I've been trying to add security to my project which uses Apache Thrift. In C#, there is a class TSASLClientTransport which accepts the parameters TSocket, username and password. Similarly I need a cpp class so that I can implement the same in C++.
I came across this task https://issues.apache.org/jira/browse/THRIFT-1667, which is still in Open state. There's a patch available in this task though. Using this patch I imported the TsaslTransport class, but I don't find a way to provide username/password here. If possible can anyone share any examples on this.
Or is there a way to provide simple username/password authentication in thrift using C++?
Can Cyrus-SASL be used here?
Any help is greatly appreciated.
After some investigation I found out a working solution. I’ve used cyrus-sasl project along with the patch from Apache THRIFT.
First create a TTransport with a hive service running in a secure cluster.
boost::shared_ptr<TTransport> socket(new TSocket("hive_host", hive_port));
boost::shared_ptr<TTransport> transport(new TBufferedTransport(socket));
Create array of Callbacks to get the username from &simple and password from &getsecret in client.
static sasl_callback_t callbacks[] ={
{
SASL_CB_USER, (sasl_callback_ft)&simple, NULL
}, {
SASL_CB_AUTHNAME, (sasl_callback_ft)&simple, NULL
}, {
SASL_CB_PASS, (sasl_callback_ft)&getsecret, NULL
}, {
SASL_CB_LIST_END, NULL, NULL
}
};
Use libSaslClient from saslimpl.cpp to choose the mechanism and service. This initializes the client. And use this client in TSaslTransport to open a connection and communicate with the server.
map<string, string> props;
sasl::libSaslClient libSaslClient("PLAIN", "", "ldap", "host", props, callbacks);
boost::shared_ptr<TSaslTransport> tsaslTransport(new TSaslTransport(&libSaslClient, transport));
tsaslTransport->open();
tsaslTransport->close();
On successful open you will be able to communicate with a secure cluster given the right username and password.