| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This PR is about adding SSL support for zkPython, based on the C-binding. I also fixed the zkpython ant build to work with the current maven top-level build. I also added a new python test case to try to connect to ZooKeeper with SSL.
You can test this patch in the following way:
```
# cleanup everything, just to be on the safe side:
git clean -xdf
# on ubuntu 16.4 make sure you have the following packages installed
apt-get install -y libcppunit-dev openssl libssl-dev python-setuptools python2.7 python2.7-dev
# make a full build (incl. C-client)
mvn clean install -DskipTests -Pfull-build
# we only support python2, so e.g. on ubuntu 18.4 you need to switch to python2
update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
# compile and test zkpython
cd zookeeper-contrib/zookeeper-contrib-zkpython/
ant compile
ant test
```
Author: Mate Szalay-Beko <szalay.beko.mate@gmail.com>
Reviewers: andor@apache.org
Closes #1121 from symat/ZOOKEEPER-3567 and squashes the following commits:
a5839cb56 [Mate Szalay-Beko] Merge remote-tracking branch 'apache/master' into ZOOKEEPER-3567
d25d61024 [Mate Szalay-Beko] ZOOKEEPER-3567: fix build issues after top-level ant removal
a8869c969 [Mate Szalay-Beko] Merge remote-tracking branch 'apache/master' into HEAD
b92f686e8 [Mate Szalay-Beko] ZOOKEEPER-3567: fix license check issue
0150986da [Mate Szalay-Beko] ZOOKEEPER-3567: removing code duplication: re-use test SSL certificate generator from C-client tests
7d91359d3 [Mate Szalay-Beko] ZOOKEEPER-3567: add SSL support for zkpython
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a "respin" of https://github.com/apache/zookeeper/pull/1054, which I withdrew due to some annoying shortcomings.
This changeset allows C clients to use SASL to authenticate with the ZooKeeper server. It is loosely based on patches #1 and #2 by Tom Klonikowski, at https://reviews.apache.org/r/2252/, but the result has been extensively reworked to follow the semantics of the Java client:
* No SASL operations are exposed through the API;
* The configuration is provided, and stored, at "handle init time";
* SASL authentication is automatically performed after each (re)connect.
It introduces an optional dependency on the Cyrus SASL library, which can either be autodetected (default) or configured using the `--without-sasl`/`--with-sasl[=DIR]` flags, or -DWITH_CYRUS_SASL for CMake/Windows.
`TestServerRequireClientSASLAuth.cc` has been renamed to `TestSASLAuth.cc`, and a test has been added which successfully (re)authenticates using the `DIGEST-MD5` mechanism. The code has also been used to successfully authenticate clients via `GSSAPI`/Kerberos.
This commit also adds SASL support to the `cli.c` client.
Co-authored-by: Tom Klonikowski <klonik_tinformatik.haw-hamburg.de>
Author: Damien Diederen <dd@crosstwine.com>
Reviewers: Mate Szalay-Beko <szalay.beko.mate@gmail.com>, Norbert Kalmar <nkalmar@apache.org>
Closes #1134 from ztzg/ZOOKEEPER-1112-c-client-sasl-support-v2
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
**Thanks for ztzg for raising the issue and suggesting the solution!**
In this patch we enhance the way how the openssl library is found during C client build. I introduced and documented a new build parameter for `configure` (`--with-openssl=...`), `cmake` (`-D WITH_OPENSSL=...`) and `mvn` (`-Dc-client-openssl=...`), so independent of the build tool, the build will work the same way:
- By default, the OpenSSL library will be autodetected. If the library is found, then the C-client will be compiled with SSL support, otherwise we get a warning message, but the build will continue without SSL support. The SSL related unit tests will be skipped as well.
- you can explicitly disable the SSL support (e.g. `-Dc-client-openssl=no`)
- or you can specify an alternative path to look for the openssl library (e.g. `-Dc-client-openssl=/path/to/openssl`)
I tested the patch
- using mvn on linux
- using make on linux
- using cmake on linux and on windows
In addition, I also added the openssl dependencies to the dev docker image and copied the OpenSSL license to the C client LICENSE file.
Author: Mate Szalay-Beko <szalay.beko.mate@gmail.com>
Reviewers: Enrico Olivelli <eolivelli@apache.org>, Norbert Kalmar <nkalmar@cloudera.com>, Damien Diederen
Closes #1159 from symat/ZOOKEEPER-3630
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This PR is based on the works of Asnish Amarnath and Suhas Dantkale. Most of the kudos should go to them and those who were reviewing all the previous PRs.
**The PR includes the following changes from PR#639:**
- OPENSSL 1.1.1 version support in C-client
**The PR includes the following changes from PR#990:**
- also supporting OPENSSL 1.0.2
- SSL connection on non-blocking socket is handled correctly
- Support of Certificate Chains
- Fix Memory leaks
- Dynamically generated test certificates
**The following new changes were added into the PR:**
- fix CMake + VisualStudio2019 build with windows
- fix C CLI to compile / work both with windows and linux (I tested them manually)
- fix (and simplify) the way how the server is started with C unit tests, so it is compatible with maven build now
- the test case `testReadOnly` was failing with the previous PR because there was a bug in the C-client code, I fixed that
- I also added new test case: `testReadOnlyWithSSL`
**Testing this PR on linux:**
```
git clean -xdf
# compile ZooKeeper server plus the C-client code
mvn clean install -DskipTests -Pfull-build
# compile and execute C-client unit tests
cd zookeeper-client/
mvn clean install -Pfull-build
```
**Compile the code on windows (only cmake is supported):**
- download C-Make: https://cmake.org/download/
- Install community edition of Visual Studio: https://visualstudio.microsoft.com/downloads/
- Download OpenSSL (e.g. 1.0.2): https://slproweb.com/products/Win32OpenSSL.html (e.g. install it to `c:\OpenSSL-Win64`)
- compile the java code using: `mvn clean install -DskipTests`
- go to the Client folder: `cd zookeeper-client\zookeeper-client-c`
- configure the project: `cmake . -D WITH_OPENSSL=c:\OpenSSL-Win64`
- build the project: `cmake --build .`
**Testing the C-client with SSL manually:**
- run the `zookeeper-client/zookeeper-client-c/ssl/gencerts.sh` to generate certificate files (e.g. copy it to an empty folder like `/tmp/ssl/` and start is)
- start a ZooKeeper server, using some config file like this one:
```
tickTime=3000
initLimit=10
syncLimit=5
dataDir=/tmp/zkdata
secureClientPort=22281
serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
ssl.keyStore.location=/tmp/ssl/server.jks
ssl.keyStore.password=password
ssl.trustStore.location=/tmp/ssl/servertrust.jks
ssl.trustStore.password=password
```
- start the command line client (cli.exe on windows, cli_mt or cli_st on linux): `./cli_mt --host localhost:22281 --ssl /tmp/ssl/server.crt,/tmp/ssl/client.crt,/tmp/ssl/clientkey.pem,password`
Author: Mate Szalay-Beko <szalay.beko.mate@gmail.com>
Author: Mate Szalay-Beko <mszalay@cloudera.com>
Reviewers: andor@apache.org
Closes #1107 from symat/ZOOKEEPER-2122 and squashes the following commits:
08294ce91 [Mate Szalay-Beko] ZOOKEEPER-2122: update readme + use FQDN in SSL certs during testing
17e504a98 [Mate Szalay-Beko] Merge remote-tracking branch 'apache/master' into ZOOKEEPER-2122
317241d13 [Mate Szalay-Beko] ZOOKEEPER-2122: minor fix in SSL certificates used for testing
6f37b6653 [Mate Szalay-Beko] Merge remote-tracking branch 'apache/master' into HEAD
980914313 [Mate Szalay-Beko] ZOOKEEPER-2122: add SSL support for C-client
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- drop Ant and Ivy files
- drop old Cobertura README file
- drop old jdiff file
Author: Enrico Olivelli <enrico.olivelli@diennea.com>
Author: Enrico Olivelli <eolivelli@apache.org>
Reviewers: Norbert Kalmar <nkalmar@apache.org>
Closes #1139 from eolivelli/fix/drop-ant
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During the old ZooKeeper 3.4 ant builds (ant package-native), there was an artifact (zookeeper-<version>-lib.tar.gz) created just for the C-client, with the following content:
```
usr
|--- bin
|--- cli_mt
|--- cli_st
|--- load_gen
|--- include
|--- zookeeper
|--- proto.h
|--- recordio.h
|--- zookeeper.h
|--- zookeeper.jute.h
|--- zookeeper_log.h
|--- zookeeper_version.h
|--- lib
|--- libzookeeper_mt.a
|--- libzookeeper_mt.la
|--- libzookeeper_mt.so
|--- libzookeeper_mt.so.2
|--- libzookeeper_mt.so.2.0.0
|--- libzookeeper_st.a
|--- libzookeeper_st.la
|--- libzookeeper_st.so
|--- libzookeeper_st.so.2
|--- libzookeeper_st.so.2.0.0
```
Currently with maven, when we are generating a tarball during full-build then the C-client is not getting archived. In [PR-1078](https://github.com/apache/zookeeper/pull/1078) we discussed that we should re-introduce the apache-zookeeper-<version>-lib.tar.gz artifact.
The goals of this PR are:
- re-introduce the 'lib' artifact, with the same structure we had for the older zookeeper 3.4.x ant generated tar file
- we should also add the LICENSE.txt file to the archive (it was missing from the 3.4.x version tar.gz file)
- the new artifact should be generated only when the full-build profile is set for maven
- we should also update the README_packaging.md file
Author: Mate Szalay-Beko <mszalay@cloudera.com>
Reviewers: nkalmar@apache.org, andor@apache.org
Closes #1113 from symat/ZOOKEEPER-3530-PR
|
|
|
Based on eolivelli 's [previous pull request](https://github.com/apache/zookeeper/pull/993) we enhanced now the maven C client build:
- we can compile now the C-client without tests (using the -DskipTests option)
- we can optionally enable the test coverage calculation for the C-client (-Pc-test-coverage)
- we also package the C-client into the binary tarball (when -Pfull-build is used)
- I also updated the README_packaging.md file to make user's life easier (happier? :) )
I tested the build on ubuntu 16.04.
Author: Mate Szalay-Beko <mszalay@cloudera.com>
Author: Enrico Olivelli <eolivelli@apache.org>
Reviewers: nkalmar@apache.org, eolivelli@apache.org, andor@apache.org
Closes #1078 from symat/ZOOKEEPER-3436 and squashes the following commits:
18250df41 [Mate Szalay-Beko] ZOOKEEPER-3436 remove the C binaries from the binary tarball; update the readme files
57b7cd61d [Mate Szalay-Beko] ZOOKEEPER-3436 fixing file permissions of usr/bin/* in binary tarball
a2ac025a0 [Mate Szalay-Beko] ZOOKEEPER-3436 enhance / format README_packaging.md
30eea5e27 [Mate Szalay-Beko] ZOOKEEPER-3436 exclude README_packaging.md from license check
936550e48 [Mate Szalay-Beko] ZOOKEEPER-3436 fixing README_packaging.md
f01029524 [Mate Szalay-Beko] ZOOKEEPER-3436 Enhance Mavenized Make C client
44f6ba5d2 [Enrico Olivelli] Better .gitignore
204603751 [Enrico Olivelli] Enhance Mavenized Make C client
|
