use of org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException in project accumulo by apache.
the class ClientServiceHandler method getDiskUsage.
@Override
public List<TDiskUsage> getDiskUsage(Set<String> tables, TCredentials credentials) throws ThriftTableOperationException, ThriftSecurityException, TException {
try {
HashSet<TableId> tableIds = new HashSet<>();
for (String table : tables) {
// ensure that table table exists
TableId tableId = checkTableId(context, table, null);
tableIds.add(tableId);
NamespaceId namespaceId = context.getNamespaceId(tableId);
if (!security.canScan(credentials, tableId, namespaceId))
throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
}
// use the same set of tableIds that were validated above to avoid race conditions
Map<TreeSet<String>, Long> diskUsage = TableDiskUsage.getDiskUsage(tableIds, context.getVolumeManager(), context);
List<TDiskUsage> retUsages = new ArrayList<>();
for (Map.Entry<TreeSet<String>, Long> usageItem : diskUsage.entrySet()) {
retUsages.add(new TDiskUsage(new ArrayList<>(usageItem.getKey()), usageItem.getValue()));
}
return retUsages;
} catch (TableNotFoundException | IOException e) {
throw new TException(e);
}
}
use of org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException in project accumulo by apache.
the class TCredentialsUpdatingInvocationHandler method updateArgs.
/**
* Try to find a TCredentials object in the argument list, and, when the AuthenticationToken is a
* KerberosToken, set the principal from the SASL server as the TCredentials principal. This
* ensures that users can't spoof a different principal into the Credentials than what they used
* to authenticate.
*/
protected void updateArgs(Object[] args) throws ThriftSecurityException {
// If we don't have at least two args
if (args == null || args.length < 2) {
return;
}
TCredentials tcreds = null;
if (args[0] != null && args[0] instanceof TCredentials) {
tcreds = (TCredentials) args[0];
} else if (args[1] != null && args[1] instanceof TCredentials) {
tcreds = (TCredentials) args[1];
}
// If we don't find a tcredentials in the first two positions
if (tcreds == null) {
// Not all calls require authentication (e.g. closeMultiScan). We need to let these pass
// through.
log.trace("Did not find a TCredentials object in the first two positions" + " of the argument list, not updating principal");
return;
}
Class<? extends AuthenticationToken> tokenClass = getTokenClassFromName(tcreds.tokenClassName);
// The Accumulo principal extracted from the SASL transport
final String principal = UGIAssumingProcessor.rpcPrincipal();
// should match
if (UGIAssumingProcessor.rpcMechanism() == SaslMechanism.DIGEST_MD5 && DelegationTokenImpl.class.isAssignableFrom(tokenClass)) {
if (!principal.equals(tcreds.principal)) {
log.warn("{} issued RPC with delegation token over DIGEST-MD5 as the " + "Accumulo principal {}. Disallowing RPC", principal, tcreds.principal);
throw new ThriftSecurityException("RPC principal did not match provided Accumulo principal", SecurityErrorCode.BAD_CREDENTIALS);
}
return;
}
// If the authentication token isn't a KerberosToken
if (!KerberosToken.class.isAssignableFrom(tokenClass) && !SystemToken.class.isAssignableFrom(tokenClass)) {
// Don't include messages about SystemToken since it's internal
log.debug("Will not update principal on authentication tokens other than" + " KerberosToken. Received {}", tokenClass);
throw new ThriftSecurityException("Did not receive a valid token", SecurityErrorCode.BAD_CREDENTIALS);
}
if (principal == null) {
log.debug("Found KerberosToken in TCredentials, but did not receive principal from SASL processor");
throw new ThriftSecurityException("Did not extract principal from Thrift SASL processor", SecurityErrorCode.BAD_CREDENTIALS);
}
// principal
if (!principal.equals(tcreds.principal)) {
UsersWithHosts usersWithHosts = impersonation.get(principal);
if (usersWithHosts == null) {
principalMismatch(principal, tcreds.principal);
}
if (!usersWithHosts.getUsers().contains(tcreds.principal)) {
principalMismatch(principal, tcreds.principal);
}
String clientAddr = TServerUtils.clientAddress.get();
if (!usersWithHosts.getHosts().contains(clientAddr)) {
final String msg = "Principal in credentials object allowed mismatched" + " Kerberos principals, but not on " + clientAddr;
log.warn(msg);
throw new ThriftSecurityException(msg, SecurityErrorCode.BAD_CREDENTIALS);
}
}
}
use of org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException in project accumulo by apache.
the class SecurityOperation method grantNamespacePermission.
public void grantNamespacePermission(TCredentials c, String user, NamespaceId namespace, NamespacePermission permission) throws ThriftSecurityException {
if (!canGrantNamespace(c, namespace))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
targetUserExists(user);
try {
permHandle.grantNamespacePermission(user, namespace.canonical(), permission);
log.info("Granted namespace permission {} for user {} on the namespace {}" + " at the request of user {}", permission, user, namespace, c.getPrincipal());
} catch (AccumuloSecurityException e) {
throw e.asThriftException();
} catch (NamespaceNotFoundException e) {
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.NAMESPACE_DOESNT_EXIST);
}
}
use of org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException in project accumulo by apache.
the class SecurityOperation method changeAuthorizations.
public void changeAuthorizations(TCredentials credentials, String user, Authorizations authorizations) throws ThriftSecurityException {
if (!canChangeAuthorizations(credentials, user))
throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
targetUserExists(user);
try {
authorizor.changeAuthorizations(user, authorizations);
log.info("Changed authorizations for user {} at the request of user {}", user, credentials.getPrincipal());
} catch (AccumuloSecurityException ase) {
throw ase.asThriftException();
}
}
use of org.apache.accumulo.core.clientImpl.thrift.ThriftSecurityException in project accumulo by apache.
the class SecurityOperation method revokeSystemPermission.
public void revokeSystemPermission(TCredentials credentials, String user, SystemPermission permission) throws ThriftSecurityException {
if (!canRevokeSystem(credentials, user, permission))
throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
targetUserExists(user);
try {
permHandle.revokeSystemPermission(user, permission);
log.info("Revoked system permission {} for user {} at the request of user {}", permission, user, credentials.getPrincipal());
} catch (AccumuloSecurityException e) {
throw e.asThriftException();
}
}
Aggregations