use of org.apache.drill.exec.rpc.RpcException in project drill by apache.
the class TestUserBitKerberosEncryption method failureOldClientEncryptionEnabled.
/**
* Test to validate that older clients are not allowed to connect to secure cluster
* with encryption enabled.
*/
@Test
public void failureOldClientEncryptionEnabled() {
try {
final Properties connectionProps = new Properties();
connectionProps.setProperty(DrillProperties.SERVICE_PRINCIPAL, krbHelper.SERVER_PRINCIPAL);
connectionProps.setProperty(DrillProperties.USER, krbHelper.CLIENT_PRINCIPAL);
connectionProps.setProperty(DrillProperties.KEYTAB, krbHelper.clientKeytab.getAbsolutePath());
connectionProps.setProperty(DrillProperties.TEST_SASL_LEVEL, "1");
newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue(ExecConstants.USER_AUTHENTICATION_ENABLED, ConfigValueFactory.fromAnyRef(true)).withValue(ExecConstants.USER_AUTHENTICATOR_IMPL, ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)).withValue(BootStrapContext.SERVICE_PRINCIPAL, ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)).withValue(BootStrapContext.SERVICE_KEYTAB_LOCATION, ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())).withValue(ExecConstants.AUTHENTICATION_MECHANISMS, ConfigValueFactory.fromIterable(Lists.newArrayList("plain", "kerberos"))).withValue(ExecConstants.USER_ENCRYPTION_SASL_ENABLED, ConfigValueFactory.fromAnyRef(true)), false);
updateTestCluster(1, newConfig, connectionProps);
fail();
} catch (Exception ex) {
assert (ex.getCause() instanceof RpcException);
System.out.println("Caught exception: " + ex.getMessage());
logger.info("Caught exception: " + ex.getMessage());
}
}
use of org.apache.drill.exec.rpc.RpcException in project drill by apache.
the class JdbcConnectTriesTestEmbeddedBits method testDirectConnectionConnectTriesEqualsDrillbitCount.
@Test
public void testDirectConnectionConnectTriesEqualsDrillbitCount() throws SQLException {
Connection connection = null;
try {
connection = testDrillDriver.connect("jdbc:drill:drillbit=127.0.0.1:5000,127.0.0.1:5001;" + "tries=2", JdbcAssert.getDefaultProperties());
fail();
} catch (SQLException ex) {
assertNull(connection);
assertTrue(ex.getCause() instanceof RpcException);
assertTrue(ex.getCause().getCause() instanceof ExecutionException);
}
}
use of org.apache.drill.exec.rpc.RpcException in project drill by apache.
the class DataClient method validateHandshake.
@Override
protected void validateHandshake(BitServerHandshake handshake) throws RpcException {
if (handshake.getRpcVersion() != DataRpcConfig.RPC_VERSION) {
throw new RpcException(String.format("Invalid rpc version. Expected %d, actual %d.", handshake.getRpcVersion(), DataRpcConfig.RPC_VERSION));
}
if (handshake.getAuthenticationMechanismsCount() != 0) {
// remote requires authentication
final SaslClient saslClient;
try {
final Map<String, String> saslProperties = SaslProperties.getSaslProperties(connection.isEncryptionEnabled(), connection.getMaxWrappedSize());
saslClient = config.getAuthFactory(handshake.getAuthenticationMechanismsList()).createSaslClient(UserGroupInformation.getLoginUser(), config.getSaslClientProperties(remoteEndpoint, saslProperties));
} catch (final IOException e) {
throw new RpcException(String.format("Failed to initiate authenticate to %s", remoteEndpoint.getAddress()), e);
}
if (saslClient == null) {
throw new RpcException("Unexpected failure. Could not initiate SASL exchange.");
}
connection.setSaslClient(saslClient);
} else {
if (config.getAuthMechanismToUse() != null) {
throw new RpcException(String.format("Drillbit (%s) does not require auth, but auth is enabled.", remoteEndpoint.getAddress()));
}
}
}
use of org.apache.drill.exec.rpc.RpcException in project drill by apache.
the class ServerAuthenticationHandler method handleAuthFailure.
private static <S extends ServerConnection<S>, T extends EnumLite> void handleAuthFailure(final S connection, final ResponseSender sender, final Exception e, final T saslResponseType) throws RpcException {
final String remoteAddress = connection.getRemoteAddress().toString();
logger.debug("Authentication using mechanism {} with encryption context {} failed from client {} due to {}", connection.getSaslServer().getMechanismName(), connection.getEncryptionCtxtString(), remoteAddress, e);
// inform the client that authentication failed, and no more
sender.send(new Response(saslResponseType, SASL_FAILED_MESSAGE));
// drop connection
throw new RpcException(e);
}
use of org.apache.drill.exec.rpc.RpcException in project drill by apache.
the class ServerAuthenticationHandler method handle.
@Override
public void handle(S connection, int rpcType, ByteBuf pBody, ByteBuf dBody, ResponseSender sender) throws RpcException {
final String remoteAddress = connection.getRemoteAddress().toString();
// exchange involves server "challenges" and client "responses" (initiated by client)
if (saslRequestTypeValue == rpcType) {
final SaslMessage saslResponse;
try {
saslResponse = SaslMessage.PARSER.parseFrom(new ByteBufInputStream(pBody));
} catch (final InvalidProtocolBufferException e) {
handleAuthFailure(connection, sender, e, saslResponseType);
return;
}
logger.trace("Received SASL message {} from {}", saslResponse.getStatus(), remoteAddress);
final SaslResponseProcessor processor = RESPONSE_PROCESSORS.get(saslResponse.getStatus());
if (processor == null) {
logger.info("Unknown message type from client from {}. Will stop authentication.", remoteAddress);
handleAuthFailure(connection, sender, new SaslException("Received unexpected message"), saslResponseType);
return;
}
final SaslResponseContext<S, T> context = new SaslResponseContext<>(saslResponse, connection, sender, requestHandler, saslResponseType);
try {
processor.process(context);
} catch (final Exception e) {
handleAuthFailure(connection, sender, e, saslResponseType);
}
} else {
// drop connection
throw new RpcException(String.format("Request of type %d is not allowed without authentication. Client on %s must authenticate " + "before making requests. Connection dropped. [Details: %s]", rpcType, remoteAddress, connection.getEncryptionCtxtString()));
}
}
Aggregations