public static TTransport createSubjectAssumedTransport(String principal, TTransport underlyingTransport, Map<String, String> saslProps) throws IOException { String[] names = principal.split("[/@]"); try { TTransport saslTransport = new TSaslClientTransport("GSSAPI", null, names[0], names[1], saslProps, null, underlyingTransport); return new TSubjectAssumingTransport(saslTransport); } catch (SaslException se) { throw new IOException("Could not instantiate SASL transport", se); } }
private TSocket getUnderlyingSocketFromTransport(TTransport transport) { while (transport != null) { if (transport instanceof TSaslServerTransport) { transport = ((TSaslServerTransport) transport).getUnderlyingTransport(); } if (transport instanceof TSaslClientTransport) { transport = ((TSaslClientTransport) transport).getUnderlyingTransport(); } if (transport instanceof TSocket) { return (TSocket) transport; } } return null; }
@Override public TTransport connect(TTransport transport, String serverHost, String asUser) throws TTransportException, IOException { ClientCallbackHandler client_callback_handler = new ClientCallbackHandler(login_conf); TSaslClientTransport wrapper_transport = new TSaslClientTransport(DIGEST, null, AuthUtils.SERVICE, serverHost, null, client_callback_handler, transport); wrapper_transport.open(); LOG.debug("SASL DIGEST-MD5 client transport has been established"); return wrapper_transport; }
private void callSuperClassOpen() throws FlumeException { try { super.open(); } catch (TTransportException e) { throw new FlumeException("Failed to open SASL transport", e); } } }
/** * Performs the client side of the initial portion of the Thrift SASL * protocol. Generates and sends the initial response to the server, including * which mechanism this client wants to use. */ @Override protected void handleSaslStartMessage() throws TTransportException, SaslException { SaslClient saslClient = getSaslClient(); byte[] initialResponse = new byte[0]; if (saslClient.hasInitialResponse()) initialResponse = saslClient.evaluateChallenge(initialResponse); LOGGER.debug("Sending mechanism name {} and initial response of length {}", mechanism, initialResponse.length); byte[] mechanismBytes; try { mechanismBytes = mechanism.getBytes("UTF-8"); } catch (UnsupportedEncodingException e) { throw new TTransportException(e); } sendSaslMessage(NegotiationStatus.START, mechanismBytes); // Send initial response sendSaslMessage(saslClient.isComplete() ? NegotiationStatus.COMPLETE : NegotiationStatus.OK, initialResponse); underlyingTransport.flush(); } }
@Override public Void run() { try { transport.open(); } catch (TTransportException e) { throw new RuntimeException("Unable to connect to dse server:", e); } return null; } });
/** * Performs the client side of the initial portion of the Thrift SASL * protocol. Generates and sends the initial response to the server, including * which mechanism this client wants to use. */ @Override protected void handleSaslStartMessage() throws TTransportException, SaslException { SaslClient saslClient = getSaslClient(); byte[] initialResponse = new byte[0]; if (saslClient.hasInitialResponse()) initialResponse = saslClient.evaluateChallenge(initialResponse); LOGGER.debug("Sending mechanism name {} and initial response of length {}", mechanism, initialResponse.length); byte[] mechanismBytes = mechanism.getBytes(); sendSaslMessage(NegotiationStatus.START, mechanismBytes); // Send initial response sendSaslMessage(saslClient.isComplete() ? NegotiationStatus.COMPLETE : NegotiationStatus.OK, initialResponse); underlyingTransport.flush(); } }
public static TTransport getPlainTransport(String username, String password, TTransport underlyingTransport) throws SaslException { return new TSaslClientTransport("PLAIN", null, null, null, new HashMap<String, String>(), new PlainCallbackHandler(username, password), underlyingTransport); }
private TSocket getUnderlyingSocketFromTransport(TTransport transport) { while (transport != null) { if (transport instanceof TSaslServerTransport) { transport = ((TSaslServerTransport) transport).getUnderlyingTransport(); } if (transport instanceof TSaslClientTransport) { transport = ((TSaslClientTransport) transport).getUnderlyingTransport(); } if (transport instanceof TSocket) { return (TSocket) transport; } } return null; }
private void baseOpen() throws TTransportException { super.open(); } }
/** * Performs the client side of the initial portion of the Thrift SASL * protocol. Generates and sends the initial response to the server, including * which mechanism this client wants to use. */ @Override protected void handleSaslStartMessage() throws TTransportException, SaslException { SaslClient saslClient = getSaslClient(); byte[] initialResponse = new byte[0]; if (saslClient.hasInitialResponse()) initialResponse = saslClient.evaluateChallenge(initialResponse); LOGGER.debug("Sending mechanism name {} and initial response of length {}", mechanism, initialResponse.length); byte[] mechanismBytes = mechanism.getBytes(); sendSaslMessage(NegotiationStatus.START, mechanismBytes); // Send initial response sendSaslMessage(saslClient.isComplete() ? NegotiationStatus.COMPLETE : NegotiationStatus.OK, initialResponse); underlyingTransport.flush(); } }
@Override public TUGIAssumingTransport run() throws IOException { TTransport saslTransport = new TSaslClientTransport( method.getMechanismName(), null, names[0], names[1], saslProps, null, underlyingTransport); return new TUGIAssumingTransport(saslTransport, UserGroupInformation.getCurrentUser()); } });
private TSocket getUnderlyingSocketFromTransport(TTransport transport) { while (transport != null) { if (transport instanceof TSaslServerTransport) { transport = ((TSaslServerTransport) transport).getUnderlyingTransport(); } if (transport instanceof TSaslClientTransport) { transport = ((TSaslClientTransport) transport).getUnderlyingTransport(); } if (transport instanceof TSocket) { return (TSocket) transport; } } return null; }
private void baseOpen() throws TTransportException { super.open(); } }
@Override public TTransport authenticate(TTransport rawTransport, String hiveMetastoreHost) { try { String serverPrincipal = getServerPrincipal(hiveMetastoreServicePrincipal, hiveMetastoreHost); String[] names = SaslRpcServer.splitKerberosName(serverPrincipal); checkState(names.length == 3, "Kerberos principal name does NOT have the expected hostname part: %s", serverPrincipal); Map<String, String> saslProps = ImmutableMap.of( Sasl.QOP, hdfsWireEncryptionEnabled ? "auth-conf" : "auth", Sasl.SERVER_AUTH, "true"); TTransport saslTransport = new TSaslClientTransport( KERBEROS.getMechanismName(), null, names[0], names[1], saslProps, null, rawTransport); return new TUGIAssumingTransport(saslTransport, authentication.getUserGroupInformation()); } catch (IOException e) { throw new UncheckedIOException(e); } } }
private TSocket getUnderlyingSocketFromTransport(TTransport transport) { while (transport != null) { if (transport instanceof TSaslServerTransport) { transport = ((TSaslServerTransport) transport).getUnderlyingTransport(); } if (transport instanceof TSaslClientTransport) { transport = ((TSaslClientTransport) transport).getUnderlyingTransport(); } if (transport instanceof TSocket) { return (TSocket) transport; } } return null; }
private void baseOpen() throws TTransportException { super.open(); } }
final TTransport sasalTransport = new TSaslClientTransport(KERBEROS, principal, serviceName, serverHost, props, null, transport);
private TSocket getUnderlyingSocketFromTransport(TTransport transport) { while (transport != null) { if (transport instanceof TSaslServerTransport) { transport = ((TSaslServerTransport) transport).getUnderlyingTransport(); } if (transport instanceof TSaslClientTransport) { transport = ((TSaslClientTransport) transport).getUnderlyingTransport(); } if (transport instanceof TSocket) { return (TSocket) transport; } } return null; }
private void baseOpen() throws TTransportException { super.open(); } }