private RpcSaslProto buildNegotiateResponse(List<AuthMethod> authMethods) throws IOException { RpcSaslProto.Builder negotiateBuilder = RpcSaslProto.newBuilder(); if (authMethods.contains(AuthMethod.SIMPLE) && authMethods.size() == 1) { // SIMPLE-only servers return success in response to negotiate negotiateBuilder.setState(SaslState.SUCCESS); } else { negotiateBuilder.setState(SaslState.NEGOTIATE); for (AuthMethod authMethod : authMethods) { SaslRpcServer saslRpcServer = new SaslRpcServer(authMethod); SaslAuth.Builder builder = negotiateBuilder.addAuthsBuilder() .setMethod(authMethod.toString()) .setMechanism(saslRpcServer.mechanism); if (saslRpcServer.protocol != null) { builder.setProtocol(saslRpcServer.protocol); } if (saslRpcServer.serverId != null) { builder.setServerId(saslRpcServer.serverId); } } } return negotiateBuilder.build(); }
private static void setAuthModeInConf(Configuration conf) { conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, SaslRpcServer.AuthMethod.TOKEN.toString()); }
@Before public void setup() { LOG.info("---------------------------------"); LOG.info("Testing QOP:"+ getQOPNames(qop)); LOG.info("---------------------------------"); conf = new Configuration(); // the specific tests for kerberos will enable kerberos. forcing it // for all tests will cause tests to fail if the user has a TGT conf.set(HADOOP_SECURITY_AUTHENTICATION, SIMPLE.toString()); conf.set(HADOOP_RPC_PROTECTION, getQOPNames(qop)); if (saslPropertiesResolver != null){ conf.set(CommonConfigurationKeys.HADOOP_SECURITY_SASL_PROPS_RESOLVER_CLASS, saslPropertiesResolver); } UserGroupInformation.setConfiguration(conf); enableSecretManager = null; forceSecretManager = null; clientFallBackToSimpleAllowed = true; }
serverConf.set( CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, SaslRpcServer.AuthMethod.TOKEN.toString());
serverConf.set( CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, SaslRpcServer.AuthMethod.TOKEN.toString()); this.server = getServer(rpc, serverConf, masterServiceAddress, this.rmContext.getAMRMTokenSecretManager());
@Override protected void serviceStart() throws Exception { LOG.info("Starting AMRMProxyService"); Configuration conf = getConfig(); YarnRPC rpc = YarnRPC.create(conf); UserGroupInformation.setConfiguration(conf); this.listenerEndpoint = conf.getSocketAddr(YarnConfiguration.AMRM_PROXY_ADDRESS, YarnConfiguration.DEFAULT_AMRM_PROXY_ADDRESS, YarnConfiguration.DEFAULT_AMRM_PROXY_PORT); Configuration serverConf = new Configuration(conf); serverConf.set( CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, SaslRpcServer.AuthMethod.TOKEN.toString()); int numWorkerThreads = serverConf.getInt( YarnConfiguration.AMRM_PROXY_CLIENT_THREAD_COUNT, YarnConfiguration.DEFAULT_AMRM_PROXY_CLIENT_THREAD_COUNT); this.secretManager = new AMRMProxyTokenSecretManager(serverConf); this.secretManager.start(); this.server = rpc.getServer(ApplicationMasterProtocol.class, this, listenerEndpoint, serverConf, this.secretManager, numWorkerThreads); this.server.start(); LOG.info("AMRMProxyService listening on address: " + this.server.getListenerAddress()); super.serviceStart(); }
private RpcSaslProto buildNegotiateResponse(List<AuthMethod> authMethods) throws IOException { RpcSaslProto.Builder negotiateBuilder = RpcSaslProto.newBuilder(); if (authMethods.contains(AuthMethod.SIMPLE) && authMethods.size() == 1) { // SIMPLE-only servers return success in response to negotiate negotiateBuilder.setState(SaslState.SUCCESS); } else { negotiateBuilder.setState(SaslState.NEGOTIATE); for (AuthMethod authMethod : authMethods) { SaslRpcServer saslRpcServer = new SaslRpcServer(authMethod); SaslAuth.Builder builder = negotiateBuilder.addAuthsBuilder() .setMethod(authMethod.toString()) .setMechanism(saslRpcServer.mechanism); if (saslRpcServer.protocol != null) { builder.setProtocol(saslRpcServer.protocol); } if (saslRpcServer.serverId != null) { builder.setServerId(saslRpcServer.serverId); } } } return negotiateBuilder.build(); }
private RpcSaslProto buildNegotiateResponse(List<AuthMethod> authMethods) throws IOException { RpcSaslProto.Builder negotiateBuilder = RpcSaslProto.newBuilder(); if (authMethods.contains(AuthMethod.SIMPLE) && authMethods.size() == 1) { // SIMPLE-only servers return success in response to negotiate negotiateBuilder.setState(SaslState.SUCCESS); } else { negotiateBuilder.setState(SaslState.NEGOTIATE); for (AuthMethod authMethod : authMethods) { SaslRpcServer saslRpcServer = new SaslRpcServer(authMethod); SaslAuth.Builder builder = negotiateBuilder.addAuthsBuilder() .setMethod(authMethod.toString()) .setMechanism(saslRpcServer.mechanism); if (saslRpcServer.protocol != null) { builder.setProtocol(saslRpcServer.protocol); } if (saslRpcServer.serverId != null) { builder.setServerId(saslRpcServer.serverId); } } } return negotiateBuilder.build(); }
@Override public String run() throws IOException { TestSaslProtocol proxy = null; try { proxy = RPC.getProxy(TestSaslProtocol.class, TestSaslProtocol.versionID, addr, clientConf); proxy.ping(); // make sure the other side thinks we are who we said we are!!! assertEquals(clientUgi.getUserName(), proxy.getAuthUser()); AuthMethod authMethod = proxy.getAuthMethod(); // verify sasl completed with correct QOP assertEquals((authMethod != SIMPLE) ? expectedQop.saslQop : null, RPC.getConnectionIdForProxy(proxy).getSaslQop()); return authMethod.toString(); } finally { if (proxy != null) { RPC.stopProxy(proxy); } } } });
private RpcSaslProto buildNegotiateResponse(List<AuthMethod> authMethods) throws IOException { RpcSaslProto.Builder negotiateBuilder = RpcSaslProto.newBuilder(); if (authMethods.contains(AuthMethod.SIMPLE) && authMethods.size() == 1) { // SIMPLE-only servers return success in response to negotiate negotiateBuilder.setState(SaslState.SUCCESS); } else { negotiateBuilder.setState(SaslState.NEGOTIATE); for (AuthMethod authMethod : authMethods) { SaslRpcServer saslRpcServer = new SaslRpcServer(authMethod); SaslAuth.Builder builder = negotiateBuilder.addAuthsBuilder() .setMethod(authMethod.toString()) .setMechanism(saslRpcServer.mechanism); if (saslRpcServer.protocol != null) { builder.setProtocol(saslRpcServer.protocol); } if (saslRpcServer.serverId != null) { builder.setServerId(saslRpcServer.serverId); } } } return negotiateBuilder.build(); }
private RpcSaslProto buildNegotiateResponse(List<AuthMethod> authMethods) throws IOException { RpcSaslProto.Builder negotiateBuilder = RpcSaslProto.newBuilder(); if (authMethods.contains(AuthMethod.SIMPLE) && authMethods.size() == 1) { // SIMPLE-only servers return success in response to negotiate negotiateBuilder.setState(SaslState.SUCCESS); } else { negotiateBuilder.setState(SaslState.NEGOTIATE); for (AuthMethod authMethod : authMethods) { SaslRpcServer saslRpcServer = new SaslRpcServer(authMethod); SaslAuth.Builder builder = negotiateBuilder.addAuthsBuilder() .setMethod(authMethod.toString()) .setMechanism(saslRpcServer.mechanism); if (saslRpcServer.protocol != null) { builder.setProtocol(saslRpcServer.protocol); } if (saslRpcServer.serverId != null) { builder.setServerId(saslRpcServer.serverId); } } } return negotiateBuilder.build(); }
@Before public void setup() { LOG.info("---------------------------------"); LOG.info("Testing QOP:"+ getQOPNames(qop)); LOG.info("---------------------------------"); conf = new Configuration(); // the specific tests for kerberos will enable kerberos. forcing it // for all tests will cause tests to fail if the user has a TGT conf.set(HADOOP_SECURITY_AUTHENTICATION, SIMPLE.toString()); conf.set(HADOOP_RPC_PROTECTION, getQOPNames(qop)); if (saslPropertiesResolver != null){ conf.set(CommonConfigurationKeys.HADOOP_SECURITY_SASL_PROPS_RESOLVER_CLASS, saslPropertiesResolver); } UserGroupInformation.setConfiguration(conf); enableSecretManager = null; forceSecretManager = null; clientFallBackToSimpleAllowed = true; }
@Override public String run() throws IOException { TestSaslProtocol proxy = null; try { proxy = RPC.getProxy(TestSaslProtocol.class, TestSaslProtocol.versionID, addr, clientConf); proxy.ping(); // make sure the other side thinks we are who we said we are!!! assertEquals(clientUgi.getUserName(), proxy.getAuthUser()); AuthMethod authMethod = proxy.getAuthMethod(); // verify sasl completed with correct QOP assertEquals((authMethod != SIMPLE) ? expectedQop.saslQop : null, RPC.getConnectionIdForProxy(proxy).getSaslQop()); return authMethod.toString(); } finally { if (proxy != null) { RPC.stopProxy(proxy); } } } });
@Override public String getAuthType() { return (ugiF != null) ? handlerAuthMethod.toString() : null; }
@Override public String getAuthType() { return (ugiF != null) ? handlerAuthMethod.toString() : null; }
private static void assertAuthEquals(AuthMethod expect, String actual) { assertEquals(expect.toString(), actual); }
private static void assertAuthEquals(AuthMethod expect, String actual) { assertEquals(expect.toString(), actual); }
@Override public String getAuthType() { return (ugiF != null) ? handlerAuthMethod.toString() : null; }
@Override public String getAuthType() { return (ugiF != null) ? handlerAuthMethod.toString() : null; }
@Override public String getAuthType() { return (ugiF != null) ? handlerAuthMethod.toString() : null; }