public SaslRpcServer(AuthMethod authMethod) throws IOException { this.authMethod = authMethod; mechanism = authMethod.getMechanismName(); switch (authMethod) { case SIMPLE: {
@Override public TTransport authenticate(TTransport rawTransport, String hiveMetastoreHost) { try { String serverPrincipal = getServerPrincipal(hiveMetastoreServicePrincipal, hiveMetastoreHost); String[] names = SaslRpcServer.splitKerberosName(serverPrincipal); checkState(names.length == 3, "Kerberos principal name does NOT have the expected hostname part: %s", serverPrincipal); Map<String, String> saslProps = ImmutableMap.of( Sasl.QOP, hdfsWireEncryptionEnabled ? "auth-conf" : "auth", Sasl.SERVER_AUTH, "true"); TTransport saslTransport = new TSaslClientTransport( KERBEROS.getMechanismName(), null, names[0], names[1], saslProps, null, rawTransport); return new TUGIAssumingTransport(saslTransport, authentication.getUserGroupInformation()); } catch (IOException e) { throw new UncheckedIOException(e); } } }
public boolean isSASLKerberosUser() { return AuthMethod.KERBEROS.getMechanismName().equals(getUserAuthMechanism()) || AuthMethod.TOKEN.getMechanismName().equals(getUserAuthMechanism()); }
/** * Create a SaslNettyClient for authentication with BSP servers. */ public SaslNettyClient() { try { Token<? extends TokenIdentifier> token = createJobToken(new Configuration()); if (LOG.isDebugEnabled()) { LOG.debug("SaslNettyClient: Creating SASL " + AuthMethod.DIGEST.getMechanismName() + " client to authenticate to service at " + token.getService()); } saslClient = Sasl.createSaslClient( new String[] { AuthMethod.DIGEST.getMechanismName() }, null, null, SaslRpcServer.SASL_DEFAULT_REALM, SaslRpcServer.SASL_PROPS, new SaslClientCallbackHandler(token)); } catch (IOException e) { LOG.error("SaslNettyClient: Could not obtain job token for Netty " + "Client to use to authenticate with a Netty Server."); saslClient = null; } }
private void runNegotiation(CallbackHandler clientCbh, CallbackHandler serverCbh) throws SaslException { String mechanism = AuthMethod.PLAIN.getMechanismName(); SaslClient saslClient = Sasl.createSaslClient( new String[]{ mechanism }, null, null, null, null, clientCbh); assertNotNull(saslClient); SaslServer saslServer = Sasl.createSaslServer( mechanism, null, "localhost", null, serverCbh); assertNotNull("failed to find PLAIN server", saslServer); byte[] response = saslClient.evaluateChallenge(new byte[0]); assertNotNull(response); assertTrue(saslClient.isComplete()); response = saslServer.evaluateResponse(response); assertNull(response); assertTrue(saslServer.isComplete()); assertNotNull(saslServer.getAuthorizationID()); }
private void runNegotiation(CallbackHandler clientCbh, CallbackHandler serverCbh) throws SaslException { String mechanism = AuthMethod.PLAIN.getMechanismName(); SaslClient saslClient = Sasl.createSaslClient( new String[]{ mechanism }, null, null, null, null, clientCbh); assertNotNull(saslClient); SaslServer saslServer = Sasl.createSaslServer( mechanism, null, "localhost", null, serverCbh); assertNotNull("failed to find PLAIN server", saslServer); byte[] response = saslClient.evaluateChallenge(new byte[0]); assertNotNull(response); assertTrue(saslClient.isComplete()); response = saslServer.evaluateResponse(response); assertNull(response); assertTrue(saslServer.isComplete()); assertNotNull(saslServer.getAuthorizationID()); }
private boolean isValidAuthType(SaslAuth authType) { AuthMethod authMethod; try { authMethod = AuthMethod.valueOf(authType.getMethod()); } catch (IllegalArgumentException iae) { // unknown auth authMethod = null; } // do we know what it is? is it using our mechanism? return authMethod != null && authMethod.getMechanismName().equals(authType.getMechanism()); }
public boolean isSASLKerberosUser() { return AuthMethod.KERBEROS.getMechanismName().equals(getUserAuthMechanism()) || AuthMethod.TOKEN.getMechanismName().equals(getUserAuthMechanism()); }
private boolean isValidAuthType(SaslAuth authType) { AuthMethod authMethod; try { authMethod = AuthMethod.valueOf(authType.getMethod()); } catch (IllegalArgumentException iae) { // unknown auth authMethod = null; } // do we know what it is? is it using our mechanism? return authMethod != null && authMethod.getMechanismName().equals(authType.getMechanism()); }
private boolean isValidAuthType(SaslAuth authType) { AuthMethod authMethod; try { authMethod = AuthMethod.valueOf(authType.getMethod()); } catch (IllegalArgumentException iae) { // unknown auth authMethod = null; } // do we know what it is? is it using our mechanism? return authMethod != null && authMethod.getMechanismName().equals(authType.getMechanism()); }
private boolean isValidAuthType(SaslAuth authType) { AuthMethod authMethod; try { authMethod = AuthMethod.valueOf(authType.getMethod()); } catch (IllegalArgumentException iae) { // unknown auth authMethod = null; } // do we know what it is? is it using our mechanism? return authMethod != null && authMethod.getMechanismName().equals(authType.getMechanism()); }
@Override public TUGIAssumingTransport run() throws IOException { TTransport saslTransport = new TSaslClientTransport( method.getMechanismName(), null, names[0], names[1], saslProps, null, underlyingTransport); return new TUGIAssumingTransport(saslTransport, UserGroupInformation.getCurrentUser()); } });
@Override protected String initialValue() { return AuthMethod.KERBEROS.getMechanismName(); } };
String mechanism = method.getMechanismName(); if (LOG.isDebugEnabled()) { LOG.debug("Creating SASL " + mechanism + "(" + method + ") "
if (AuthMethod.PLAIN.getMechanismName().equalsIgnoreCase(mechanismName)) { remoteUser.set(endUser); return wrapped.process(inProt, outProt); if(AuthMethod.TOKEN.getMechanismName().equalsIgnoreCase(mechanismName)) { try { TokenIdentifier tokenId = SaslRpcServer.getIdentifier(authId,
t.decodeFromUrlString(tokenStrForm); saslTransport = new TSaslClientTransport( method.getMechanismName(), null, null, SaslRpcServer.SASL_DEFAULT_REALM,
/** * Create a TSaslServerTransport.Factory that, upon connection of a client * socket, negotiates a Kerberized SASL transport. * * @param saslProps Map of SASL properties */ public TSaslServerTransport.Factory createSaslServerTransportFactory( Map<String, String> saslProps) throws TTransportException { // Parse out the kerberos principal, host, realm. String kerberosName = clientValidationUGI.getUserName(); final String names[] = SaslRpcServer.splitKerberosName(kerberosName); if (names.length != 3) { throw new TTransportException("Kerberos principal should have 3 parts: " + kerberosName); } TSaslServerTransport.Factory transFactory = new TSaslServerTransport.Factory(); transFactory.addServerDefinition( AuthMethod.KERBEROS.getMechanismName(), names[0], names[1], // two parts of kerberos principal saslProps, new SaslRpcServer.SaslGssCallbackHandler()); transFactory.addServerDefinition(AuthMethod.DIGEST.getMechanismName(), null, SaslRpcServer.SASL_DEFAULT_REALM, saslProps, new SaslDigestCallbackHandler(secretManager)); return transFactory; }
private boolean isValidAuthType(SaslAuth authType) { AuthMethod authMethod; try { authMethod = AuthMethod.valueOf(authType.getMethod()); } catch (IllegalArgumentException iae) { // unknown auth authMethod = null; } // do we know what it is? is it using our mechanism? return authMethod != null && authMethod.getMechanismName().equals(authType.getMechanism()); }
@Override protected String initialValue() { return AuthMethod.KERBEROS.getMechanismName(); } };
@Override public TUGIAssumingTransport run() throws IOException { TTransport saslTransport = new TSaslClientTransport( method.getMechanismName(), null, names[0], names[1], saslProps, null, underlyingTransport); return new TUGIAssumingTransport(saslTransport, UserGroupInformation.getCurrentUser()); } });