Search in sources :

Example 11 with RpcException

use of org.apache.drill.exec.rpc.RpcException in project drill by apache.

the class TestUserBitKerberosEncryption method failureOldClientEncryptionEnabled.

/**
   * Test to validate that older clients are not allowed to connect to secure cluster
   * with encryption enabled.
   */
@Test
public void failureOldClientEncryptionEnabled() {
    try {
        final Properties connectionProps = new Properties();
        connectionProps.setProperty(DrillProperties.SERVICE_PRINCIPAL, krbHelper.SERVER_PRINCIPAL);
        connectionProps.setProperty(DrillProperties.USER, krbHelper.CLIENT_PRINCIPAL);
        connectionProps.setProperty(DrillProperties.KEYTAB, krbHelper.clientKeytab.getAbsolutePath());
        connectionProps.setProperty(DrillProperties.TEST_SASL_LEVEL, "1");
        newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue(ExecConstants.USER_AUTHENTICATION_ENABLED, ConfigValueFactory.fromAnyRef(true)).withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)).withValue(BootStrapContext.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)).withValue(BootStrapContext.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())).withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain", "kerberos"))).withValue(ExecConstants.USER_ENCRYPTION_SASL_ENABLED, ConfigValueFactory.fromAnyRef(true)), false);
        updateTestCluster(1, newConfig, connectionProps);
        fail();
    } catch (Exception ex) {
        assert (ex.getCause() instanceof RpcException);
        System.out.println("Caught exception: " + ex.getMessage());
        logger.info("Caught exception: " + ex.getMessage());
    }
}
Also used : DrillConfig(org.apache.drill.common.config.DrillConfig) RpcException(org.apache.drill.exec.rpc.RpcException) NonTransientRpcException(org.apache.drill.exec.rpc.NonTransientRpcException) Properties(java.util.Properties) DrillProperties(org.apache.drill.common.config.DrillProperties) RpcException(org.apache.drill.exec.rpc.RpcException) NonTransientRpcException(org.apache.drill.exec.rpc.NonTransientRpcException) Test(org.junit.Test)

Example 12 with RpcException

use of org.apache.drill.exec.rpc.RpcException in project drill by apache.

the class JdbcConnectTriesTestEmbeddedBits method testDirectConnectionConnectTriesEqualsDrillbitCount.

@Test
public void testDirectConnectionConnectTriesEqualsDrillbitCount() throws SQLException {
    Connection connection = null;
    try {
        connection = testDrillDriver.connect("jdbc:drill:drillbit=127.0.0.1:5000,127.0.0.1:5001;" + "tries=2", JdbcAssert.getDefaultProperties());
        fail();
    } catch (SQLException ex) {
        assertNull(connection);
        assertTrue(ex.getCause() instanceof RpcException);
        assertTrue(ex.getCause().getCause() instanceof ExecutionException);
    }
}
Also used : SQLException(java.sql.SQLException) RpcException(org.apache.drill.exec.rpc.RpcException) Connection(java.sql.Connection) ExecutionException(java.util.concurrent.ExecutionException) Test(org.junit.Test)

Example 13 with RpcException

use of org.apache.drill.exec.rpc.RpcException in project drill by apache.

the class DataClient method validateHandshake.

@Override
protected void validateHandshake(BitServerHandshake handshake) throws RpcException {
    if (handshake.getRpcVersion() != DataRpcConfig.RPC_VERSION) {
        throw new RpcException(String.format("Invalid rpc version.  Expected %d, actual %d.", handshake.getRpcVersion(), DataRpcConfig.RPC_VERSION));
    }
    if (handshake.getAuthenticationMechanismsCount() != 0) {
        // remote requires authentication
        final SaslClient saslClient;
        try {
            final Map<String, String> saslProperties = SaslProperties.getSaslProperties(connection.isEncryptionEnabled(), connection.getMaxWrappedSize());
            saslClient = config.getAuthFactory(handshake.getAuthenticationMechanismsList()).createSaslClient(UserGroupInformation.getLoginUser(), config.getSaslClientProperties(remoteEndpoint, saslProperties));
        } catch (final IOException e) {
            throw new RpcException(String.format("Failed to initiate authenticate to %s", remoteEndpoint.getAddress()), e);
        }
        if (saslClient == null) {
            throw new RpcException("Unexpected failure. Could not initiate SASL exchange.");
        }
        connection.setSaslClient(saslClient);
    } else {
        if (config.getAuthMechanismToUse() != null) {
            throw new RpcException(String.format("Drillbit (%s) does not require auth, but auth is enabled.", remoteEndpoint.getAddress()));
        }
    }
}
Also used : RpcException(org.apache.drill.exec.rpc.RpcException) IOException(java.io.IOException) SaslClient(javax.security.sasl.SaslClient)

Example 14 with RpcException

use of org.apache.drill.exec.rpc.RpcException in project drill by apache.

the class ServerAuthenticationHandler method handleAuthFailure.

private static <S extends ServerConnection<S>, T extends EnumLite> void handleAuthFailure(final S connection, final ResponseSender sender, final Exception e, final T saslResponseType) throws RpcException {
    final String remoteAddress = connection.getRemoteAddress().toString();
    logger.debug("Authentication using mechanism {} with encryption context {} failed from client {} due to {}", connection.getSaslServer().getMechanismName(), connection.getEncryptionCtxtString(), remoteAddress, e);
    // inform the client that authentication failed, and no more
    sender.send(new Response(saslResponseType, SASL_FAILED_MESSAGE));
    // drop connection
    throw new RpcException(e);
}
Also used : Response(org.apache.drill.exec.rpc.Response) RpcException(org.apache.drill.exec.rpc.RpcException) ByteString(com.google.protobuf.ByteString)

Example 15 with RpcException

use of org.apache.drill.exec.rpc.RpcException in project drill by apache.

the class ServerAuthenticationHandler method handle.

@Override
public void handle(S connection, int rpcType, ByteBuf pBody, ByteBuf dBody, ResponseSender sender) throws RpcException {
    final String remoteAddress = connection.getRemoteAddress().toString();
    // exchange involves server "challenges" and client "responses" (initiated by client)
    if (saslRequestTypeValue == rpcType) {
        final SaslMessage saslResponse;
        try {
            saslResponse = SaslMessage.PARSER.parseFrom(new ByteBufInputStream(pBody));
        } catch (final InvalidProtocolBufferException e) {
            handleAuthFailure(connection, sender, e, saslResponseType);
            return;
        }
        logger.trace("Received SASL message {} from {}", saslResponse.getStatus(), remoteAddress);
        final SaslResponseProcessor processor = RESPONSE_PROCESSORS.get(saslResponse.getStatus());
        if (processor == null) {
            logger.info("Unknown message type from client from {}. Will stop authentication.", remoteAddress);
            handleAuthFailure(connection, sender, new SaslException("Received unexpected message"), saslResponseType);
            return;
        }
        final SaslResponseContext<S, T> context = new SaslResponseContext<>(saslResponse, connection, sender, requestHandler, saslResponseType);
        try {
            processor.process(context);
        } catch (final Exception e) {
            handleAuthFailure(connection, sender, e, saslResponseType);
        }
    } else {
        // drop connection
        throw new RpcException(String.format("Request of type %d is not allowed without authentication. Client on %s must authenticate " + "before making requests. Connection dropped. [Details: %s]", rpcType, remoteAddress, connection.getEncryptionCtxtString()));
    }
}
Also used : RpcException(org.apache.drill.exec.rpc.RpcException) InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException) SaslMessage(org.apache.drill.exec.proto.UserBitShared.SaslMessage) ByteString(com.google.protobuf.ByteString) ByteBufInputStream(io.netty.buffer.ByteBufInputStream) SaslException(javax.security.sasl.SaslException) InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException) RpcException(org.apache.drill.exec.rpc.RpcException) IOException(java.io.IOException) SaslException(javax.security.sasl.SaslException) UndeclaredThrowableException(java.lang.reflect.UndeclaredThrowableException)

Aggregations

RpcException (org.apache.drill.exec.rpc.RpcException)26 Test (org.junit.Test)10 ExecutionException (java.util.concurrent.ExecutionException)9 IOException (java.io.IOException)8 NonTransientRpcException (org.apache.drill.exec.rpc.NonTransientRpcException)6 Connection (java.sql.Connection)5 SQLException (java.sql.SQLException)5 Properties (java.util.Properties)4 SaslException (javax.security.sasl.SaslException)4 QueryId (org.apache.drill.exec.proto.UserBitShared.QueryId)4 Response (org.apache.drill.exec.rpc.Response)4 SaslClient (javax.security.sasl.SaslClient)3 UserException (org.apache.drill.common.exceptions.UserException)3 JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)2 AbstractCheckedFuture (com.google.common.util.concurrent.AbstractCheckedFuture)2 ByteString (com.google.protobuf.ByteString)2 InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)2 ByteBufInputStream (io.netty.buffer.ByteBufInputStream)2 UserRemoteException (org.apache.drill.common.exceptions.UserRemoteException)2 DrillbitEndpoint (org.apache.drill.exec.proto.CoordinationProtos.DrillbitEndpoint)2