@Override public void channelActive(ChannelHandlerContext ctx) { // register the newly established channel Channel channel = ctx.channel(); LOG.info("Connection established from {} to {}", channel.localAddress(), channel.remoteAddress()); try { KerberosSaslNettyClient saslNettyClient = channel.attr(KerberosSaslNettyClientState.KERBEROS_SASL_NETTY_CLIENT).get(); if (saslNettyClient == null) { LOG.debug("Creating saslNettyClient now for channel: {}", channel); saslNettyClient = new KerberosSaslNettyClient(topoConf, jaas_section, host); channel.attr(KerberosSaslNettyClientState.KERBEROS_SASL_NETTY_CLIENT).set(saslNettyClient); } LOG.debug("Going to initiate Kerberos negotiations."); byte[] initialChallenge = saslNettyClient.saslResponse(new SaslMessageToken(new byte[0])); LOG.debug("Sending initial challenge: {}", initialChallenge); channel.writeAndFlush(new SaslMessageToken(initialChallenge), channel.voidPromise()); } catch (Exception e) { LOG.error("Failed to authenticate with server due to error: ", e); } }
private void handleSaslMessageToken(ChannelHandlerContext ctx, SaslMessageToken saslMessageToken) throws Exception { Channel channel = ctx.channel(); KerberosSaslNettyClient saslNettyClient = getChannelSaslClient(channel); LOG.debug("Responding to server's token of length: {}", saslMessageToken.getSaslToken().length); // Generate SASL response (but we only actually send the response if // it's non-null. byte[] responseToServer = saslNettyClient.saslResponse(saslMessageToken); if (responseToServer == null) { // If we generate a null response, then authentication has completed // (if not, warn), and return without sending a response back to the // server. LOG.debug("Response to server is null: authentication should now be complete."); if (!saslNettyClient.isComplete()) { LOG.warn("Generated a null response, but authentication is not complete."); throw new Exception("Our reponse to the server is null, but as far as we can tell, we are not authenticated yet."); } this.client.channelReady(channel); } else { LOG.debug("Response to server token has length: {}", responseToServer.length); // Construct a message containing the SASL response and send it to the server. SaslMessageToken saslResponse = new SaslMessageToken(responseToServer); channel.writeAndFlush(saslResponse, channel.voidPromise()); } }
private void handleControlMessage(ChannelHandlerContext ctx, ControlMessage controlMessage) throws Exception { Channel channel = ctx.channel(); KerberosSaslNettyClient saslNettyClient = getChannelSaslClient(channel); if (controlMessage == ControlMessage.SASL_COMPLETE_REQUEST) { LOG.debug("Server has sent us the SaslComplete message. Allowing normal work to proceed."); if (!saslNettyClient.isComplete()) { String errorMessage = "Server returned a Sasl-complete message, but as far as we can tell, we are not authenticated yet."; LOG.error(errorMessage); throw new Exception(errorMessage); } ctx.pipeline().remove(this); this.client.channelReady(channel); // We call fireChannelRead since the client is allowed to // perform this request. The client's request will now proceed // to the next pipeline component namely StormClientHandler. ctx.fireChannelRead(controlMessage); } else { LOG.warn("Unexpected control message: {}", controlMessage); } }
LOG.debug("Server has sent us the SaslComplete message. Allowing normal work to proceed."); if (!saslNettyClient.isComplete()) { String message = "Server returned a Sasl-complete message, but as far as we can tell, we are not authenticated yet."; LOG.error(message); .saslResponse(saslTokenMessage); if (responseToServer == null) { if (!saslNettyClient.isComplete()) { LOG.warn("Generated a null response, but authentication is not complete."); throw new Exception("Our reponse to the server is null, but as far as we can tell, we are not authenticated yet.");
@Override public void channelConnected(ChannelHandlerContext ctx, ChannelStateEvent event) { // register the newly established channel Channel channel = ctx.getChannel(); client.channelConnected(channel); LOG.info("Connection established from {} to {}", channel.getLocalAddress(), channel.getRemoteAddress()); try { KerberosSaslNettyClient saslNettyClient = KerberosSaslNettyClientState.getKerberosSaslNettyClient .get(channel); if (saslNettyClient == null) { LOG.debug("Creating saslNettyClient now for channel: {}", channel); saslNettyClient = new KerberosSaslNettyClient(storm_conf, jaas_section, host); KerberosSaslNettyClientState.getKerberosSaslNettyClient.set(channel, saslNettyClient); } LOG.debug("Going to initiate Kerberos negotiations."); byte[] initialChallenge = saslNettyClient.saslResponse(new SaslMessageToken(new byte[0])); LOG.debug("Sending initial challenge: {}", initialChallenge); channel.write(new SaslMessageToken(initialChallenge)); } catch (Exception e) { LOG.error("Failed to authenticate with server due to error: ", e); } return; }