stackoom
  简体   繁体   中英

Thrift sasl with username/password authentication for C++

 原文  2016-08-05 05:19:33       authentication/ visual-c++/ thrift/ sasl/ cyrus

Question

I've been trying to add security to my project which uses Apache Thrift. In C#, there is a class TSASLClientTransport which accepts the parameters TSocket, username and password. Similarly I need a cpp class so that I can implement the same in C++.

I came across this task https://issues.apache.org/jira/browse/THRIFT-1667 , which is still in Open state. There's a patch available in this task though. Using this patch I imported the TsaslTransport class, but I don't find a way to provide username/password here. If possible can anyone share any examples on this.

Or is there a way to provide simple username/password authentication in thrift using C++?

Can Cyrus-SASL be used here?

Any help is greatly appreciated.

1 answers

solution1
 0 ACCPTED  2016-09-24 04:47:46

After some investigation I found out a working solution. I've used cyrus-sasl project along with the patch from Apache THRIFT .

First create a TTransport with a hive service running in a secure cluster. 

boost::shared_ptr<TTransport> socket(new TSocket("hive_host", hive_port));
boost::shared_ptr<TTransport> transport(new TBufferedTransport(socket));

Create array of Callbacks to get the username from & simple and password from & getsecret in client. 

  static sasl_callback_t callbacks[] ={
           {
            SASL_CB_USER, (sasl_callback_ft)&simple, NULL 
           }, {
            SASL_CB_AUTHNAME, (sasl_callback_ft)&simple, NULL 
           }, {
            SASL_CB_PASS, (sasl_callback_ft)&getsecret, NULL
           }, {
            SASL_CB_LIST_END, NULL, NULL
           }
};

Use libSaslClient from saslimpl.cpp to choose the mechanism and service. This initializes the client. And use this client in TSaslTransport to open a connection and communicate with the server. 

map<string, string> props; 
sasl::libSaslClient libSaslClient("PLAIN", "", "ldap", "host", props, callbacks);
boost::shared_ptr<TSaslTransport> tsaslTransport(new TSaslTransport(&libSaslClient, transport));
tsaslTransport->open();
tsaslTransport->close();

On successful open you will be able to communicate with a secure cluster given the right username and password.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Username and Password for LDAP Authentication Username/password authentication in WKWebView Authentication without a username and a password iis authentication username password Fetch Username and Password for Authentication Authentication without username/password? NetNamedPipeBinding and username/password authentication kafkajs - Wrong password for SASL authentication did not raise an error issue with windows authentication username and password Windows Authentication prompts for username/password
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM