tue Oct 27 16:36:49 2015 +0000
Committer: Sam Tunnicliffe <sa...@beobal.com>
Committed: Tue Nov 3 17:29:28 2015 +0000
----------------------------------------------------------------------
CHANGES.txt | 1 +
NEWS.txt | 3 +++
src/java/org/apache/cassandra/auth/AllowAllAuthenticator.java | 3 ++-
src/java/org/apache/cassandra/auth/IAuthenticator.java | 5 ++++-
src/java/org/apache/cassandra/auth/PasswordAuthenticator.java | 3 ++-
src/java/org/apache/cassandra/transport/ServerConnection.java | 4 ++--
.../org/apache/cassandra/transport/messages/AuthResponse.java | 2 +-
7 files changed, 15 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/8a8427d7/CHANGES.txt
----------------------------------------------------------------------
diff --git a/CHANGES.txt b/CHANGES.txt
index e0208c6..9266386 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,5 @@
3.0
+ * Add client address argument to IAuthenticator::newSaslNegotiator (CASSANDRA-8068)
* Fix implementation of LegacyLayout.LegacyBoundComparator (CASSANDRA-10602)
* Don't use 'names query' read path for counters (CASSANDRA-10572)
* Fix backward compatibility for counters (CASSANDRA-10470)
http://git-wip-us.apache.org/repos/asf/cassandra/blob/8a8427d7/NEWS.txt
----------------------------------------------------------------------
diff --git a/NEWS.txt b/NEWS.txt
index aa19fcb..fdebbf2 100644
--- a/NEWS.txt
+++ b/NEWS.txt
@@ -45,6 +45,9 @@ New features
Upgrading
---------
+ - A new argument of type InetAdress has been added to IAuthenticator::newSaslNegotiator,
+ representing the IP address of the client attempting authentication. It will be a breaking
+ change for any custom implementations.
- token-generator tool has been removed.
- Upgrade to 3.0 is supported from Cassandra 2.1 versions greater or equal to 2.1.9,
or Cassandra 2.2 versions greater or equal to 2.2.2. Upgrade from Cassandra 2.0 and
http://git-wip-us.apache.org/repos/asf/cassandra/blob/8a8427d7/src/java/org/apache/cassandra/auth/AllowAllAuthenticator.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/auth/AllowAllAuthenticator.java b/src/java/org/apache/cassandra/auth/AllowAllAuthenticator.java
index bc00c3e..7b21dc6 100644
--- a/src/java/org/apache/cassandra/auth/AllowAllAuthenticator.java
+++ b/src/java/org/apache/cassandra/auth/AllowAllAuthenticator.java
@@ -17,6 +17,7 @@
*/
package org.apache.cassandra.auth;
+import java.net.InetAddress;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
@@ -46,7 +47,7 @@ public class AllowAllAuthenticator implements IAuthenticator
{
}
- public SaslNegotiator newSaslNegotiator()
+ public SaslNegotiator newSaslNegotiator(InetAddress clientAddress)
{
return AUTHENTICATOR_INSTANCE;
}
http://git-wip-us.apache.org/repos/asf/cassandra/blob/8a8427d7/src/java/org/apache/cassandra/auth/IAuthenticator.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/auth/IAuthenticator.java b/src/java/org/apache/cassandra/auth/IAuthenticator.java
index 24792f6..ccbdb75 100644
--- a/src/java/org/apache/cassandra/auth/IAuthenticator.java
+++ b/src/java/org/apache/cassandra/auth/IAuthenticator.java
@@ -17,6 +17,7 @@
*/
package org.apache.cassandra.auth;
+import java.net.InetAddress;
import java.util.Map;
import java.util.Set;
@@ -56,10 +57,12 @@ public interface IAuthenticator
* Provide a SASL handler to perform authentication for an single connection. SASL
* is a stateful protocol, so a new instance must be used for each authentication
* attempt.
+ * @param clientAddress the IP address of the client whom we wish to authenticate, or null
+ * if an internal client (one not connected over the remote transport).
* @return org.apache.cassandra.auth.IAuthenticator.SaslNegotiator implementation
* (see {@link org.apache.cassandra.auth.PasswordAuthenticator.PlainTextSaslAuthenticator})
*/
- SaslNegotiator newSaslNegotiator();
+ SaslNegotiator newSaslNegotiator(InetAddress clientAddress);
/**
* For implementations which support the Thrift login method that accepts arbitrary
http://git-wip-us.apache.org/repos/asf/cassandra/blob/8a8427d7/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java b/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java
index c0d2283..0482199 100644
--- a/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java
+++ b/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java
@@ -17,6 +17,7 @@
*/
package org.apache.cassandra.auth;
+import java.net.InetAddress;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Map;
@@ -132,7 +133,7 @@ public class PasswordAuthenticator implements IAuthenticator
return authenticate(username, password);
}
- public SaslNegotiator newSaslNegotiator()
+ public SaslNegotiator newSaslNegotiator(InetAddress clientAddress)
{
return new PlainTextSaslAuthenticator();
}
http://git-wip-us.apache.org/repos/asf/cassandra/blob/8a8427d7/src/java/org/apache/cassandra/transport/ServerConnection.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/transport/ServerConnection.java b/src/java/org/apache/cassandra/transport/ServerConnection.java
index dbaf123..d0796c3 100644
--- a/src/java/org/apache/cassandra/transport/ServerConnection.java
+++ b/src/java/org/apache/cassandra/transport/ServerConnection.java
@@ -110,10 +110,10 @@ public class ServerConnection extends Connection
}
}
- public IAuthenticator.SaslNegotiator getSaslNegotiator()
+ public IAuthenticator.SaslNegotiator getSaslNegotiator(QueryState queryState)
{
if (saslNegotiator == null)
- saslNegotiator = DatabaseDescriptor.getAuthenticator().newSaslNegotiator();
+ saslNegotiator = DatabaseDescriptor.getAuthenticator().newSaslNegotiator(queryState.getClientAddress());
return saslNegotiator;
}
}
http://git-wip-us.apache.org/repos/asf/cassandra/blob/8a8427d7/src/java/org/apache/cassandra/transport/messages/AuthResponse.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/transport/messages/AuthResponse.java b/src/java/org/apache/cassandra/transport/messages/AuthResponse.java
index 257a26a..ca7a0c3 100644
--- a/src/java/org/apache/cassandra/transport/messages/AuthResponse.java
+++ b/src/java/org/apache/cassandra/transport/messages/AuthResponse.java
@@ -71,7 +71,7 @@ public class AuthResponse extends Message.Request
{
try
{
- IAuthenticator.SaslNegotiator negotiator = ((ServerConnection) connection).getSaslNegotiator();
+ IAuthenticator.SaslNegotiator negotiator = ((ServerConnection) connection).getSaslNegotiator(queryState);
byte[] challenge = negotiator.evaluateResponse(token);
if (negotiator.isComplete())
{
[2/3] cassandra git commit: Pass client address to authenticator when
attempting SASL auth
Posted by sa...@apache.org.
Pass client address to authenticator when attempting SASL auth
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/8a8427d7
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/8a8427d7
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/8a8427d7
Branch: refs/heads/trunk
Commit: 8a8427d73044646488d3700d2b967f0dfa3c7148
Parents: 87f5e2e
Author: Sam Tunnicliffe <sa...@beobal.com>
Authored: Tue Oct 27 16:36:49 2015 +0000
Committer: Sam Tunnicliffe <sa...@beobal.com>
Committed: Tue Nov 3 17:29:28 2015 +0000
----------------------------------------------------------------------
CHANGES.txt | 1 +
NEWS.txt | 3 +++
src/java/org/apache/cassandra/auth/AllowAllAuthenticator.java | 3 ++-
src/java/org/apache/cassandra/auth/IAuthenticator.java | 5 ++++-
src/java/org/apache/cassandra/auth/PasswordAuthenticator.java | 3 ++-
src/java/org/apache/cassandra/transport/ServerConnection.java | 4 ++--
.../org/apache/cassandra/transport/messages/AuthResponse.java | 2 +-
7 files changed, 15 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/8a8427d7/CHANGES.txt
----------------------------------------------------------------------
diff --git a/CHANGES.txt b/CHANGES.txt
index e0208c6..9266386 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,5 @@
3.0
+ * Add client address argument to IAuthenticator::newSaslNegotiator (CASSANDRA-8068)
* Fix implementation of LegacyLayout.LegacyBoundComparator (CASSANDRA-10602)
* Don't use 'names query' read path for counters (CASSANDRA-10572)
* Fix backward compatibility for counters (CASSANDRA-10470)
http://git-wip-us.apache.org/repos/asf/cassandra/blob/8a8427d7/NEWS.txt
----------------------------------------------------------------------
diff --git a/NEWS.txt b/NEWS.txt
index aa19fcb..fdebbf2 100644
--- a/NEWS.txt
+++ b/NEWS.txt
@@ -45,6 +45,9 @@ New features
Upgrading
---------
+ - A new argument of type InetAdress has been added to IAuthenticator::newSaslNegotiator,
+ representing the IP address of the client attempting authentication. It will be a breaking
+ change for any custom implementations.
- token-generator tool has been removed.
- Upgrade to 3.0 is supported from Cassandra 2.1 versions greater or equal to 2.1.9,
or Cassandra 2.2 versions greater or equal to 2.2.2. Upgrade from Cassandra 2.0 and
http://git-wip-us.apache.org/repos/asf/cassandra/blob/8a8427d7/src/java/org/apache/cassandra/auth/AllowAllAuthenticator.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/auth/AllowAllAuthenticator.java b/src/java/org/apache/cassandra/auth/AllowAllAuthenticator.java
index bc00c3e..7b21dc6 100644
--- a/src/java/org/apache/cassandra/auth/AllowAllAuthenticator.java
+++ b/src/java/org/apache/cassandra/auth/AllowAllAuthenticator.java
@@ -17,6 +17,7 @@
*/
package org.apache.cassandra.auth;
+import java.net.InetAddress;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
@@ -46,7 +47,7 @@ public class AllowAllAuthenticator implements IAuthenticator
{
}
- public SaslNegotiator newSaslNegotiator()
+ public SaslNegotiator newSaslNegotiator(InetAddress clientAddress)
{
return AUTHENTICATOR_INSTANCE;
}
http://git-wip-us.apache.org/repos/asf/cassandra/blob/8a8427d7/src/java/org/apache/cassandra/auth/IAuthenticator.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/auth/IAuthenticator.java b/src/java/org/apache/cassandra/auth/IAuthenticator.java
index 24792f6..ccbdb75 100644
--- a/src/java/org/apache/cassandra/auth/IAuthenticator.java
+++ b/src/java/org/apache/cassandra/auth/IAuthenticator.java
@@ -17,6 +17,7 @@
*/
package org.apache.cassandra.auth;
+import java.net.InetAddress;
import java.util.Map;
import java.util.Set;
@@ -56,10 +57,12 @@ public interface IAuthenticator
* Provide a SASL handler to perform authentication for an single connection. SASL
* is a stateful protocol, so a new instance must be used for each authentication
* attempt.
+ * @param clientAddress the IP address of the client whom we wish to authenticate, or null
+ * if an internal client (one not connected over the remote transport).
* @return org.apache.cassandra.auth.IAuthenticator.SaslNegotiator implementation
* (see {@link org.apache.cassandra.auth.PasswordAuthenticator.PlainTextSaslAuthenticator})
*/
- SaslNegotiator newSaslNegotiator();
+ SaslNegotiator newSaslNegotiator(InetAddress clientAddress);
/**
* For implementations which support the Thrift login method that accepts arbitrary
http://git-wip-us.apache.org/repos/asf/cassandra/blob/8a8427d7/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java b/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java
index c0d2283..0482199 100644
--- a/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java
+++ b/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java
@@ -17,6 +17,7 @@
*/
package org.apache.cassandra.auth;
+import java.net.InetAddress;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Map;
@@ -132,7 +133,7 @@ public class PasswordAuthenticator implements IAuthenticator
return authenticate(username, password);
}
- public SaslNegotiator newSaslNegotiator()
+ public SaslNegotiator newSaslNegotiator(InetAddress clientAddress)
{
return new PlainTextSaslAuthenticator();
}
http://git-wip-us.apache.org/repos/asf/cassandra/blob/8a8427d7/src/java/org/apache/cassandra/transport/ServerConnection.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/transport/ServerConnection.java b/src/java/org/apache/cassandra/transport/ServerConnection.java
index dbaf123..d0796c3 100644
--- a/src/java/org/apache/cassandra/transport/ServerConnection.java
+++ b/src/java/org/apache/cassandra/transport/ServerConnection.java
@@ -110,10 +110,10 @@ public class ServerConnection extends Connection
}
}
- public IAuthenticator.SaslNegotiator getSaslNegotiator()
+ public IAuthenticator.SaslNegotiator getSaslNegotiator(QueryState queryState)
{
if (saslNegotiator == null)
- saslNegotiator = DatabaseDescriptor.getAuthenticator().newSaslNegotiator();
+ saslNegotiator = DatabaseDescriptor.getAuthenticator().newSaslNegotiator(queryState.getClientAddress());
return saslNegotiator;
}
}
http://git-wip-us.apache.org/repos/asf/cassandra/blob/8a8427d7/src/java/org/apache/cassandra/transport/messages/AuthResponse.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/transport/messages/AuthResponse.java b/src/java/org/apache/cassandra/transport/messages/AuthResponse.java
index 257a26a..ca7a0c3 100644
--- a/src/java/org/apache/cassandra/transport/messages/AuthResponse.java
+++ b/src/java/org/apache/cassandra/transport/messages/AuthResponse.java
@@ -71,7 +71,7 @@ public class AuthResponse extends Message.Request
{
try
{
- IAuthenticator.SaslNegotiator negotiator = ((ServerConnection) connection).getSaslNegotiator();
+ IAuthenticator.SaslNegotiator negotiator = ((ServerConnection) connection).getSaslNegotiator(queryState);
byte[] challenge = negotiator.evaluateResponse(token);
if (negotiator.isComplete())
{
[3/3] cassandra git commit: Merge branch 'cassandra-3.0' into trunk
Posted by sa...@apache.org.
Merge branch 'cassandra-3.0' into trunk
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/724ba07a
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/724ba07a
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/724ba07a
Branch: refs/heads/trunk
Commit: 724ba07a7f0aab1b372cc722d78cbe1b683db32d
Parents: f505e8b 8a8427d
Author: Sam Tunnicliffe <sa...@beobal.com>
Authored: Tue Nov 3 17:31:02 2015 +0000
Committer: Sam Tunnicliffe <sa...@beobal.com>
Committed: Tue Nov 3 17:31:02 2015 +0000
----------------------------------------------------------------------
CHANGES.txt | 1 +
NEWS.txt | 3 +++
src/java/org/apache/cassandra/auth/AllowAllAuthenticator.java | 3 ++-
src/java/org/apache/cassandra/auth/IAuthenticator.java | 5 ++++-
src/java/org/apache/cassandra/auth/PasswordAuthenticator.java | 3 ++-
src/java/org/apache/cassandra/transport/ServerConnection.java | 4 ++--
.../org/apache/cassandra/transport/messages/AuthResponse.java | 2 +-
7 files changed, 15 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/724ba07a/CHANGES.txt
----------------------------------------------------------------------
diff --cc CHANGES.txt
index 7788aa8,9266386..b0aad8c
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@@ -1,10 -1,5 +1,11 @@@
+3.2
+ * Added graphing option to cassandra-stress (CASSANDRA-7918)
+ * Abort in-progress queries that time out (CASSANDRA-7392)
+ * Add transparent data encryption core classes (CASSANDRA-9945)
+
+
3.0
+ * Add client address argument to IAuthenticator::newSaslNegotiator (CASSANDRA-8068)
* Fix implementation of LegacyLayout.LegacyBoundComparator (CASSANDRA-10602)
* Don't use 'names query' read path for counters (CASSANDRA-10572)
* Fix backward compatibility for counters (CASSANDRA-10470)