Example 6 with RpcException
use of org.apache.drill.exec.rpc.RpcException in project drill by apache.
the class UserClient method handle.
@Override
protected void handle(UserToBitConnection connection, int rpcType, ByteBuf pBody, ByteBuf dBody, ResponseSender sender) throws RpcException {
if (!authComplete) {
// Remote should not be making any requests before authenticating, drop connection
throw new RpcException(String.format("Request of type %d is not allowed without authentication. " + "Remote on %s must authenticate before making requests. Connection dropped.", rpcType, connection.getRemoteAddress()));
}
switch(rpcType) {
case RpcType.QUERY_DATA_VALUE:
queryResultHandler.batchArrived(connection, pBody, dBody);
sender.send(new Response(RpcType.ACK, Acks.OK));
break;
case RpcType.QUERY_RESULT_VALUE:
queryResultHandler.resultArrived(pBody);
sender.send(new Response(RpcType.ACK, Acks.OK));
break;
default:
throw new RpcException(String.format("Unknown Rpc Type %d. ", rpcType));
}
}
Also used :
Response(org.apache.drill.exec.rpc.Response)
RpcException(org.apache.drill.exec.rpc.RpcException)
NonTransientRpcException(org.apache.drill.exec.rpc.NonTransientRpcException)
Example 7 with RpcException
use of org.apache.drill.exec.rpc.RpcException in project drill by apache.
the class UserClient method authenticate.
private CheckedFuture<Void, SaslException> authenticate(final DrillProperties properties) {
final Map<String, String> propertiesMap = properties.stringPropertiesAsMap();
// Set correct QOP property and Strength based on server needs encryption or not.
// If ChunkMode is enabled then negotiate for buffer size equal to wrapChunkSize,
// If ChunkMode is disabled then negotiate for MAX_WRAPPED_SIZE buffer size.
propertiesMap.putAll(SaslProperties.getSaslProperties(connection.isEncryptionEnabled(), connection.getMaxWrappedSize()));
// use handleAuthFailure to setException
final SettableFuture<Void> authSettable = SettableFuture.create();
final CheckedFuture<Void, SaslException> authFuture = new AbstractCheckedFuture<Void, SaslException>(authSettable) {
@Override
protected SaslException mapException(Exception e) {
if (e instanceof ExecutionException) {
final Throwable cause = Throwables.getRootCause(e);
if (cause instanceof SaslException) {
return new SaslException(String.format("Authentication failed. [Details: %s, Error %s]", connection.getEncryptionCtxtString(), cause.getMessage()), cause);
}
}
return new SaslException(String.format("Authentication failed unexpectedly. [Details: %s, Error %s]", connection.getEncryptionCtxtString(), e.getMessage()), e);
}
};
final AuthenticatorFactory factory;
final String mechanismName;
final UserGroupInformation ugi;
final SaslClient saslClient;
try {
factory = getAuthenticatorFactory(properties);
mechanismName = factory.getSimpleName();
logger.trace("Will try to authenticate to server using {} mechanism with encryption context {}", mechanismName, connection.getEncryptionCtxtString());
ugi = factory.createAndLoginUser(propertiesMap);
saslClient = factory.createSaslClient(ugi, propertiesMap);
if (saslClient == null) {
throw new SaslException(String.format("Cannot initiate authentication using %s mechanism. Insufficient " + "credentials or selected mechanism doesn't support configured security layers?", factory.getSimpleName()));
}
connection.setSaslClient(saslClient);
} catch (final IOException e) {
authSettable.setException(e);
return authFuture;
}
logger.trace("Initiating SASL exchange.");
new AuthenticationOutcomeListener<>(this, connection, RpcType.SASL_MESSAGE, ugi, new RpcOutcomeListener<Void>() {
@Override
public void failed(RpcException ex) {
authSettable.setException(ex);
}
@Override
public void success(Void value, ByteBuf buffer) {
authComplete = true;
authSettable.set(null);
}
@Override
public void interrupted(InterruptedException e) {
authSettable.setException(e);
}
}).initiate(mechanismName);
return authFuture;
}
Also used :
IOException(java.io.IOException)
AbstractCheckedFuture(com.google.common.util.concurrent.AbstractCheckedFuture)
SaslException(javax.security.sasl.SaslException)
AuthenticatorFactory(org.apache.drill.exec.rpc.security.AuthenticatorFactory)
ByteBuf(io.netty.buffer.ByteBuf)
RpcException(org.apache.drill.exec.rpc.RpcException)
SaslException(javax.security.sasl.SaslException)
NonTransientRpcException(org.apache.drill.exec.rpc.NonTransientRpcException)
IOException(java.io.IOException)
ExecutionException(java.util.concurrent.ExecutionException)
SaslClient(javax.security.sasl.SaslClient)
RpcException(org.apache.drill.exec.rpc.RpcException)
NonTransientRpcException(org.apache.drill.exec.rpc.NonTransientRpcException)
ExecutionException(java.util.concurrent.ExecutionException)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
RpcOutcomeListener(org.apache.drill.exec.rpc.RpcOutcomeListener)
Example 8 with RpcException
use of org.apache.drill.exec.rpc.RpcException in project drill by apache.
the class UserServer method getHandshakeHandler.
@Override
protected ServerHandshakeHandler<UserToBitHandshake> getHandshakeHandler(final BitToUserConnection connection) {
return new ServerHandshakeHandler<UserToBitHandshake>(RpcType.HANDSHAKE, UserToBitHandshake.PARSER) {
@Override
protected void consumeHandshake(ChannelHandlerContext ctx, UserToBitHandshake inbound) throws Exception {
BitToUserHandshake handshakeResp = getHandshakeResponse(inbound);
OutboundRpcMessage msg = new OutboundRpcMessage(RpcMode.RESPONSE, this.handshakeType, coordinationId, handshakeResp);
ctx.writeAndFlush(msg);
if (handshakeResp.getStatus() != HandshakeStatus.SUCCESS && handshakeResp.getStatus() != HandshakeStatus.AUTH_REQUIRED) {
// If handling handshake results in an error, throw an exception to terminate the connection.
throw new RpcException("Handshake request failed: " + handshakeResp.getErrorMessage());
}
}
@Override
public BitToUserHandshake getHandshakeResponse(UserToBitHandshake inbound) throws Exception {
logger.trace("Handling handshake from user to bit. {}", inbound);
// if timeout is unsupported or is set to false, disable timeout.
if (!inbound.hasSupportTimeout() || !inbound.getSupportTimeout()) {
connection.disableReadTimeout();
logger.warn("Timeout Disabled as client doesn't support it.", connection.getName());
}
BitToUserHandshake.Builder respBuilder = BitToUserHandshake.newBuilder().setRpcVersion(UserRpcConfig.RPC_VERSION).setServerInfos(UserRpcUtils.getRpcEndpointInfos(SERVER_NAME)).addAllSupportedMethods(UserRpcConfig.SUPPORTED_SERVER_METHODS);
try {
if (inbound.getRpcVersion() != UserRpcConfig.RPC_VERSION) {
final String errMsg = String.format("Invalid rpc version. Expected %d, actual %d.", UserRpcConfig.RPC_VERSION, inbound.getRpcVersion());
return handleFailure(respBuilder, HandshakeStatus.RPC_VERSION_MISMATCH, errMsg, null);
}
connection.setHandshake(inbound);
if (!config.isAuthEnabled()) {
connection.finalizeSession(inbound.getCredentials().getUserName());
respBuilder.setStatus(HandshakeStatus.SUCCESS);
return respBuilder.build();
}
final boolean clientSupportsSasl = inbound.hasSaslSupport() && (inbound.getSaslSupport().ordinal() > SaslSupport.UNKNOWN_SASL_SUPPORT.ordinal());
final int saslSupportOrdinal = (clientSupportsSasl) ? inbound.getSaslSupport().ordinal() : SaslSupport.UNKNOWN_SASL_SUPPORT.ordinal();
if (saslSupportOrdinal <= SaslSupport.SASL_AUTH.ordinal() && config.isEncryptionEnabled()) {
throw new UserAuthenticationException("The server doesn't allow client without encryption support." + " Please upgrade your client or talk to your system administrator.");
}
if (!clientSupportsSasl) {
// for backward compatibility < 1.10
final String userName = inbound.getCredentials().getUserName();
if (logger.isTraceEnabled()) {
logger.trace("User {} on connection {} is likely using an older client.", userName, connection.getRemoteAddress());
}
try {
String password = "";
final UserProperties props = inbound.getProperties();
for (int i = 0; i < props.getPropertiesCount(); i++) {
Property prop = props.getProperties(i);
if (DrillProperties.PASSWORD.equalsIgnoreCase(prop.getKey())) {
password = prop.getValue();
break;
}
}
final PlainFactory plainFactory;
try {
plainFactory = (PlainFactory) config.getAuthProvider().getAuthenticatorFactory(PlainFactory.SIMPLE_NAME);
} catch (final SaslException e) {
throw new UserAuthenticationException("The server no longer supports username/password" + " based authentication. Please talk to your system administrator.");
}
plainFactory.getAuthenticator().authenticate(userName, password);
connection.changeHandlerTo(config.getMessageHandler());
connection.finalizeSession(userName);
respBuilder.setStatus(HandshakeStatus.SUCCESS);
if (logger.isTraceEnabled()) {
logger.trace("Authenticated {} successfully using PLAIN from {}", userName, connection.getRemoteAddress());
}
return respBuilder.build();
} catch (UserAuthenticationException ex) {
return handleFailure(respBuilder, HandshakeStatus.AUTH_FAILED, ex.getMessage(), ex);
}
}
// Offer all the configured mechanisms to client. If certain mechanism doesn't support encryption
// like PLAIN, those should fail during the SASL handshake negotiation.
respBuilder.addAllAuthenticationMechanisms(config.getAuthProvider().getAllFactoryNames());
// set the encrypted flag in handshake message. For older clients this field is optional so will be ignored
respBuilder.setEncrypted(connection.isEncryptionEnabled());
respBuilder.setMaxWrappedSize(connection.getMaxWrappedSize());
// for now, this means PLAIN credentials will be sent over twice
// (during handshake and during sasl exchange)
respBuilder.setStatus(HandshakeStatus.AUTH_REQUIRED);
return respBuilder.build();
} catch (Exception e) {
return handleFailure(respBuilder, HandshakeStatus.UNKNOWN_FAILURE, e.getMessage(), e);
}
}
};
}
Also used :
PlainFactory(org.apache.drill.exec.rpc.security.plain.PlainFactory)
ChannelHandlerContext(io.netty.channel.ChannelHandlerContext)
SaslException(javax.security.sasl.SaslException)
DrillbitStartupException(org.apache.drill.exec.exception.DrillbitStartupException)
RpcException(org.apache.drill.exec.rpc.RpcException)
SaslException(javax.security.sasl.SaslException)
IOException(java.io.IOException)
UserAuthenticationException(org.apache.drill.exec.rpc.user.security.UserAuthenticationException)
UserToBitHandshake(org.apache.drill.exec.proto.UserProtos.UserToBitHandshake)
UserAuthenticationException(org.apache.drill.exec.rpc.user.security.UserAuthenticationException)
UserProperties(org.apache.drill.exec.proto.UserProtos.UserProperties)
BitToUserHandshake(org.apache.drill.exec.proto.UserProtos.BitToUserHandshake)
OutboundRpcMessage(org.apache.drill.exec.rpc.OutboundRpcMessage)
RpcException(org.apache.drill.exec.rpc.RpcException)
Property(org.apache.drill.exec.proto.UserProtos.Property)
Example 9 with RpcException
use of org.apache.drill.exec.rpc.RpcException in project drill by apache.
the class UserServerRequestHandler method handle.
@Override
public void handle(BitToUserConnection connection, int rpcType, ByteBuf pBody, ByteBuf dBody, ResponseSender responseSender) throws RpcException {
switch(rpcType) {
case RpcType.RUN_QUERY_VALUE:
logger.debug("Received query to run. Returning query handle.");
try {
final RunQuery query = RunQuery.PARSER.parseFrom(new ByteBufInputStream(pBody));
final QueryId queryId = worker.submitWork(connection, query);
responseSender.send(new Response(RpcType.QUERY_HANDLE, queryId));
break;
} catch (InvalidProtocolBufferException e) {
throw new RpcException("Failure while decoding RunQuery body.", e);
}
case RpcType.CANCEL_QUERY_VALUE:
try {
final QueryId queryId = QueryId.PARSER.parseFrom(new ByteBufInputStream(pBody));
final Ack ack = worker.cancelQuery(queryId);
responseSender.send(new Response(RpcType.ACK, ack));
break;
} catch (InvalidProtocolBufferException e) {
throw new RpcException("Failure while decoding QueryId body.", e);
}
case RpcType.RESUME_PAUSED_QUERY_VALUE:
try {
final QueryId queryId = QueryId.PARSER.parseFrom(new ByteBufInputStream(pBody));
final Ack ack = worker.resumeQuery(queryId);
responseSender.send(new Response(RpcType.ACK, ack));
break;
} catch (final InvalidProtocolBufferException e) {
throw new RpcException("Failure while decoding QueryId body.", e);
}
case RpcType.GET_QUERY_PLAN_FRAGMENTS_VALUE:
try {
final GetQueryPlanFragments req = GetQueryPlanFragments.PARSER.parseFrom(new ByteBufInputStream(pBody));
responseSender.send(new Response(RpcType.QUERY_PLAN_FRAGMENTS, worker.getQueryPlan(connection, req)));
break;
} catch (final InvalidProtocolBufferException e) {
throw new RpcException("Failure while decoding GetQueryPlanFragments body.", e);
}
case RpcType.GET_CATALOGS_VALUE:
try {
final GetCatalogsReq req = GetCatalogsReq.PARSER.parseFrom(new ByteBufInputStream(pBody));
worker.submitCatalogMetadataWork(connection.getSession(), req, responseSender);
break;
} catch (final InvalidProtocolBufferException e) {
throw new RpcException("Failure while decoding GetCatalogsReq body.", e);
}
case RpcType.GET_SCHEMAS_VALUE:
try {
final GetSchemasReq req = GetSchemasReq.PARSER.parseFrom(new ByteBufInputStream(pBody));
worker.submitSchemasMetadataWork(connection.getSession(), req, responseSender);
break;
} catch (final InvalidProtocolBufferException e) {
throw new RpcException("Failure while decoding GetSchemasReq body.", e);
}
case RpcType.GET_TABLES_VALUE:
try {
final GetTablesReq req = GetTablesReq.PARSER.parseFrom(new ByteBufInputStream(pBody));
worker.submitTablesMetadataWork(connection.getSession(), req, responseSender);
break;
} catch (final InvalidProtocolBufferException e) {
throw new RpcException("Failure while decoding GetTablesReq body.", e);
}
case RpcType.GET_COLUMNS_VALUE:
try {
final GetColumnsReq req = GetColumnsReq.PARSER.parseFrom(new ByteBufInputStream(pBody));
worker.submitColumnsMetadataWork(connection.getSession(), req, responseSender);
break;
} catch (final InvalidProtocolBufferException e) {
throw new RpcException("Failure while decoding GetColumnsReq body.", e);
}
case RpcType.CREATE_PREPARED_STATEMENT_VALUE:
try {
final CreatePreparedStatementReq req = CreatePreparedStatementReq.PARSER.parseFrom(new ByteBufInputStream(pBody));
worker.submitPreparedStatementWork(connection, req, responseSender);
break;
} catch (final InvalidProtocolBufferException e) {
throw new RpcException("Failure while decoding CreatePreparedStatementReq body.", e);
}
case RpcType.GET_SERVER_META_VALUE:
try {
final GetServerMetaReq req = GetServerMetaReq.PARSER.parseFrom(new ByteBufInputStream(pBody));
worker.submitServerMetadataWork(connection.getSession(), req, responseSender);
break;
} catch (final InvalidProtocolBufferException e) {
throw new RpcException("Failure while decoding CreatePreparedStatementReq body.", e);
}
default:
throw new UnsupportedOperationException(String.format("UserServerRequestHandler received rpc of unknown type. Type was %d.", rpcType));
}
}
Also used :
RunQuery(org.apache.drill.exec.proto.UserProtos.RunQuery)
QueryId(org.apache.drill.exec.proto.UserBitShared.QueryId)
InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException)
Ack(org.apache.drill.exec.proto.GeneralRPCProtos.Ack)
GetQueryPlanFragments(org.apache.drill.exec.proto.UserProtos.GetQueryPlanFragments)
ByteBufInputStream(io.netty.buffer.ByteBufInputStream)
CreatePreparedStatementReq(org.apache.drill.exec.proto.UserProtos.CreatePreparedStatementReq)
GetCatalogsReq(org.apache.drill.exec.proto.UserProtos.GetCatalogsReq)
Response(org.apache.drill.exec.rpc.Response)
GetSchemasReq(org.apache.drill.exec.proto.UserProtos.GetSchemasReq)
GetServerMetaReq(org.apache.drill.exec.proto.UserProtos.GetServerMetaReq)
RpcException(org.apache.drill.exec.rpc.RpcException)
GetColumnsReq(org.apache.drill.exec.proto.UserProtos.GetColumnsReq)
GetTablesReq(org.apache.drill.exec.proto.UserProtos.GetTablesReq)
Example 10 with RpcException
use of org.apache.drill.exec.rpc.RpcException in project drill by apache.
the class ControlClient method validateHandshake.
@Override
protected void validateHandshake(BitControlHandshake handshake) throws RpcException {
if (handshake.getRpcVersion() != ControlRpcConfig.RPC_VERSION) {
throw new RpcException(String.format("Invalid rpc version. Expected %d, actual %d.", handshake.getRpcVersion(), ControlRpcConfig.RPC_VERSION));
}
if (handshake.getAuthenticationMechanismsCount() != 0) {
// remote requires authentication
final SaslClient saslClient;
try {
final Map<String, String> saslProperties = SaslProperties.getSaslProperties(connection.isEncryptionEnabled(), connection.getMaxWrappedSize());
saslClient = config.getAuthFactory(handshake.getAuthenticationMechanismsList()).createSaslClient(UserGroupInformation.getLoginUser(), config.getSaslClientProperties(remoteEndpoint, saslProperties));
} catch (final IOException e) {
throw new RpcException(String.format("Failed to initiate authenticate to %s", remoteEndpoint.getAddress()), e);
}
if (saslClient == null) {
throw new RpcException("Unexpected failure. Could not initiate SASL exchange.");
}
connection.setSaslClient(saslClient);
} else {
if (config.getAuthMechanismToUse() != null) {
// local requires authentication
throw new RpcException(String.format("Drillbit (%s) does not require auth, but auth is enabled.", remoteEndpoint.getAddress()));
}
}
}
Also used :
RpcException(org.apache.drill.exec.rpc.RpcException)
IOException(java.io.IOException)
SaslClient(javax.security.sasl.SaslClient)
Aggregations
RpcException (org.apache.drill.exec.rpc.RpcException)26
Test (org.junit.Test)10
ExecutionException (java.util.concurrent.ExecutionException)9
IOException (java.io.IOException)8
NonTransientRpcException (org.apache.drill.exec.rpc.NonTransientRpcException)6
Connection (java.sql.Connection)5
SQLException (java.sql.SQLException)5
Properties (java.util.Properties)4
SaslException (javax.security.sasl.SaslException)4
QueryId (org.apache.drill.exec.proto.UserBitShared.QueryId)4
Response (org.apache.drill.exec.rpc.Response)4
SaslClient (javax.security.sasl.SaslClient)3
UserException (org.apache.drill.common.exceptions.UserException)3
JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)2
AbstractCheckedFuture (com.google.common.util.concurrent.AbstractCheckedFuture)2
ByteString (com.google.protobuf.ByteString)2
InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)2
ByteBufInputStream (io.netty.buffer.ByteBufInputStream)2
UserRemoteException (org.apache.drill.common.exceptions.UserRemoteException)2
DrillbitEndpoint (org.apache.drill.exec.proto.CoordinationProtos.DrillbitEndpoint)2
