Example 66 with SaslException
use of javax.security.sasl.SaslException in project drill by apache.
the class PlainFactory method createAndLoginUser.
@Override
public UserGroupInformation createAndLoginUser(Map<String, ?> properties) throws IOException {
final Configuration conf = new Configuration();
UserGroupInformation.setConfiguration(conf);
try {
return UserGroupInformation.getCurrentUser();
} catch (final IOException e) {
logger.debug("Login failed.", e);
final Throwable cause = e.getCause();
if (cause instanceof LoginException) {
throw new SaslException("Failed to login.", cause);
}
throw new SaslException("Unexpected failure trying to login. ", cause);
}
}
Also used :
Configuration(org.apache.hadoop.conf.Configuration)
LoginException(javax.security.auth.login.LoginException)
IOException(java.io.IOException)
SaslException(javax.security.sasl.SaslException)
Example 67 with SaslException
use of javax.security.sasl.SaslException in project drill by apache.
the class PlainServer method evaluateResponse.
@Override
public byte[] evaluateResponse(byte[] response) throws SaslException {
if (completed) {
throw new IllegalStateException("PLAIN authentication already completed");
}
if (response == null) {
throw new SaslException("Received null response");
}
final String payload = new String(response, StandardCharsets.UTF_8);
// Separator defined in PlainClient is 0
// three parts: [ authorizationID, authenticationID, password ]
final String[] parts = payload.split(UTF_8_NULL, 3);
if (parts.length != 3) {
throw new SaslException("Received corrupt response. Expected 3 parts, but received " + parts.length);
}
String authorizationID = parts[0];
final String authenticationID = parts[1];
final String password = parts[2];
if (authorizationID.isEmpty()) {
authorizationID = authenticationID;
}
try {
authenticator.authenticate(authenticationID, password);
} catch (final UserAuthenticationException e) {
throw new SaslException(e.getMessage());
}
if (!authorizationID.equals(authenticationID)) {
throw new SaslException("Drill expects authorization ID and authentication ID to match. " + "Use inbound impersonation feature so one entity can act on behalf of another.");
}
this.authorizationID = authorizationID;
completed = true;
return null;
}
Also used :
UserAuthenticationException(org.apache.drill.exec.rpc.user.security.UserAuthenticationException)
SaslException(javax.security.sasl.SaslException)
Example 68 with SaslException
use of javax.security.sasl.SaslException in project drill by apache.
the class ServerAuthenticationHandler method handleSuccess.
private static <S extends ServerConnection<S>, T extends EnumLite> void handleSuccess(final SaslResponseContext<S, T> context, final SaslMessage.Builder challenge, final SaslServer saslServer) throws IOException {
final S connection = context.connection;
connection.changeHandlerTo(context.requestHandler);
connection.finalizeSaslSession();
// Check the negotiated property before sending the response back to client
try {
final String negotiatedQOP = saslServer.getNegotiatedProperty(Sasl.QOP).toString();
final String expectedQOP = (connection.isEncryptionEnabled()) ? SaslProperties.QualityOfProtection.PRIVACY.getSaslQop() : SaslProperties.QualityOfProtection.AUTHENTICATION.getSaslQop();
if (!(negotiatedQOP.equals(expectedQOP))) {
throw new SaslException(String.format("Mismatch in negotiated QOP value: %s and Expected QOP value: %s", negotiatedQOP, expectedQOP));
}
// negotiated size of buffer
if (connection.isEncryptionEnabled()) {
final int negotiatedRawSendSize = Integer.parseInt(saslServer.getNegotiatedProperty(Sasl.RAW_SEND_SIZE).toString());
if (negotiatedRawSendSize <= 0) {
throw new SaslException(String.format("Negotiated rawSendSize: %d is invalid. Please check the configured " + "value of encryption.sasl.max_wrapped_size. It might be configured to a very small value.", negotiatedRawSendSize));
}
connection.setWrapSizeLimit(negotiatedRawSendSize);
}
} catch (IllegalStateException | NumberFormatException e) {
throw new SaslException(String.format("Unexpected failure while retrieving negotiated property values (%s)", e.getMessage()), e);
}
if (logger.isTraceEnabled()) {
logger.trace("Authenticated {} successfully using {} from {} with encryption context {}", saslServer.getAuthorizationID(), saslServer.getMechanismName(), connection.getRemoteAddress().toString(), connection.getEncryptionCtxtString());
}
// All checks have passed let's send the response back to client before adding handlers.
context.sender.send(new Response(context.saslResponseType, challenge.build()));
if (connection.isEncryptionEnabled()) {
connection.addSecurityHandlers();
} else {
// Encryption is not required hence we don't need to hold on to saslServer object.
connection.disposeSaslServer();
}
}
Also used :
Response(org.apache.drill.exec.rpc.Response)
ByteString(com.google.protobuf.ByteString)
SaslException(javax.security.sasl.SaslException)
Example 69 with SaslException
use of javax.security.sasl.SaslException in project drill by apache.
the class ServerAuthenticationHandler method handle.
@Override
public void handle(S connection, int rpcType, ByteBuf pBody, ByteBuf dBody, ResponseSender sender) throws RpcException {
final String remoteAddress = connection.getRemoteAddress().toString();
// exchange involves server "challenges" and client "responses" (initiated by client)
if (saslRequestTypeValue == rpcType) {
final SaslMessage saslResponse;
try {
saslResponse = SaslMessage.PARSER.parseFrom(new ByteBufInputStream(pBody));
} catch (final InvalidProtocolBufferException e) {
handleAuthFailure(connection, sender, e, saslResponseType);
return;
}
logger.trace("Received SASL message {} from {}", saslResponse.getStatus(), remoteAddress);
final SaslResponseProcessor processor = RESPONSE_PROCESSORS.get(saslResponse.getStatus());
if (processor == null) {
logger.info("Unknown message type from client from {}. Will stop authentication.", remoteAddress);
handleAuthFailure(connection, sender, new SaslException("Received unexpected message"), saslResponseType);
return;
}
final SaslResponseContext<S, T> context = new SaslResponseContext<>(saslResponse, connection, sender, requestHandler, saslResponseType);
try {
processor.process(context);
} catch (final Exception e) {
handleAuthFailure(connection, sender, e, saslResponseType);
}
} else {
// drop connection
throw new RpcException(String.format("Request of type %d is not allowed without authentication. Client on %s must authenticate " + "before making requests. Connection dropped. [Details: %s]", rpcType, remoteAddress, connection.getEncryptionCtxtString()));
}
}
Also used :
RpcException(org.apache.drill.exec.rpc.RpcException)
InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException)
SaslMessage(org.apache.drill.exec.proto.UserBitShared.SaslMessage)
ByteString(com.google.protobuf.ByteString)
ByteBufInputStream(io.netty.buffer.ByteBufInputStream)
SaslException(javax.security.sasl.SaslException)
InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException)
RpcException(org.apache.drill.exec.rpc.RpcException)
IOException(java.io.IOException)
SaslException(javax.security.sasl.SaslException)
UndeclaredThrowableException(java.lang.reflect.UndeclaredThrowableException)
Example 70 with SaslException
use of javax.security.sasl.SaslException in project drill by apache.
the class AuthenticationOutcomeListener method success.
@Override
public void success(SaslMessage value, ByteBuf buffer) {
logger.trace("Server responded with message of type: {}", value.getStatus());
final SaslChallengeProcessor processor = CHALLENGE_PROCESSORS.get(value.getStatus());
if (processor == null) {
completionListener.failed(RpcException.mapException(new SaslException("Server sent a corrupt message.")));
} else {
try {
final SaslChallengeContext<C> context = new SaslChallengeContext<>(value, ugi, connection);
final SaslMessage saslResponse = processor.process(context);
if (saslResponse != null) {
client.send(new AuthenticationOutcomeListener<>(client, connection, saslRpcType, ugi, completionListener), connection, saslRpcType, saslResponse, SaslMessage.class, true);
} else {
// success
completionListener.success(null, null);
if (logger.isTraceEnabled()) {
logger.trace("Successfully authenticated to server using {} mechanism and encryption context: {}", connection.getSaslClient().getMechanismName(), connection.getEncryptionCtxtString());
}
}
} catch (final Exception e) {
logger.error("Authentication with encryption context: {} using mechanism {} failed with {}", connection.getEncryptionCtxtString(), connection.getSaslClient().getMechanismName(), e.getMessage());
completionListener.failed(RpcException.mapException(e));
}
}
}
Also used :
SaslMessage(org.apache.drill.exec.proto.UserBitShared.SaslMessage)
SaslException(javax.security.sasl.SaslException)
RpcException(org.apache.drill.exec.rpc.RpcException)
IOException(java.io.IOException)
SaslException(javax.security.sasl.SaslException)
UndeclaredThrowableException(java.lang.reflect.UndeclaredThrowableException)
Aggregations
SaslException (javax.security.sasl.SaslException)70
IOException (java.io.IOException)24
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)12
NameCallback (javax.security.auth.callback.NameCallback)11
Callback (javax.security.auth.callback.Callback)6
PasswordCallback (javax.security.auth.callback.PasswordCallback)6
SaslClient (javax.security.sasl.SaslClient)6
UndeclaredThrowableException (java.lang.reflect.UndeclaredThrowableException)5
InvalidKeyException (java.security.InvalidKeyException)5
LoginException (javax.security.auth.login.LoginException)5
AuthorizeCallback (javax.security.sasl.AuthorizeCallback)5
RpcException (org.apache.drill.exec.rpc.RpcException)5
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4
PrivilegedActionException (java.security.PrivilegedActionException)4
CallbackHandler (javax.security.auth.callback.CallbackHandler)4
GSSException (org.ietf.jgss.GSSException)4
UserNotFoundException (org.jivesoftware.openfire.user.UserNotFoundException)4
ByteString (com.google.protobuf.ByteString)3
Principal (java.security.Principal)3
SaslServer (javax.security.sasl.SaslServer)3
