private void createUserNodeInZk(String principal) throws KeeperException, InterruptedException { synchronized (zooCache) { zooCache.clear(); IZooReaderWriter zoo = context.getZooReaderWriter(); zoo.putPrivatePersistentData(zkUserPath + "/" + principal, new byte[0], NodeExistsPolicy.FAIL); } }
/** * Sets up the user in ZK for the provided user. No checking for existence is done here, it should * be done before calling. */ private void constructUser(String user, byte[] pass) throws KeeperException, InterruptedException { synchronized (zooCache) { zooCache.clear(); IZooReaderWriter zoo = context.getZooReaderWriter(); zoo.putPrivatePersistentData(ZKUserPath + "/" + user, pass, NodeExistsPolicy.FAIL); } }
@Override public void visit(ZooReader zoo, String path) throws Exception { String newPath = path.replace(context.getInstanceID(), newInstanceId); byte[] data = zoo.getData(path, null); List<ACL> acls = orig.getZooKeeper().getACL(path, new Stat()); if (acls.containsAll(Ids.READ_ACL_UNSAFE)) { new_.putPersistentData(newPath, data, NodeExistsPolicy.FAIL); } else { // upgrade if (acls.containsAll(Ids.OPEN_ACL_UNSAFE)) { // make user nodes private, they contain the user's password String parts[] = path.split("/"); if (parts[parts.length - 2].equals("users")) { new_.putPrivatePersistentData(newPath, data, NodeExistsPolicy.FAIL); } else { // everything else can have the readable acl new_.putPersistentData(newPath, data, NodeExistsPolicy.FAIL); } } else { new_.putPrivatePersistentData(newPath, data, NodeExistsPolicy.FAIL); } } } });
private void createUserNodeInZk(String principal) throws KeeperException, InterruptedException { synchronized (zooCache) { zooCache.clear(); IZooReaderWriter zoo = ZooReaderWriter.getInstance(); zoo.putPrivatePersistentData(zkUserPath + "/" + principal, new byte[0], NodeExistsPolicy.FAIL); } }
/** * Sets up the user in ZK for the provided user. No checking for existence is done here, it should * be done before calling. */ private void constructUser(String user, byte[] pass) throws KeeperException, InterruptedException { synchronized (zooCache) { zooCache.clear(); IZooReaderWriter zoo = ZooReaderWriter.getInstance(); zoo.putPrivatePersistentData(ZKUserPath + "/" + user, pass, NodeExistsPolicy.FAIL); } }
/** * Sets up the user in ZK for the provided user. No checking for existence is done here, it should be done before calling. */ private void constructUser(String user, byte[] pass) throws KeeperException, InterruptedException { synchronized (zooCache) { zooCache.clear(); IZooReaderWriter zoo = ZooReaderWriter.getRetryingInstance(); zoo.putPrivatePersistentData(ZKUserPath + "/" + user, pass, NodeExistsPolicy.FAIL); } }
@Override public void visit(ZooReader zoo, String path) throws Exception { String newPath = path.replace(inst.getInstanceID(), newInstanceId); byte[] data = zoo.getData(path, null); List<ACL> acls = orig.getZooKeeper().getACL(path, new Stat()); if (acls.containsAll(Ids.READ_ACL_UNSAFE)) { new_.putPersistentData(newPath, data, NodeExistsPolicy.FAIL); } else { // upgrade if (acls.containsAll(Ids.OPEN_ACL_UNSAFE)) { // make user nodes private, they contain the user's password String parts[] = path.split("/"); if (parts[parts.length - 2].equals("users")) { new_.putPrivatePersistentData(newPath, data, NodeExistsPolicy.FAIL); } else { // everything else can have the readable acl new_.putPersistentData(newPath, data, NodeExistsPolicy.FAIL); } } else { new_.putPrivatePersistentData(newPath, data, NodeExistsPolicy.FAIL); } } } });
public void visit(ZooReader zoo, String path) throws Exception { String newPath = path.replace(inst.getInstanceID(), newInstanceId); byte[] data = zoo.getData(path, null); List<ACL> acls = orig.getZooKeeper().getACL(path, new Stat()); if (acls.containsAll(Ids.READ_ACL_UNSAFE)) { new_.putPersistentData(newPath, data, NodeExistsPolicy.FAIL); } else { // upgrade if (acls.containsAll(Ids.OPEN_ACL_UNSAFE)) { // make user nodes private, they contain the user's password String parts[] = path.split("/"); if (parts[parts.length - 2].equals("users")) { new_.putPrivatePersistentData(newPath, data, NodeExistsPolicy.FAIL); } else { // everything else can have the readable acl new_.putPersistentData(newPath, data, NodeExistsPolicy.FAIL); } } else { new_.putPrivatePersistentData(newPath, data, NodeExistsPolicy.FAIL); } } } });
@Override public void changePassword(String principal, AuthenticationToken token) throws AccumuloSecurityException { if (!(token instanceof PasswordToken)) throw new AccumuloSecurityException(principal, SecurityErrorCode.INVALID_TOKEN); PasswordToken pt = (PasswordToken) token; if (userExists(principal)) { try { synchronized (zooCache) { zooCache.clear(ZKUserPath + "/" + principal); ZooReaderWriter.getRetryingInstance().putPrivatePersistentData(ZKUserPath + "/" + principal, ZKSecurityTool.createPass(pt.getPassword()), NodeExistsPolicy.OVERWRITE); } } catch (KeeperException e) { log.error(e, e); throw new AccumuloSecurityException(principal, SecurityErrorCode.CONNECTION_ERROR, e); } catch (InterruptedException e) { log.error(e, e); throw new RuntimeException(e); } catch (AccumuloException e) { log.error(e, e); throw new AccumuloSecurityException(principal, SecurityErrorCode.DEFAULT_SECURITY_ERROR, e); } } else throw new AccumuloSecurityException(principal, SecurityErrorCode.USER_DOESNT_EXIST); // user doesn't exist }