/// <exception cref="Javax.Security.Sasl.SaslException"/> public virtual byte[] EvaluateResponse(byte[] response) { if (completed) { throw new InvalidOperationException("PLAIN authentication has completed"); } if (response == null) { throw new ArgumentException("Received null response"); } try { string payload; try { payload = Runtime.GetStringForBytes(response, "UTF-8"); } catch (Exception e) { throw new ArgumentException("Received corrupt response", e); } // [ authz, authn, password ] string[] parts = payload.Split("\u0000", 3); if (parts.Length != 3) { throw new ArgumentException("Received corrupt response"); } if (parts[0].IsEmpty()) { // authz = authn parts[0] = parts[1]; } NameCallback nc = new NameCallback("SASL PLAIN"); nc.SetName(parts[1]); PasswordCallback pc = new PasswordCallback("SASL PLAIN", false); pc.SetPassword(parts[2].ToCharArray()); AuthorizeCallback ac = new AuthorizeCallback(parts[1], parts[0]); cbh.Handle(new Javax.Security.Auth.Callback.Callback[] { nc, pc, ac }); if (ac.IsAuthorized()) { authz = ac.GetAuthorizedID(); } } catch (Exception e) { throw new SaslException("PLAIN auth failed: " + e.Message); } finally { completed = true; } return(null); }
/// <exception cref="System.IO.IOException"/> /// <exception cref="Javax.Security.Auth.Callback.UnsupportedCallbackException"/> public void Handle(Javax.Security.Auth.Callback.Callback[] callbacks) { NameCallback nc = null; PasswordCallback pc = null; AuthorizeCallback ac = null; foreach (Javax.Security.Auth.Callback.Callback callback in callbacks) { if (callback is AuthorizeCallback) { ac = (AuthorizeCallback)callback; } else { if (callback is PasswordCallback) { pc = (PasswordCallback)callback; } else { if (callback is NameCallback) { nc = (NameCallback)callback; } else { if (callback is RealmCallback) { continue; } else { // realm is ignored throw new UnsupportedCallbackException(callback, "Unrecognized SASL DIGEST-MD5 Callback: " + callback); } } } } } if (pc != null) { pc.SetPassword(passwordFunction.Apply(nc.GetDefaultName())); } if (ac != null) { ac.SetAuthorized(true); ac.SetAuthorizedID(ac.GetAuthorizationID()); } }
/// <exception cref="Javax.Security.Auth.Callback.UnsupportedCallbackException"/> public virtual void Handle(Javax.Security.Auth.Callback.Callback[] callbacks) { AuthorizeCallback ac = null; foreach (Javax.Security.Auth.Callback.Callback callback in callbacks) { if (callback is AuthorizeCallback) { ac = (AuthorizeCallback)callback; } else { throw new UnsupportedCallbackException(callback, "Unrecognized SASL GSSAPI Callback" ); } } if (ac != null) { string authid = ac.GetAuthenticationID(); string authzid = ac.GetAuthorizationID(); if (authid.Equals(authzid)) { ac.SetAuthorized(true); } else { ac.SetAuthorized(false); } if (ac.IsAuthorized()) { if (Log.IsDebugEnabled()) { Log.Debug("SASL server GSSAPI callback: setting " + "canonicalized client ID: " + authzid); } ac.SetAuthorizedID(authzid); } } }
/// <exception cref="Org.Apache.Hadoop.Security.Token.SecretManager.InvalidToken"/> /// <exception cref="Javax.Security.Auth.Callback.UnsupportedCallbackException"/> /// <exception cref="Org.Apache.Hadoop.Ipc.StandbyException"/> /// <exception cref="Org.Apache.Hadoop.Ipc.RetriableException"/> /// <exception cref="System.IO.IOException"/> public virtual void Handle(Javax.Security.Auth.Callback.Callback[] callbacks) { NameCallback nc = null; PasswordCallback pc = null; AuthorizeCallback ac = null; foreach (Javax.Security.Auth.Callback.Callback callback in callbacks) { if (callback is AuthorizeCallback) { ac = (AuthorizeCallback)callback; } else { if (callback is NameCallback) { nc = (NameCallback)callback; } else { if (callback is PasswordCallback) { pc = (PasswordCallback)callback; } else { if (callback is RealmCallback) { continue; } else { // realm is ignored throw new UnsupportedCallbackException(callback, "Unrecognized SASL DIGEST-MD5 Callback" ); } } } } } if (pc != null) { TokenIdentifier tokenIdentifier = GetIdentifier(nc.GetDefaultName(), secretManager ); char[] password = GetPassword(tokenIdentifier); UserGroupInformation user = null; user = tokenIdentifier.GetUser(); // may throw exception connection.attemptingUser = user; if (Log.IsDebugEnabled()) { Log.Debug("SASL server DIGEST-MD5 callback: setting password " + "for client: " + tokenIdentifier.GetUser()); } pc.SetPassword(password); } if (ac != null) { string authid = ac.GetAuthenticationID(); string authzid = ac.GetAuthorizationID(); if (authid.Equals(authzid)) { ac.SetAuthorized(true); } else { ac.SetAuthorized(false); } if (ac.IsAuthorized()) { if (Log.IsDebugEnabled()) { string username = GetIdentifier(authzid, secretManager).GetUser().GetUserName(); Log.Debug("SASL server DIGEST-MD5 callback: setting " + "canonicalized client ID: " + username); } ac.SetAuthorizedID(authzid); } } }