Example 1 with Property
use of org.apache.drill.exec.proto.UserProtos.Property in project drill by axbaretto.
the class UserServer method getHandshakeHandler.
@Override
protected ServerHandshakeHandler<UserToBitHandshake> getHandshakeHandler(final BitToUserConnection connection) {
return new ServerHandshakeHandler<UserToBitHandshake>(RpcType.HANDSHAKE, UserToBitHandshake.PARSER) {
@Override
protected void consumeHandshake(ChannelHandlerContext ctx, UserToBitHandshake inbound) throws Exception {
BitToUserHandshake handshakeResp = getHandshakeResponse(inbound);
OutboundRpcMessage msg = new OutboundRpcMessage(RpcMode.RESPONSE, this.handshakeType, coordinationId, handshakeResp);
ctx.writeAndFlush(msg);
if (handshakeResp.getStatus() != HandshakeStatus.SUCCESS && handshakeResp.getStatus() != HandshakeStatus.AUTH_REQUIRED) {
// If handling handshake results in an error, throw an exception to terminate the connection.
throw new RpcException("Handshake request failed: " + handshakeResp.getErrorMessage());
}
}
@Override
public BitToUserHandshake getHandshakeResponse(UserToBitHandshake inbound) throws Exception {
if (logger.isTraceEnabled()) {
logger.trace("Handling handshake from user to bit. {}", serializeUserToBitHandshakeWithoutPassword(inbound));
}
// if timeout is unsupported or is set to false, disable timeout.
if (!inbound.hasSupportTimeout() || !inbound.getSupportTimeout()) {
connection.disableReadTimeout();
logger.warn("Timeout Disabled as client doesn't support it.", connection.getName());
}
BitToUserHandshake.Builder respBuilder = BitToUserHandshake.newBuilder().setRpcVersion(UserRpcConfig.RPC_VERSION).setServerInfos(UserRpcUtils.getRpcEndpointInfos(SERVER_NAME)).addAllSupportedMethods(UserRpcConfig.SUPPORTED_SERVER_METHODS);
try {
if (inbound.getRpcVersion() != UserRpcConfig.RPC_VERSION) {
final String errMsg = String.format("Invalid rpc version. Expected %d, actual %d.", UserRpcConfig.RPC_VERSION, inbound.getRpcVersion());
return handleFailure(respBuilder, HandshakeStatus.RPC_VERSION_MISMATCH, errMsg, null);
}
connection.setHandshake(inbound);
if (!config.isAuthEnabled()) {
connection.finalizeSession(inbound.getCredentials().getUserName());
respBuilder.setStatus(HandshakeStatus.SUCCESS);
return respBuilder.build();
}
// If sasl_support field is absent in handshake message then treat the client as < 1.10 client
final boolean clientSupportsSasl = inbound.hasSaslSupport();
// saslSupportOrdinal will be set to UNKNOWN_SASL_SUPPORT, if sasl_support field in handshake is set to a
// value which is unknown to this server. We will treat those clients as one which knows SASL protocol.
final int saslSupportOrdinal = (clientSupportsSasl) ? inbound.getSaslSupport().ordinal() : SaslSupport.UNKNOWN_SASL_SUPPORT.ordinal();
// Check if client doesn't support SASL or only supports SASL_AUTH and server has encryption enabled
if ((!clientSupportsSasl || saslSupportOrdinal == SaslSupport.SASL_AUTH.ordinal()) && config.isEncryptionEnabled()) {
throw new UserAuthenticationException("The server doesn't allow client without encryption support." + " Please upgrade your client or talk to your system administrator.");
}
if (!clientSupportsSasl) {
// for backward compatibility < 1.10
final String userName = inbound.getCredentials().getUserName();
if (logger.isTraceEnabled()) {
logger.trace("User {} on connection {} is likely using an older client.", userName, connection.getRemoteAddress());
}
try {
String password = "";
final UserProperties props = inbound.getProperties();
for (int i = 0; i < props.getPropertiesCount(); i++) {
Property prop = props.getProperties(i);
if (DrillProperties.PASSWORD.equalsIgnoreCase(prop.getKey())) {
password = prop.getValue();
break;
}
}
final PlainFactory plainFactory;
try {
plainFactory = (PlainFactory) config.getAuthProvider().getAuthenticatorFactory(PlainFactory.SIMPLE_NAME);
} catch (final SaslException e) {
throw new UserAuthenticationException("The server no longer supports username/password" + " based authentication. Please talk to your system administrator.");
}
plainFactory.getAuthenticator().authenticate(userName, password);
connection.changeHandlerTo(config.getMessageHandler());
connection.finalizeSession(userName);
respBuilder.setStatus(HandshakeStatus.SUCCESS);
if (logger.isTraceEnabled()) {
logger.trace("Authenticated {} successfully using PLAIN from {}", userName, connection.getRemoteAddress());
}
return respBuilder.build();
} catch (UserAuthenticationException ex) {
return handleFailure(respBuilder, HandshakeStatus.AUTH_FAILED, ex.getMessage(), ex);
}
}
// Offer all the configured mechanisms to client. If certain mechanism doesn't support encryption
// like PLAIN, those should fail during the SASL handshake negotiation.
respBuilder.addAllAuthenticationMechanisms(config.getAuthProvider().getAllFactoryNames());
// set the encrypted flag in handshake message. For older clients this field is optional so will be ignored
respBuilder.setEncrypted(connection.isEncryptionEnabled());
respBuilder.setMaxWrappedSize(connection.getMaxWrappedSize());
// for now, this means PLAIN credentials will be sent over twice
// (during handshake and during sasl exchange)
respBuilder.setStatus(HandshakeStatus.AUTH_REQUIRED);
return respBuilder.build();
} catch (Exception e) {
return handleFailure(respBuilder, HandshakeStatus.UNKNOWN_FAILURE, e.getMessage(), e);
}
}
};
}
Also used :
PlainFactory(org.apache.drill.exec.rpc.security.plain.PlainFactory)
ChannelHandlerContext(io.netty.channel.ChannelHandlerContext)
SaslException(javax.security.sasl.SaslException)
RpcException(org.apache.drill.exec.rpc.RpcException)
SaslException(javax.security.sasl.SaslException)
UserAuthenticationException(org.apache.drill.exec.rpc.user.security.UserAuthenticationException)
DrillbitStartupException(org.apache.drill.exec.exception.DrillbitStartupException)
IOException(java.io.IOException)
DrillException(org.apache.drill.common.exceptions.DrillException)
UserToBitHandshake(org.apache.drill.exec.proto.UserProtos.UserToBitHandshake)
UserAuthenticationException(org.apache.drill.exec.rpc.user.security.UserAuthenticationException)
UserProperties(org.apache.drill.exec.proto.UserProtos.UserProperties)
BitToUserHandshake(org.apache.drill.exec.proto.UserProtos.BitToUserHandshake)
OutboundRpcMessage(org.apache.drill.exec.rpc.OutboundRpcMessage)
RpcException(org.apache.drill.exec.rpc.RpcException)
Property(org.apache.drill.exec.proto.UserProtos.Property)
Example 2 with Property
use of org.apache.drill.exec.proto.UserProtos.Property in project drill by axbaretto.
the class UserServer method serializeUserToBitHandshakeWithoutPassword.
/**
* Serialize {@link org.apache.drill.exec.proto.UserProtos.BitToUserHandshake} instance without password
* @param inbound handshake instance for serialization
* @return String of serialized object
*/
private String serializeUserToBitHandshakeWithoutPassword(UserToBitHandshake inbound) {
StringBuilder sb = new StringBuilder();
sb.append("rpc_version: ");
sb.append(inbound.getRpcVersion());
sb.append("\ncredentials:\n\t");
sb.append(inbound.getCredentials());
sb.append("properties:");
List<Property> props = inbound.getProperties().getPropertiesList();
for (Property p : props) {
if (!p.getKey().equalsIgnoreCase("password")) {
sb.append("\n\tproperty:\n\t\t");
sb.append("key: \"");
sb.append(p.getKey());
sb.append("\"\n\t\tvalue: \"");
sb.append(p.getValue());
sb.append("\"");
}
}
sb.append("\nsupport_complex_types: ");
sb.append(inbound.getSupportComplexTypes());
sb.append("\nsupport_timeout: ");
sb.append(inbound.getSupportTimeout());
sb.append("sasl_support: ");
sb.append(inbound.getSaslSupport());
sb.append("\nclient_infos:\n\t");
sb.append(inbound.getClientInfos().toString().replace("\n", "\n\t"));
return sb.toString();
}
Also used :
Property(org.apache.drill.exec.proto.UserProtos.Property)
Example 3 with Property
use of org.apache.drill.exec.proto.UserProtos.Property in project drill by apache.
the class UserServer method getHandshakeHandler.
@Override
protected ServerHandshakeHandler<UserToBitHandshake> getHandshakeHandler(final BitToUserConnection connection) {
return new ServerHandshakeHandler<UserToBitHandshake>(RpcType.HANDSHAKE, UserToBitHandshake.PARSER) {
@Override
protected void consumeHandshake(ChannelHandlerContext ctx, UserToBitHandshake inbound) throws Exception {
BitToUserHandshake handshakeResp = getHandshakeResponse(inbound);
OutboundRpcMessage msg = new OutboundRpcMessage(RpcMode.RESPONSE, this.handshakeType, coordinationId, handshakeResp);
ctx.writeAndFlush(msg);
if (handshakeResp.getStatus() != HandshakeStatus.SUCCESS && handshakeResp.getStatus() != HandshakeStatus.AUTH_REQUIRED) {
// If handling handshake results in an error, throw an exception to terminate the connection.
throw new RpcException("Handshake request failed: " + handshakeResp.getErrorMessage());
}
}
@Override
public BitToUserHandshake getHandshakeResponse(UserToBitHandshake inbound) throws Exception {
if (logger.isTraceEnabled()) {
logger.trace("Handling handshake from user to bit. {}", serializeUserToBitHandshakeWithoutPassword(inbound));
}
// if timeout is unsupported or is set to false, disable timeout.
if (!inbound.hasSupportTimeout() || !inbound.getSupportTimeout()) {
connection.disableReadTimeout();
logger.warn("Timeout Disabled as client {} doesn't support it.", connection.getName());
}
BitToUserHandshake.Builder respBuilder = BitToUserHandshake.newBuilder().setRpcVersion(UserRpcConfig.RPC_VERSION).setServerInfos(UserRpcUtils.getRpcEndpointInfos(SERVER_NAME)).addAllSupportedMethods(UserRpcConfig.SUPPORTED_SERVER_METHODS);
try {
if (inbound.getRpcVersion() != UserRpcConfig.RPC_VERSION) {
final String errMsg = String.format("Invalid rpc version. Expected %d, actual %d.", UserRpcConfig.RPC_VERSION, inbound.getRpcVersion());
return handleFailure(respBuilder, HandshakeStatus.RPC_VERSION_MISMATCH, errMsg, null);
}
connection.setHandshake(inbound);
if (!config.isAuthEnabled()) {
connection.finalizeSession(inbound.getCredentials().getUserName());
respBuilder.setStatus(HandshakeStatus.SUCCESS);
return respBuilder.build();
}
// If sasl_support field is absent in handshake message then treat the client as < 1.10 client
final boolean clientSupportsSasl = inbound.hasSaslSupport();
// saslSupportOrdinal will be set to UNKNOWN_SASL_SUPPORT, if sasl_support field in handshake is set to a
// value which is unknown to this server. We will treat those clients as one which knows SASL protocol.
final int saslSupportOrdinal = (clientSupportsSasl) ? inbound.getSaslSupport().ordinal() : SaslSupport.UNKNOWN_SASL_SUPPORT.ordinal();
// Check if client doesn't support SASL or only supports SASL_AUTH and server has encryption enabled
if ((!clientSupportsSasl || saslSupportOrdinal == SaslSupport.SASL_AUTH.ordinal()) && config.isEncryptionEnabled()) {
throw new UserAuthenticationException("The server doesn't allow client without encryption support." + " Please upgrade your client or talk to your system administrator.");
}
if (!clientSupportsSasl) {
// for backward compatibility < 1.10
final String userName = inbound.getCredentials().getUserName();
if (logger.isTraceEnabled()) {
logger.trace("User {} on connection {} is likely using an older client.", userName, connection.getRemoteAddress());
}
try {
String password = "";
final UserProperties props = inbound.getProperties();
for (int i = 0; i < props.getPropertiesCount(); i++) {
Property prop = props.getProperties(i);
if (DrillProperties.PASSWORD.equalsIgnoreCase(prop.getKey())) {
password = prop.getValue();
break;
}
}
final PlainFactory plainFactory;
try {
plainFactory = (PlainFactory) config.getAuthProvider().getAuthenticatorFactory(PlainFactory.SIMPLE_NAME);
} catch (final SaslException e) {
throw new UserAuthenticationException("The server no longer supports username/password" + " based authentication. Please talk to your system administrator.");
}
plainFactory.getAuthenticator().authenticate(userName, password);
connection.changeHandlerTo(config.getMessageHandler());
connection.finalizeSession(userName);
respBuilder.setStatus(HandshakeStatus.SUCCESS);
logger.info("Authenticated {} from {} successfully using PLAIN", userName, connection.getRemoteAddress());
return respBuilder.build();
} catch (UserAuthenticationException ex) {
return handleFailure(respBuilder, HandshakeStatus.AUTH_FAILED, ex.getMessage(), ex);
}
}
// Offer all the configured mechanisms to client. If certain mechanism doesn't support encryption
// like PLAIN, those should fail during the SASL handshake negotiation.
respBuilder.addAllAuthenticationMechanisms(config.getAuthProvider().getAllFactoryNames());
// set the encrypted flag in handshake message. For older clients this field is optional so will be ignored
respBuilder.setEncrypted(connection.isEncryptionEnabled());
respBuilder.setMaxWrappedSize(connection.getMaxWrappedSize());
// for now, this means PLAIN credentials will be sent over twice
// (during handshake and during sasl exchange)
respBuilder.setStatus(HandshakeStatus.AUTH_REQUIRED);
return respBuilder.build();
} catch (Exception e) {
return handleFailure(respBuilder, HandshakeStatus.UNKNOWN_FAILURE, e.getMessage(), e);
}
}
};
}
Also used :
PlainFactory(org.apache.drill.exec.rpc.security.plain.PlainFactory)
ChannelHandlerContext(io.netty.channel.ChannelHandlerContext)
SaslException(javax.security.sasl.SaslException)
RpcException(org.apache.drill.exec.rpc.RpcException)
SaslException(javax.security.sasl.SaslException)
UserAuthenticationException(org.apache.drill.exec.rpc.user.security.UserAuthenticationException)
DrillbitStartupException(org.apache.drill.exec.exception.DrillbitStartupException)
IOException(java.io.IOException)
DrillException(org.apache.drill.common.exceptions.DrillException)
UserToBitHandshake(org.apache.drill.exec.proto.UserProtos.UserToBitHandshake)
UserAuthenticationException(org.apache.drill.exec.rpc.user.security.UserAuthenticationException)
UserProperties(org.apache.drill.exec.proto.UserProtos.UserProperties)
BitToUserHandshake(org.apache.drill.exec.proto.UserProtos.BitToUserHandshake)
OutboundRpcMessage(org.apache.drill.exec.rpc.OutboundRpcMessage)
RpcException(org.apache.drill.exec.rpc.RpcException)
Property(org.apache.drill.exec.proto.UserProtos.Property)
Example 4 with Property
use of org.apache.drill.exec.proto.UserProtos.Property in project drill by apache.
the class UserServer method serializeUserToBitHandshakeWithoutPassword.
/**
* Serialize {@link org.apache.drill.exec.proto.UserProtos.BitToUserHandshake} instance without password
* @param inbound handshake instance for serialization
* @return String of serialized object
*/
private String serializeUserToBitHandshakeWithoutPassword(UserToBitHandshake inbound) {
StringBuilder sb = new StringBuilder();
sb.append("rpc_version: ");
sb.append(inbound.getRpcVersion());
sb.append("\ncredentials:\n\t");
sb.append(inbound.getCredentials());
sb.append("properties:");
List<Property> props = inbound.getProperties().getPropertiesList();
for (Property p : props) {
if (!p.getKey().equalsIgnoreCase("password")) {
sb.append("\n\tproperty:\n\t\t");
sb.append("key: \"");
sb.append(p.getKey());
sb.append("\"\n\t\tvalue: \"");
sb.append(p.getValue());
sb.append("\"");
}
}
sb.append("\nsupport_complex_types: ");
sb.append(inbound.getSupportComplexTypes());
sb.append("\nsupport_timeout: ");
sb.append(inbound.getSupportTimeout());
sb.append("sasl_support: ");
sb.append(inbound.getSaslSupport());
sb.append("\nclient_infos:\n\t");
sb.append(inbound.getClientInfos().toString().replace("\n", "\n\t"));
return sb.toString();
}
Also used :
Property(org.apache.drill.exec.proto.UserProtos.Property)
Aggregations
Property (org.apache.drill.exec.proto.UserProtos.Property)4
ChannelHandlerContext (io.netty.channel.ChannelHandlerContext)2
IOException (java.io.IOException)2
SaslException (javax.security.sasl.SaslException)2
DrillException (org.apache.drill.common.exceptions.DrillException)2
DrillbitStartupException (org.apache.drill.exec.exception.DrillbitStartupException)2
BitToUserHandshake (org.apache.drill.exec.proto.UserProtos.BitToUserHandshake)2
UserProperties (org.apache.drill.exec.proto.UserProtos.UserProperties)2
UserToBitHandshake (org.apache.drill.exec.proto.UserProtos.UserToBitHandshake)2
OutboundRpcMessage (org.apache.drill.exec.rpc.OutboundRpcMessage)2
RpcException (org.apache.drill.exec.rpc.RpcException)2
PlainFactory (org.apache.drill.exec.rpc.security.plain.PlainFactory)2
UserAuthenticationException (org.apache.drill.exec.rpc.user.security.UserAuthenticationException)2
