예제 #1
0
 private bool IsValidAuthType(RpcHeaderProtos.RpcSaslProto.SaslAuth authType)
 {
     SaslRpcServer.AuthMethod authMethod;
     try
     {
         authMethod = SaslRpcServer.AuthMethod.ValueOf(authType.GetMethod());
     }
     catch (ArgumentException)
     {
         // unknown auth
         authMethod = null;
     }
     // do we know what it is?  is it using our mechanism?
     return(authMethod != null && authMethod.GetMechanismName().Equals(authType.GetMechanism
                                                                           ()));
 }
예제 #2
0
        public SaslRpcServer(SaslRpcServer.AuthMethod authMethod)
        {
            this.authMethod = authMethod;
            mechanism       = authMethod.GetMechanismName();
            switch (authMethod)
            {
            case SaslRpcServer.AuthMethod.Simple:
            {
                return;
            }

            case SaslRpcServer.AuthMethod.Token:
            {
                // no sasl for simple
                protocol = string.Empty;
                serverId = SaslRpcServer.SaslDefaultRealm;
                break;
            }

            case SaslRpcServer.AuthMethod.Kerberos:
            {
                string fullName = UserGroupInformation.GetCurrentUser().GetUserName();
                if (Log.IsDebugEnabled())
                {
                    Log.Debug("Kerberos principal name is " + fullName);
                }
                // don't use KerberosName because we don't want auth_to_local
                string[] parts = fullName.Split("[/@]", 3);
                protocol = parts[0];
                // should verify service host is present here rather than in create()
                // but lazy tests are using a UGI that isn't a SPN...
                serverId = (parts.Length < 2) ? string.Empty : parts[1];
                break;
            }

            default:
            {
                // we should never be able to get here
                throw new AccessControlException("Server does not support SASL " + authMethod);
            }
            }
        }
예제 #3
0
        /// <summary>Try to create a SaslClient for an authentication type.</summary>
        /// <remarks>
        /// Try to create a SaslClient for an authentication type.  May return
        /// null if the type isn't supported or the client lacks the required
        /// credentials.
        /// </remarks>
        /// <param name="authType">- the requested authentication method</param>
        /// <returns>SaslClient for the authType or null</returns>
        /// <exception cref="Javax.Security.Sasl.SaslException">- error instantiating client</exception>
        /// <exception cref="System.IO.IOException">- misc errors</exception>
        private SaslClient CreateSaslClient(RpcHeaderProtos.RpcSaslProto.SaslAuth authType
                                            )
        {
            string saslUser = null;
            // SASL requires the client and server to use the same proto and serverId
            // if necessary, auth types below will verify they are valid
            string saslProtocol   = authType.GetProtocol();
            string saslServerName = authType.GetServerId();
            IDictionary <string, string> saslProperties = saslPropsResolver.GetClientProperties
                                                              (serverAddr.Address);
            CallbackHandler saslCallback = null;

            SaslRpcServer.AuthMethod method = SaslRpcServer.AuthMethod.ValueOf(authType.GetMethod
                                                                                   ());
            switch (method)
            {
            case SaslRpcServer.AuthMethod.Token:
            {
                Org.Apache.Hadoop.Security.Token.Token <object> token = GetServerToken(authType);
                if (token == null)
                {
                    return(null);
                }
                // tokens aren't supported or user doesn't have one
                saslCallback = new SaslRpcClient.SaslClientCallbackHandler(token);
                break;
            }

            case SaslRpcServer.AuthMethod.Kerberos:
            {
                if (ugi.GetRealAuthenticationMethod().GetAuthMethod() != SaslRpcServer.AuthMethod
                    .Kerberos)
                {
                    return(null);
                }
                // client isn't using kerberos
                string serverPrincipal = GetServerPrincipal(authType);
                if (serverPrincipal == null)
                {
                    return(null);
                }
                // protocol doesn't use kerberos
                if (Log.IsDebugEnabled())
                {
                    Log.Debug("RPC Server's Kerberos principal name for protocol=" + protocol.GetCanonicalName
                                  () + " is " + serverPrincipal);
                }
                break;
            }

            default:
            {
                throw new IOException("Unknown authentication method " + method);
            }
            }
            string mechanism = method.GetMechanismName();

            if (Log.IsDebugEnabled())
            {
                Log.Debug("Creating SASL " + mechanism + "(" + method + ") " + " client to authenticate to service at "
                          + saslServerName);
            }
            return(Javax.Security.Sasl.Sasl.CreateSaslClient(new string[] { mechanism }, saslUser
                                                             , saslProtocol, saslServerName, saslProperties, saslCallback));
        }