internal virtual void Compare(DatanodeID dn, DatanodeID dn2)
{
NUnit.Framework.Assert.AreEqual(dn.GetIpAddr(), dn2.GetIpAddr());
NUnit.Framework.Assert.AreEqual(dn.GetHostName(), dn2.GetHostName());
NUnit.Framework.Assert.AreEqual(dn.GetDatanodeUuid(), dn2.GetDatanodeUuid());
NUnit.Framework.Assert.AreEqual(dn.GetXferPort(), dn2.GetXferPort());
NUnit.Framework.Assert.AreEqual(dn.GetInfoPort(), dn2.GetInfoPort());
NUnit.Framework.Assert.AreEqual(dn.GetIpcPort(), dn2.GetIpcPort());
}
/// <summary>Sends client SASL negotiation if required.</summary>
/// <remarks>
/// Sends client SASL negotiation if required. Determines the correct type of
/// SASL handshake based on configuration.
/// </remarks>
/// <param name="addr">connection address</param>
/// <param name="underlyingOut">connection output stream</param>
/// <param name="underlyingIn">connection input stream</param>
/// <param name="encryptionKey">for an encrypted SASL handshake</param>
/// <param name="accessToken">connection block access token</param>
/// <param name="datanodeId">ID of destination DataNode</param>
/// <returns>new pair of streams, wrapped after SASL negotiation</returns>
/// <exception cref="System.IO.IOException">for any error</exception>
private IOStreamPair Send(IPAddress addr, OutputStream underlyingOut, InputStream
underlyingIn, DataEncryptionKey encryptionKey, Org.Apache.Hadoop.Security.Token.Token
<BlockTokenIdentifier> accessToken, DatanodeID datanodeId)
{
if (encryptionKey != null)
{
Log.Debug("SASL client doing encrypted handshake for addr = {}, datanodeId = {}",
addr, datanodeId);
return(GetEncryptedStreams(underlyingOut, underlyingIn, encryptionKey));
}
else
{
if (!UserGroupInformation.IsSecurityEnabled())
{
Log.Debug("SASL client skipping handshake in unsecured configuration for " + "addr = {}, datanodeId = {}"
, addr, datanodeId);
return(null);
}
else
{
if (SecurityUtil.IsPrivilegedPort(datanodeId.GetXferPort()))
{
Log.Debug("SASL client skipping handshake in secured configuration with " + "privileged port for addr = {}, datanodeId = {}"
, addr, datanodeId);
return(null);
}
else
{
if (fallbackToSimpleAuth != null && fallbackToSimpleAuth.Get())
{
Log.Debug("SASL client skipping handshake in secured configuration with " + "unsecured cluster for addr = {}, datanodeId = {}"
, addr, datanodeId);
return(null);
}
else
{
if (saslPropsResolver != null)
{
Log.Debug("SASL client doing general handshake for addr = {}, datanodeId = {}", addr
, datanodeId);
return(GetSaslStreams(addr, underlyingOut, underlyingIn, accessToken, datanodeId));
}
else
{
// It's a secured cluster using non-privileged ports, but no SASL. The
// only way this can happen is if the DataNode has
// ignore.secure.ports.for.testing configured, so this is a rare edge case.
Log.Debug("SASL client skipping handshake in secured configuration with no SASL "
+ "protection configured for addr = {}, datanodeId = {}", addr, datanodeId);
return(null);
}
}
}
}
}
}
internal static IPEndPoint ResolvedAddressFromDatanodeID(DatanodeID id)
{
return(new IPEndPoint(id.GetIpAddr(), id.GetXferPort()));
}
/// <summary>Receives SASL negotiation from a peer on behalf of a server.</summary>
/// <param name="peer">connection peer</param>
/// <param name="underlyingOut">connection output stream</param>
/// <param name="underlyingIn">connection input stream</param>
/// <?/>
/// <param name="datanodeId">ID of DataNode accepting connection</param>
/// <returns>new pair of streams, wrapped after SASL negotiation</returns>
/// <exception cref="System.IO.IOException">for any error</exception>
public virtual IOStreamPair Receive(Peer peer, OutputStream underlyingOut, InputStream
underlyingIn, int xferPort, DatanodeID datanodeId)
{
if (dnConf.GetEncryptDataTransfer())
{
Log.Debug("SASL server doing encrypted handshake for peer = {}, datanodeId = {}",
peer, datanodeId);
return(GetEncryptedStreams(peer, underlyingOut, underlyingIn));
}
else
{
if (!UserGroupInformation.IsSecurityEnabled())
{
Log.Debug("SASL server skipping handshake in unsecured configuration for " + "peer = {}, datanodeId = {}"
, peer, datanodeId);
return(new IOStreamPair(underlyingIn, underlyingOut));
}
else
{
if (SecurityUtil.IsPrivilegedPort(xferPort))
{
Log.Debug("SASL server skipping handshake in secured configuration for " + "peer = {}, datanodeId = {}"
, peer, datanodeId);
return(new IOStreamPair(underlyingIn, underlyingOut));
}
else
{
if (dnConf.GetSaslPropsResolver() != null)
{
Log.Debug("SASL server doing general handshake for peer = {}, datanodeId = {}", peer
, datanodeId);
return(GetSaslStreams(peer, underlyingOut, underlyingIn));
}
else
{
if (dnConf.GetIgnoreSecurePortsForTesting())
{
// It's a secured cluster using non-privileged ports, but no SASL. The
// only way this can happen is if the DataNode has
// ignore.secure.ports.for.testing configured, so this is a rare edge case.
Log.Debug("SASL server skipping handshake in secured configuration with no SASL "
+ "protection configured for peer = {}, datanodeId = {}", peer, datanodeId);
return(new IOStreamPair(underlyingIn, underlyingOut));
}
else
{
// The error message here intentionally does not mention
// ignore.secure.ports.for.testing. That's intended for dev use only.
// This code path is not expected to execute ever, because DataNode startup
// checks for invalid configuration and aborts.
throw new IOException(string.Format("Cannot create a secured " + "connection if DataNode listens on unprivileged port (%d) and no "
+ "protection is defined in configuration property %s.", datanodeId.GetXferPort
(), DFSConfigKeys.DfsDataTransferProtectionKey));
}
}
}
}
}
}
