/// <summary>Start RPC server</summary>
/// <exception cref="System.IO.IOException"/>
internal MiniServer(Configuration conf, string user, string keytabFile)
{
UserGroupInformation.SetConfiguration(conf);
UserGroupInformation.LoginUserFromKeytab(user, keytabFile);
secretManager = new TestDelegationToken.TestDelegationTokenSecretManager(24 * 60
* 60 * 1000, 7 * 24 * 60 * 60 * 1000, 24 * 60 * 60 * 1000, 3600000);
secretManager.StartThreads();
rpcServer = new RPC.Builder(conf).SetProtocol(typeof(MiniRPCBenchmark.MiniProtocol
)).SetInstance(this).SetBindAddress(DefaultServerAddress).SetPort(0).SetNumHandlers
(1).SetVerbose(false).SetSecretManager(secretManager).Build();
rpcServer.Start();
}
/// <exception cref="System.Exception"/>
private void TestDelegationTokenWithinDoAs(Type fileSystemClass, bool proxyUser)
{
Configuration conf = new Configuration();
conf.Set("hadoop.security.authentication", "kerberos");
UserGroupInformation.SetConfiguration(conf);
UserGroupInformation.LoginUserFromKeytab("client", "/Users/tucu/tucu.keytab");
UserGroupInformation ugi = UserGroupInformation.GetLoginUser();
if (proxyUser)
{
ugi = UserGroupInformation.CreateProxyUser("foo", ugi);
}
conf = new Configuration();
UserGroupInformation.SetConfiguration(conf);
ugi.DoAs(new _PrivilegedExceptionAction_248(this, fileSystemClass));
}
public static void Login(Configuration conf, string keytabFileKey, string userNameKey
, string hostname)
{
if (!UserGroupInformation.IsSecurityEnabled())
{
return;
}
string keytabFilename = conf.Get(keytabFileKey);
if (keytabFilename == null || keytabFilename.Length == 0)
{
throw new IOException("Running in secure mode, but config doesn't have a keytab");
}
string principalConfig = conf.Get(userNameKey, Runtime.GetProperty("user.name"));
string principalName = SecurityUtil.GetServerPrincipal(principalConfig, hostname);
UserGroupInformation.LoginUserFromKeytab(principalName, keytabFilename);
}
public virtual void TestUGILoginFromKeytab()
{
UserGroupInformation.SetShouldRenewImmediatelyForTests(true);
string principal = "foo";
FilePath keytab = new FilePath(workDir, "foo.keytab");
kdc.CreatePrincipal(keytab, principal);
UserGroupInformation.LoginUserFromKeytab(principal, keytab.GetPath());
UserGroupInformation ugi = UserGroupInformation.GetLoginUser();
Assert.True("UGI should be configured to login from keytab", ugi
.IsFromKeytab());
// Verify relogin from keytab.
User user = ugi.GetSubject().GetPrincipals <User>().GetEnumerator().Next();
long firstLogin = user.GetLastLogin();
ugi.ReloginFromKeytab();
long secondLogin = user.GetLastLogin();
Assert.True("User should have been able to relogin from keytab"
, secondLogin > firstLogin);
}
/// <exception cref="Org.Apache.Hadoop.Lib.Server.ServiceException"/>
protected internal override void Init()
{
Log.Info("Using FileSystemAccess JARs version [{}]", VersionInfo.GetVersion());
string security = GetServiceConfig().Get(AuthenticationType, "simple").Trim();
if (security.Equals("kerberos"))
{
string defaultName = GetServer().GetName();
string keytab = Runtime.GetProperty("user.home") + "/" + defaultName + ".keytab";
keytab = GetServiceConfig().Get(KerberosKeytab, keytab).Trim();
if (keytab.Length == 0)
{
throw new ServiceException(FileSystemAccessException.ERROR.H01, KerberosKeytab);
}
string principal = defaultName + "/localhost@LOCALHOST";
principal = GetServiceConfig().Get(KerberosPrincipal, principal).Trim();
if (principal.Length == 0)
{
throw new ServiceException(FileSystemAccessException.ERROR.H01, KerberosPrincipal
);
}
Configuration conf = new Configuration();
conf.Set("hadoop.security.authentication", "kerberos");
UserGroupInformation.SetConfiguration(conf);
try
{
UserGroupInformation.LoginUserFromKeytab(principal, keytab);
}
catch (IOException ex)
{
throw new ServiceException(FileSystemAccessException.ERROR.H02, ex.Message, ex);
}
Log.Info("Using FileSystemAccess Kerberos authentication, principal [{}] keytab [{}]"
, principal, keytab);
}
else
{
if (security.Equals("simple"))
{
Configuration conf = new Configuration();
conf.Set("hadoop.security.authentication", "simple");
UserGroupInformation.SetConfiguration(conf);
Log.Info("Using FileSystemAccess simple/pseudo authentication, principal [{}]", Runtime
.GetProperty("user.name"));
}
else
{
throw new ServiceException(FileSystemAccessException.ERROR.H09, security);
}
}
string hadoopConfDirProp = GetServiceConfig().Get(HadoopConfDir, GetServer().GetConfigDir
());
FilePath hadoopConfDir = new FilePath(hadoopConfDirProp).GetAbsoluteFile();
if (!hadoopConfDir.Exists())
{
hadoopConfDir = new FilePath(GetServer().GetConfigDir()).GetAbsoluteFile();
}
if (!hadoopConfDir.Exists())
{
throw new ServiceException(FileSystemAccessException.ERROR.H10, hadoopConfDir);
}
try
{
serviceHadoopConf = LoadHadoopConf(hadoopConfDir);
}
catch (IOException ex)
{
throw new ServiceException(FileSystemAccessException.ERROR.H11, ex.ToString(), ex
);
}
Log.Debug("FileSystemAccess FileSystem configuration:");
foreach (DictionaryEntry entry in serviceHadoopConf)
{
Log.Debug(" {} = {}", entry.Key, entry.Value);
}
SetRequiredServiceHadoopConf(serviceHadoopConf);
nameNodeWhitelist = ToLowerCase(GetServiceConfig().GetTrimmedStringCollection(NameNodeWhitelist
));
}